At a Glance
- Tasks: Join a talented team to conduct security testing and improve processes at Starling.
- Company: Starling, a leading name in cyber security with a collaborative culture.
- Benefits: Generous holiday allowance, enhanced pension scheme, and paid volunteering time.
- Other info: Mentorship opportunities and a focus on continuous learning.
- Why this job: Make a real impact on security while advancing your skills in a dynamic environment.
- Qualifications: 5+ years in information security and experience in penetration testing.
The predicted salary is between 60000 - 80000 £ per year.
As an experienced Penetration Tester at Starling, you’ll be joining an established team, working with talented cyber security professionals to ensure our services are designed, developed and operated securely. This is a collaborative role - you’ll directly interact with multiple areas of the business to understand requirements, conduct research, perform security testing, and report issues aligned to our risk framework. Being an internal tester, you’ll gain a strong understanding of how technology works at Starling to enable in-depth testing. You’ll also support remediation processes, seeing your findings lead to tangible security improvements. We understand the importance of knowledge and expertise remaining current, so we’ll actively support your advancement through research and training. In turn, you’ll help us continuously improve our processes, methodologies and tools to maintain the highest standard of testing.
Responsibilities
- Scoping and performing mobile, web application, cloud and infrastructure penetration tests.
- Collaborating with engineering teams to facilitate secure development, including:
- Reviewing and analysing proposed technical solutions to identify appropriate security controls.
- Conducting code reviews of features and critical security components.
- Performing in-depth practical security testing.
- Advising on the remediation of security issues and identifying solutions to address root causes.
- Automating security testing and developing internal tooling to achieve continuous assurance.
- Identifying and implementing improvements to the team’s internal processes and procedures.
- Mentoring less‑experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling.
Requirements
- 5+ years technical information security experience.
- Experience in mobile, web application, cloud and infrastructure penetration testing.
- Technical knowledge - we don't expect mastery of every area, but are looking for a good foundation in the following domains:
- Mobile security (iOS and Android)
- Web application security
- Networking and associated protocols
- Cloud security (AWS and GCP)
- Containers and Kubernetes
- A desire to learn, and the ability to apply technical security knowledge to new and unfamiliar areas.
- Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience.
- Experience performing code reviews or code-assisted testing, particularly in Java and Go.
- Experience in automation of security testing (e.g. using Python or Go).
- Excellent verbal and written communication skills.
Benefits
- 25 days holiday (plus take your public holiday allowance whenever works best for you)
- An extra day’s holiday for your birthday
- Annual leave is increased with length of service, and you can choose to buy or sell up to five extra days off
- 16 hours paid volunteering time a year
- Salary sacrifice, company enhanced pension scheme
- Life insurance at 4x your salary
Senior Penetration Tester employer: Manchester Digital
At Starling, we pride ourselves on being an exceptional employer, particularly for our Senior Penetration Tester role. Our collaborative work culture fosters innovation and continuous learning, with ample opportunities for professional growth through training and mentorship. Located in a dynamic environment, we offer competitive benefits including generous holiday allowances, a supportive pension scheme, and a commitment to employee well-being, making Starling a rewarding place to advance your career in cybersecurity.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Penetration Tester
✨Network Like a Pro
Get out there and connect with folks in the cyber security scene! Attend meetups, webinars, or conferences where you can chat with other penetration testers and industry experts. You never know who might have a lead on your next big opportunity!
✨Show Off Your Skills
Create a portfolio showcasing your penetration testing projects, including any cool tools you've developed or security issues you've tackled. This is your chance to shine and demonstrate your expertise beyond just a CV!
✨Ace the Interview
Prepare for technical interviews by brushing up on your knowledge of mobile, web, and cloud security. Be ready to discuss your past experiences and how you've contributed to security improvements. Remember, it's all about showing your problem-solving skills and collaborative spirit!
✨Apply Through Our Website
Don't forget to apply directly through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive and engaged with our company!
We think you need these skills to ace Senior Penetration Tester
Some tips for your application 🫡
Tailor Your CV:Make sure your CV reflects the skills and experiences that align with the Senior Penetration Tester role. Highlight your technical knowledge in mobile, web application, and cloud security, as well as any relevant qualifications you have.
Craft a Compelling Cover Letter:Use your cover letter to tell us why you're passionate about penetration testing and how your experience can contribute to our team. Be sure to mention specific projects or achievements that showcase your expertise.
Show Off Your Communication Skills:Since this role involves collaboration with various teams, demonstrate your excellent verbal and written communication skills in your application. Use clear and concise language to convey your ideas and experiences.
Apply Through Our Website:We encourage you to apply directly through our website for a smoother application process. This way, we can easily track your application and get back to you quicker!
How to prepare for a job interview at Manchester Digital
✨Know Your Stuff
Make sure you brush up on your technical knowledge, especially in mobile, web application, cloud, and infrastructure penetration testing. Be ready to discuss specific tools and methodologies you've used in the past, as well as any relevant qualifications like CREST or OSCP.
✨Show Your Collaborative Spirit
Since this role involves working closely with engineering teams, be prepared to talk about your experience collaborating with others. Share examples of how you've facilitated secure development or mentored less-experienced team members in previous roles.
✨Demonstrate Problem-Solving Skills
Think of a few scenarios where you identified security issues and successfully advised on remediation. Highlight your ability to not just find problems but also suggest practical solutions that address root causes.
✨Communicate Clearly
Excellent verbal and written communication skills are crucial for this role. Practice explaining complex security concepts in simple terms, as you'll need to report findings and collaborate with various teams. Consider preparing a brief presentation of a past project to showcase your communication style.
