Cyber Security Penetration Tester
Starling, the leading digital bank, is on a mission to disrupt the banking industry. We’ve built an app with smart money management tools to help our customers live a healthier financial life. We also offer groundbreaking B2B banking and payments services.
Since our launch in 2014, we’ve opened more than 600,000 accounts, including over 45,000 SME accounts, and our customers trust us with over £400m of their money. We’ve won the Best British Bank award two years running, and now employ more than 500 people in our City of London office, with plans to create up to 150 new jobs at our Southampton site.
We are a fully licensed UK bank, and we have the culture and spirit of a fast-moving, disruptive technology company and are obsessed with providing our customers with the best banking app and money management experience around.
Everyone at Starling gets the chance to own interesting things from day one, and we’re told one of the best things about working here is the ability to achieve a lot in a short space of time.
We are very open about how we deliver software - have a look at our QCon presentations or engineering podcasts to see what our developers have been up to. You can also try coding against your own bank account with us using our open APIs (see the developer site).
Reporting directly to the Cyber Security Testing Lead, the successful applicant will perform security testing and assessments of the bank’s platform and systems as well as assisting in the development and management of Starling’s internal and external security testing programmes. Additionally, this role will involve providing technical security consultancy to internal engineering, product and risk functions. Specific activities in which the successful applicant will be involved will include;
- Execution of in-depth technical security penetration and forensic testing of mobile applications, application services/APIs and platform infrastructure services, networks and systems;
- Triage and verification of the issues identified by Starling's external security testing programmes;
- Technical security review and analysis of proposed solutions to identify and define appropriate security controls;
- Researching and evaluating bleeding-edge security vulnerabilities, products and services; and
- Development of internal security tooling.
The ideal candidate will have some, if not most, of the following;
- Relevant technical mobile, application and infrastructure security penetration testing experience;
- CREST, TIGER or Offensive Security qualifications;
- Strong reverse engineering and development capabilities;
- Strong networking and associated protocol knowledge;
- Strong mobile (OS, App and Hardware) security knowledge including, but not limited to, knowledge and experience of native mobile APIs, file permissions, application sandboxing and hardware security controls as well as mobile application protection;
- Excellent understanding of applied cryptographic techniques;
- Good practical and theoretical knowledge of public cloud (IaaS) technologies;
- Experience of performing code reviews;
- Experience of fulfilling a client facing security consulting role; and
- Excellent verbal and written communication skills.
- 33 days holiday (including public hols). You’ll also get your birthday on us.
- 16 hours paid volunteering time a year
- Private Medical Insurance with VitalityHealth
- Contributory pension scheme
- Friday breakfast - bacon and egg rolls to vegan sausage butties.
- Our kitchens are stocked with fresh fruit and a range of hot and soft drinks.
- We host a company social once a month and have many varied social groups set up and run by our employees - ForTheWin (a gaming group), Starling FC, book club and many more!
- Discounts on cinema tickets, restaurants, shopping and train tickets via a Perkbox membership
- Access to ‘salary sacrifice’ benefits such as Cycle to Work scheme
- Gym membership options
Full details are available on our careers site