Senior Red Team Operator

Starling is the UK’s first and leading digital bank on a mission to fix banking! Our vision is fast technology, fair service, and honest values. All at the tap of a phone, all the time.

We are about giving customers a new way to spend, save and manage their money while taking better care of the planet which has seen us become a multi-award winning bank that now employs over 2300 across five offices in London, Cardiff, Dublin, Southampton, and soon to be Manchester. Our journey started in 2014, and since then we have surpassed three million accounts (and four account types!) with 350,000 business customers. We are a fully licensed UK bank but at the heart, we are a tech first company, enabling our platform to deliver brilliant products.

Our technologists are at the very heart of Starling and enjoy working in a fast-paced environment that is all about building things, creating new stuff, and disruptive technology that keeps us on the cutting edge of fintech. We operate a flat structure to empower you to make decisions regardless of what your primary responsibilities may be, innovation and collaboration will be at the core of everything you do. Help is never far away in our open culture, you will find support in your team and from across the business, we are in this together!

The way to thrive and shine within Starling is to be a self-driven individual and be able to take full ownership of everything around you: From building things, designing, discovering, to sharing knowledge with your colleagues and making sure all processes are efficient and productive to deliver the best possible results for our customers. Our purpose is underpinned by five Starling values: Listen, Keep It Simple, Do The Right Thing, Own It, and Aim For Greatness.

Your responsibilities will include:

• Designing and executing red/purple team operations against the Bank, including end to end kill chain - scoping, planning, execution and reporting.
• Emulate read-world cyber threats to test the organisation's defences and response capabilities.
• Dedicated research time to identify vulnerabilities and build exploits that can be leveraged during assessments.
• Actively work with the team to continuously develop the methodology and internal capability to enhance in-house capabilities..
• Working along with other teams post engagement to actively remediate the vulnerabilities and improve the overall security posture of the organisation.
• Engage in continuous learning and professional development, keeping up to date with current trends.

Operations will emulate real threat actors and target cutting edge technology in Starling Bank’s platform as well as ranging across the endpoint estate. You will use emerging threat intelligence to inform and develop effective attacks.

You will be an early member of the team and have the opportunity to shape the development and growth of the team.

Requirements

You will have:

• 3+ years of experience in offensive security roles such as red teaming or malware dev.
• Relevant industry certification (e.g. CCSAS, CRTL, OSMR, OSEP, CCT, or similar)
• Ability to work to defined rules of engagement and to show strong discipline and steady judgement, working both independently or as part of a team.
• Experience with executing end to end red and purple team engagements using standard C2 frameworks (Mythic or CobaltStrike)
• Familiarity with the cyber risks faced by Starling Bank and other financial institutions
• In-depth understanding of network and operating system fundamentals with Windows and MacOS.
• Big picture understanding and experience with cloud technology such as AWS & GCP
• Familiarity with modern software engineering paradigms (CI/CD, Infra as Code)

Though not necessarily required, the ideal candidate would also bring:

• Experience in payload development and offensive R&D for Windows or MacOS
• Experience in Social Engineering such as phishing, physical break-in or vishing
• Software engineering expertise (Java, Kotlin, Go…) or reverse engineering expertise
• Experience and enthusiasm for blogging and speaking both internally to educate our staff and potentially externally

Benefits

• 25 days holiday (plus take your public holiday allowance whenever works best for you)
• An extra day’s holiday for your birthday
• Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off!
• 16 hours paid volunteering time a year
• Salary sacrifice, company enhanced pension scheme
• Life insurance at 4x your salary
• Private Medical Insurance with VitalityHealth including mental health support and cancer care. Partner benefits include discounts with Waitrose, Mr&Mrs Smith and Peloton
• Generous family-friendly policies
• Perkbox membership giving access to retail discounts, a wellness platform for physical and mental health, and weekly free and boosted perks
• Access to initiatives like Cycle to Work and Salary Sacrificed Gym partnerships

You may be put off applying for a role because you don't tick every box. Forget that! While we can’t accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren’t sure if you're 100% there yet, get in touch anyway.

We’re on a mission to radically reshape banking – and that starts with our brilliant team. Whatever came before, we’re proud to bring together people of all backgrounds and experiences who love working together to solve problems.

Starling Bank is an equal opportunity employer, and we’re proud of our ongoing efforts to foster diversity & inclusion in the workplace. Individuals seeking employment at Starling Bank are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.

By submitting your application, you agree that Starling Bank may collect your personal data for recruiting and related purposes. Our Privacy Notice explains what personal information we may process, where we may process your personal information, its purposes for processing your personal information, and the rights you can exercise over our use of your personal information.