Junior/Intermediate Offensive Security Engineer, Penetration Testing

At Monzo, we’re aiming to build the best bank in the world.  We are always keen to hear from capable, creative people who want to help us accomplish that goal.  We want our bank to be safe and secure for our customers, so security is extremely important to us.

We are looking for an enthusiastic and talented Junior/Intermediate Offensive Security Engineer to join and help build a world-class Offensive Security Team. The ideal candidate will be passionate about security testing and able to get into the mindset of an attacker. You’ll have at least 3 years experience executing penetration tests and will be able to effectively communicate risks to the business both in writing and verbally.

In addition to performing penetration tests on some of the newest and most exciting technologies, the role also reserves 30%-40% of your time for research and development, which is actively encouraged. You’ll be keen to present the new and exciting things you have discovered during your R&D time by writing blog posts and white papers.

As your experience grows and you look to progress, you’ll seek more opportunities to help the senior members of the team with red/purple team and scenario based engagements.

Reporting to the Offensive Security Squad Lead, you'll work closely with the security function as well as the rest of the business to help reduce the likelihood of security vulnerabilities negatively impacting Monzo or our customers.

As part of this role you'll:

• Help scope and execute internal penetration tests
• Offer technically sound and considered remediation advice
• Effectively communicate findings and remediation advice to the business
• Work with the owning squads to triage identified vulnerabilities
• Research and develop cutting edge tools, techniques and exploits specific to our environments and services
• Produce blog posts and white papers as an output for the time spent on research and development 
• Work collaboratively and independently on specialised engagements
• Help Monzo meet and surpass regulatory requirements for information security
• Help manage the validation and triage of vulnerabilities from our HackerOne platform
• Be a technical point of contact for squads outside the security collective who need advice on penetration testing or offensive security

You should apply if you have most or all of the following

• 3+ years experience in security testing or penetration testing
• An industry recognised qualification such as CREST CRT, OSCP or other equivalent
• Experience performing security assessments on the following:
• Mobile Applications
• Web Applications
• APIs
• Infrastructure 
• Experience using and testing remotely managed MacOS environments
• Experience working in microservices architecture environments
• Experience researching security topics and publishing your findings
• Experience with Programming/Scripting languages: GoLang, Bash, Python
• A bachelor's degree in computer science or equivalent work experience
• Experience working in a regulated environment
• The ability to think outside the box and apply creative thinking to problem solving
• An inquisitive and curious nature
• A passion and enthusiasm for security research/testing with a flair for presentation and communication. 

Logistics

• This role can be based in our London office or remotely within the UK
• We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.
• Diversity and inclusion is a priority for us – if we want to solve problems for people around the world, our team has to represent our customers. So we need to attract the best talent and create an environment that supports and includes them. You can read more about diversity and inclusion on our blog.
• If you prefer to work part-time, we'll make this happen whenever we can - whether this is to help you meet other commitments or strike a great work-life balance.

Equal Opportunity Statement

At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.

#LI-SB1 #LI-REMOTE