Starling Bank
,
London, Greater London
Penetration Tester
Overview
Job Description
We are a leading digital bank on a mission to disrupt the banking industry. We've built an app with smart money management tools to help our customers live a healthier financial life. We also offer groundbreaking B2B banking and payments services. Since our launch in 2014, we've surpassed 1 million accounts in total: including over 100,000 business accounts for small and medium-sized enterprises (SMEs). Our total deposits, meanwhile, have surpassed 1 billion over the same period. We're a fully licensed UK bank, and we have the culture and spirit of a fast-moving, disruptive technology company. We've won the Best British Bank award two years running, and now employ more than 800 people across our London & Southampton offices, with more to come from Cardiff. Everyone at Starling gets the chance to own interesting things from day one, and we're told one of the best things about working here is the ability to achieve a lot in a short space of time. Responsibilities As a member of the Starling cyber security team, you will be working with some of the industry's brightest cyber security professionals to protect Starling customers and company information assets and systems using the latest technologies and techniques. The primary objective for this role is to support Starling's engineering and operation functions to ensure that all technical aspects of the banking platform are built and operated securely. Responsibilities include: * Review and analysis of proposed technical solutions to identify appropriate security controls. * Input and guidance to security related technical architecture and design decisions. * Scoping and performing of mobile, application and infrastructure penetration testing against Starling solutions. * Scoping and execution of Red Teaming activities. * Review of third-party technical security controls in relation to the interfacing with Starling systems. * Review and testing of incumbent and proposed internal end-user device security controls. * Review, analysis and reporting of external threats relevant to Starling systems and solutions in the context of Starling's desired security posture. Requirements * We're looking for a minimum of 5 years technical information security experience. * Strong networking and associated protocol knowledge. * Good mobile (OS, App and Hardware) security knowledge. * Experience of mobile, application and infrastructure penetration testing. * CREST certified. * A good understanding of applied cryptographic techniques. * Experience of reverse engineering and exploit development capabilities. * Experience of security testing in an agile SDLC. * Strong practical and theoretical knowledge of public cloud (IaaS) technologies. * Threat modelling experience. * Experience of performing code reviews. * Experience of fulfilling a client facing security consulting role. * Excellent verbal and written communication skills. Benefits * 33 days holiday (including public hols). You'll also get your birthday on us. * 16 hours paid volunteering time a year. * Private Medical Insurance with VitalityHealth. * Contributory pension scheme. * Hot breakfast delivered on a Friday. * Our kitchens are stocked with fresh fruit and a range of hot and soft drinks. * We have many varied social groups set up and run by our employees. * Discounts on cinema tickets, restaurants, shopping and train tickets via a Perkbox membership. * Access to 'salary sacrifice' benefits such as Cycle to Work scheme. * Gym membership options. * Full details are available on our careers site.