Security Incident Response Specialist (SOC)


Full Time GBP 55K - 80K
Monzo logo


Monzo is a bank that makes life easier, not harder.

View all employer listings

Apply now Apply later

At Monzo we’re aiming to build the best bank in the world. We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be safe and secure for our customers, so security is very important to us.

Security at Monzo

We are looking for a proactive, technically-minded and organised individual to join our Information Security team in the bank’s 1st line of defence which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk. 

This role is part of Monzo’s Security Operations function which has a wide range of responsibilities, from infrastructure security to application and information security. 

As a bank, we are solving diverse, novel problems to ensure that our customers and data are secure, you will have the opportunity to make a direct impact on that. 

One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security. 

The role 

The goal of the Security Incident Response Specialist is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring.

Additionally, you will be helping with the monitoring of information security controls within Monzo by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.  


  • Using raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours. 
  • Investigating, defining and resolving complex issues. 
  • Producing and developing dashboards and reports to continuously improve security situational awareness.
  • Producing incident reports to present activity and outcome of operational security services and activity. 

Incident management 

  • Supporting the investigation of security breaches and coordinating and managing all Incident Responses. 
  • Ensuring that all security incidents have been correctly prioritised and diagnosed in accordance with agreed procedures. 
  • Investigating the causes of incidents, document findings and seek resolution. 
  • Making sure the escalation of any unresolved incidents has been completed according to agreed procedures. 
  • Overseeing the facilitation of recovery, following the resolution of incidents. 
  • Making sure security incidents have been documented and closed according to agreed procedures.
  • Serving as a backup for security operations emergency response.

Information security 

  • Overseeing active Incidents the operation and optimisation of security tooling/products, including network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, privileged access management controls.
  • Acting on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
  • Creating security risk, vulnerability assessments, and business impact analysis as required.
  • Reviewing, updating and creating CSIRT policies, playbooks and standard operating procedures documentation.
  • Providing advice and guidance to other teams within the business on good practice and maintaining relevant and current industry knowledge.

Security administration

  • Oversee the operation or support the operation of tools that contribute to effective security including anti-virus and vulnerability management. 
  • Making sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.
  • Undertaking periodic reviews of security policies and baseline control standards, influencing additional and updated controls based on the findings of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.

You should apply if 

  • You have solid experience within an enterprise-level SOC or CSIRT function.
  • You have experience with Security Monitoring tools.
  • You hold at least two or more of the following security certificates:- CISSP/CISM/GIAC/GCFE/GISP/GSEC/CEH.
  • You have a track record of technical delivery within a fast-paced environment.
  • You can take a pragmatic view of the application of technologies; understanding the business application of them and being able to identify a balance between the management of risk and the capability for the business to continue to operate.
  • You have in-depth experience of at least one of the following technology areas; End-User Computing/Hosting/Networks/Cloud/Development.
  • You have knowledge of commonly-accepted information security principles and practices, as well as techniques attackers use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
  • You communicate well and can present complex information to both technical and non-technical audiences.
  • You’re excited by what we’re doing at Monzo


Closing date for application 6pm on 2nd November

Salary range for this role is £55,000 - £80,000 DOE plus stock options and other benefits.

This role can be based in our London office or remotely within the UK

We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.

Diversity and inclusion is a priority for us – if we want to solve problems for people around the world, our team has to represent our customers. So we need to attract the best talent and create an environment that supports and includes them. You can read more about diversity and inclusion on our blog.

If you prefer to work part-time, we'll make this happen whenever we can - whether this is to help you meet other commitments or strike a great work-life balance.

The application process consists of a 30mins phone call with a recruiter, an initial call with someone from the team, followed by a practical exercise and a values & Culture interview remotely via hangouts. We promise not to ask you any brain teasers or trick questions.

Equal Opportunity Statement

At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.




Job region(s): Europe
Job stats:  13  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities