Offensive Security Engineer @ Monzo

Offensive Security Engineer

Posted on 12/12/2022

INACTIVE

1,001-5,000 employees

Digital-only bank platform & marketplace

Company Overview

Monzo’s mission is to make money work for everyone by solving customers' problems, treating them fairly and being totally transparent.. The company has created an app with budgeting tools where you can spend, manage, and save your money, from your phone, fee-free.

Locations

London, UK

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

AWS

Bash

Objective-C

Kubernetes

Python

Communications

CategoriesNew

DevOps & Infrastructure

Software Engineering

Requirements

5+ years experience in security testing or penetration testing
An industry recognised qualification such as CREST CCSAS, CCT (APP or INF), OSCP, OSCE or other equivalent
MacOS
Kubernetes
AWS
Mobile Applications
Web Applications
APIs
Experience using the MITRE ATT&CK framework for adversary simulations
Knowledge of MacOS C2 frameworks and hacking techniques
Experience working in microservices architecture environments
Experience researching security topics and publishing your findings
Experience with Programming/Scripting languages: Objective-C, GoLang, Bash, Python, JXA
A bachelor's degree in computer science or equivalent work experience
Experience working in a regulated environment
The ability to think outside the box and apply creative thinking to problem solving
An inquisitive and curious nature
A passion and enthusiasm for security research/testing with a flair for presentation and communication

Responsibilities

We are looking for an experienced Offensive Security Engineer to join and help build a world-class Offensive Security Team and work alongside the Blue Team to help assess the effectiveness of specific security controls
The ideal candidate will be passionate about security testing and able to get into the mindset of an attacker. You'll be able to plan and execute penetration tests and simulated attacks, and effectively communicate risks to the business
We're particularly keen to hear from Offensive Security Engineers with experience testing the following:

📍London/Remote | 💰£30-£75k + Benefits

About us:

We’re here to make money work for everyone and we’re doing things differently. For too long, banking has been obtuse, complex and opaque.

We want to change that and build a bank with everyone, for everyone. Our amazing community suggests features, test the app and give us constant feedback so we can build something everyone loves.

We’re focused on solving problems, rather than selling financial products. We want to make the world a better place and change people’s lives through Monzo.

About the Team:

This role sits within our Offensive Security Team, reporting into the Offensive Security Lead.

You will also be joining the wider Security Collective, a group of people passionate about making Monzo a safer place to work and bank with, to make money work for everyone.

What you’ll be working on

We are looking for an experienced Offensive Security Engineer to join and help build a world-class Offensive Security Team and work alongside the Blue Team to help assess the effectiveness of specific security controls.

The ideal candidate will be passionate about security testing and able to get into the mindset of an attacker. You’ll be able to plan and execute penetration tests and simulated attacks, and effectively communicate risks to the business.

We’re particularly keen to hear from Offensive Security Engineers with experience testing the following:

Remotely managed MacOS environments
Microservices architecture environments
Containers
AWS

In addition to performing penetration tests on some of the newest and most exciting technologies, the role also reserves 30%-40% of your time for research and development, which is actively encouraged. You’ll be keen to publish and present the new and cutting-edge things you have discovered during your R&D time both internally and externally.

Reporting to the Offensive Security Squad Lead, you’ll work closely with the security function as well as the rest of the business to help reduce the likelihood of security vulnerabilities negatively impacting Monzo or our customers.

Your day-to-day As part of this role you’ll:

Help scope and execute:

Penetration tests
Red Team engagements that simulate the TTPs of known threat actors
Purple Team engagements alongside the Blue Team to test specific security controls

As well as:

Offer technically sound and considered remediation advice
Effectively communicate findings and remediation advice to the business
Work with the owning squads to triage identified vulnerabilities
Research and develop cutting edge tools, techniques and exploits specific to our environments and services
Produce blog posts and white papers as an output of the time spent on research and development
Work collaboratively and independently on specialised engagements
Help Monzo meet and surpass regulatory requirements for information security
Help manage the validation and triage of vulnerabilities from our bug bounty platform
Act as SME for squads outside the security collective who need advice on penetration testing or offensive security

You should apply if you have most, or all, of the following:

5+ years experience in security testing or penetration testing
An industry recognised qualification such as CREST CCSAS, CCT (APP or INF), OSCP, OSCE or other equivalent

Experience performing security assessments on the following:

MacOS
Kubernetes
AWS
Mobile Applications
Web Applications
APIs

As well as:

Experience using the MITRE ATT&CK framework for adversary simulations
Knowledge of MacOS C2 frameworks and hacking techniques
Experience working in microservices architecture environments
Experience researching security topics and publishing your findings
Experience with Programming/Scripting languages: Objective-C, GoLang, Bash, Python, JXA
A bachelor’s degree in computer science or equivalent work experience
Experience working in a regulated environment
The ability to think outside the box and apply creative thinking to problem solving
An inquisitive and curious nature
A passion and enthusiasm for security research/testing with a flair for presentation and communication.

The Interview Process:

After an initial chat with one of the Hiring Team, our interview process involves three main stages:

Initial interview with one of the team
Technical interview
Values and Collaboration interview

Our average process takes around 2-3 weeks but we will always work around your availability. You will have the chance to speak to our recruitment team at various points during your process but if you do have any specific questions ahead of this please contact us on [email protected]

What’s in it for you:

💰 £35,000 - £75,000 ➕ plus stock options & benefits

✈️ We can help you relocate to the UK.

✅ We can sponsor visas.

📍This role can be based in our London office, but we’re open to distributed working within the UK (with ad hoc meetings in London).

⏰ We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.

📚Learning budget of £1,000 a year for books, training courses and conferences

➕And much more, see our full list of benefits here

If you prefer to work part-time, we’ll make this happen whenever we can - whether this is to help you meet other commitments or strike a great work-life balance.

Equal Opportunity Statement

We are actively creating an equitable environment for every Monzonaut to thrive.

Diversity and inclusion are a priority for us and we are making sure we have lots of support for all of our people to grow at Monzo. At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2021 Diversity and Inclusion Report and 2022 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.

#LI-SB1 #LI-REMOTE