Penetration Tester

Cardiff, Wales, United Kingdom - Remote

Starling Bank logo

Starling Bank

Transform the way you manage your money with Starling Bank. Enjoy personal and business banking online and at your fingertips, always. Apply in minutes.

As a member of the Starling cyber security team, you will be working with some of the industry’s brightest cyber security professionals to protect Starling customers and company information assets and systems using the latest technologies and techniques.If you have experience with mobile security, web application security, and cloud security we would love to hear from you!

The primary objective for this role is to support Starling’s engineering and operation functions to ensure that our services are built and operated securely.


  • Scoping and performing of mobile, application, cloud and infrastructure penetration testing against Starling systems and products
  • Helping our engineers to bake in security from the ground up in their design decisions
  • Scoping and execution of Red Teaming activities
  • Review of third-party technical security controls for companies working with Starling systems
  • Review, analysis and reporting of external threats relevant to Starling systems
  • Review and analysis of technical solutions to identify appropriate security controls


We’re open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications.

Ideally, we would like:

  • 5+ years technical information security experience.
  • Experience of mobile, web application, cloud and infrastructure penetration testing.
  • Strong technical knowledge in:
    • Mobile security (iOS and Android)
    • Web application security
    • Networking and associated protocols
    • Cloud security (AWS and GCP)
    • Containers and Kubernetes
  • A desire to learn, and ability to apply technical security knowledge to new and unfamiliar areas.
  • CREST, OSCP or similar industry penetration testing qualification
  • A good understanding of applied cryptographic techniques.
  • Reverse engineering and exploit development capabilities.
  • Experience of security testing in an agile SDLC.
  • Threat modelling experience.
  • Experience performing code reviews, particularly in Java and Go.
  • Experience of fulfilling a client facing security consulting role.
  • Excellent verbal and written communication skills.
  • Experience in automation of security testing, with previous development experience desirable.


  • 25 days holiday (plus public holidays)
  • An extra day’s holiday for your birthday, taken a week on either side of the day
  • 16 hours paid volunteering time a year
  • Part-time and/or flexible hours available for most roles
  • Hybrid/remote working
  • Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
  • Generous family-friendly policies
  • Enhanced sick pay
  • Contributory pension scheme
  • Varied social groups set up and run by our employees
  • Perkbox membership giving access to retail discounts, a cashback scheme, a wellness platform for physical and mental health, a birthday box and weekly free coffee
  • Access to ‘salary sacrifice’ benefits such as Cycle to Work scheme
  • Full details are available on our careers site

About Us:

Starling is a leading digital bank on a mission to disrupt the banking industry.

Since our launch in 2014, we've surpassed 2 million accounts, including over 350,000 business accounts. Our total deposits, meanwhile, have topped £5 billion and we have lent over £2bn over the same period. We're a fully licensed UK bank, and we have the culture and spirit of a fast-moving, disruptive technology company. We've won the Best British Bank award four years running, and now employ over 1500 people across our London, Southampton, Cardiff & Dublin offices.

Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.

* Salary range is an estimate based on our salary survey at

Tags: Agile Android Application security Automation AWS Banking Cloud CREST Exploit GCP Go iOS Java Kubernetes Mobile security OSCP Pentesting Privacy Reverse engineering SDLC

Perks/benefits: Flex hours Flex vacation Health care Insurance

Regions: Remote/Anywhere Europe
Country: United Kingdom
Job stats:  55  6  0
Category: PenTesting Jobs

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.