Starling Bank
,
London, Greater London
Mobile Penetration Tester
Overview
Job Description
We are a leading digital bank on a mission to disrupt the banking industry. We've built an app with smart money management tools to help our customers live a healthier financial life. We also offer groundbreaking B2B banking and payments services. Since our launch in 2014, we've surpassed 1 million accounts in total: including over 100,000 business accounts for small and medium-sized enterprises (SMEs). Our total deposits, meanwhile, have surpassed 1 billion over the same period. We're a fully licensed UK bank, and we have the culture and spirit of a fast-moving, disruptive technology company. We've won the Best British Bank award two years running, and now employ more than 800 people across our London & Southampton offices, with more to come from Cardiff. Right now, we're looking for a Mobile Penetration Tester to join our London team. If you know your unc0ver from your keychain, and dex2jar from your certificate pinning , then this is the job for you! Responsibilities * Review and analysis of proposed technical solutions to identify appropriate security controls * Input and guidance to security related technical architecture and design decisions * Scoping and performing of mobile, application, cloud and infrastructure penetration testing against Starling solutions * Scoping and execution of Red Teaming activities * Review of third-party technical security controls in relation to the interfacing with Starling systems * Review and testing of incumbent and proposed internal end-user device security controls * Review, analysis and reporting of external threats relevant to Starling systems and solutions in the context of Starlings desired security posture Requirements * Minimum of 5 years technical information security experience * Good mobile (OS, App and Hardware) security knowledge * Experience of mobile, application and infrastructure penetration testing * Strong practical and theoretical knowledge of public cloud (IaaS) technologies * CREST certified (this is more of a "nice to have"!) * Strong networking and associated protocol knowledge * A good understanding of applied cryptographic techniques * Experience of reverse engineering and exploit development capabilities. * Experience of security testing in an agile SDLC * Threat modelling experience * Experience of performing code reviews * Experience of fulfilling a client facing security consulting role Benefits * 33 days holiday (including public hols). Youll also get your birthday on us * 16 hours paid volunteering time a year * Private Medical Insurance with VitalityHealth * Contributory pension scheme * Hot breakfast delivered on a Friday * Our kitchens are stocked with fresh fruit and a range of hot and soft drinks * We have many varied social groups set up and run by our employees * Discounts on cinema tickets, restaurants, shopping and train tickets via a Perkbox membership * Access to salary sacrifice benefits such as Cycle to Work scheme * Gym membership options Full details are available on our careers site