Penetration Tester
Cardiff, Wales, United Kingdom - Remote
Applications have closed
Starling Bank
Transform the way you manage your money with Starling Bank. Enjoy personal and business banking online and at your fingertips, always. Apply in minutes.As a member of the Starling cyber security team, you will be working with some of the industry’s brightest cyber security professionals to protect Starling customers and company information assets and systems using the latest technologies and techniques.If you have experience with mobile security, web application security, and cloud security we would love to hear from you!
The primary objective for this role is to support Starling’s engineering and operation functions to ensure that our services are built and operated securely.
Responsibilities
- Scoping and performing of mobile, application, cloud and infrastructure penetration testing against Starling systems and products
- Helping our engineers to bake in security from the ground up in their design decisions
- Scoping and execution of Red Teaming activities
- Review of third-party technical security controls for companies working with Starling systems
- Review, analysis and reporting of external threats relevant to Starling systems
- Review and analysis of technical solutions to identify appropriate security controls
Requirements
We’re open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications.
Ideally, we would like:
- 5+ years technical information security experience.
- Experience of mobile, web application, cloud and infrastructure penetration testing.
- Strong technical knowledge in:
- Mobile security (iOS and Android)
- Web application security
- Networking and associated protocols
- Cloud security (AWS and GCP)
- Containers and Kubernetes
- A desire to learn, and ability to apply technical security knowledge to new and unfamiliar areas.
- CREST, OSCP or similar industry penetration testing qualification
- A good understanding of applied cryptographic techniques.
- Reverse engineering and exploit development capabilities.
- Experience of security testing in an agile SDLC.
- Threat modelling experience.
- Experience performing code reviews, particularly in Java and Go.
- Experience of fulfilling a client facing security consulting role.
- Excellent verbal and written communication skills.
- Experience in automation of security testing, with previous development experience desirable.
Benefits
- 25 days holiday (plus public holidays)
- An extra day’s holiday for your birthday, taken a week on either side of the day
- 16 hours paid volunteering time a year
- Part-time and/or flexible hours available for most roles
- Hybrid/remote working
- Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
- Generous family-friendly policies
- Enhanced sick pay
- Contributory pension scheme
- Varied social groups set up and run by our employees
- Perkbox membership giving access to retail discounts, a cashback scheme, a wellness platform for physical and mental health, a birthday box and weekly free coffee
- Access to ‘salary sacrifice’ benefits such as Cycle to Work scheme
Full details are available on our careers site
About Us:
Starling is a leading digital bank on a mission to disrupt the banking industry.
Since our launch in 2014, we've surpassed 2 million accounts, including over 350,000 business accounts. Our total deposits, meanwhile, have topped £5 billion and we have lent over £2bn over the same period. We're a fully licensed UK bank, and we have the culture and spirit of a fast-moving, disruptive technology company. We've won the Best British Bank award four years running, and now employ over 1500 people across our London, Southampton, Cardiff & Dublin offices.
Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Android Application security Automation AWS Banking Cloud CREST Exploit GCP iOS Java Kubernetes Mobile security OSCP Pentesting Privacy Reverse engineering SDLC
Perks/benefits: Flex hours Flex vacation Health care Insurance
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs