×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant

Penetration Tester - Engine Starling

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Starling Bank
Full Time position
Listed on 2026-02-06
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Penetration Tester - Engine by Starling
Location: Greater London

Overview

At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up.

This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success. As a company, everyone is expected to roll up their sleeves to help deliver great outcomes for our clients. We are an engineering led company and we’re looking for someone who will be excited by the potential for Engine’s technology to transform banking in different markets around the world.

Hybrid Working

We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person.

About the Role

We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk. This isn't just about running scanners and handing over a PDF; it’s about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised. While you will sit within the Information Security team, you won’t be siloed;

you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team. Your approach is to move beyond finding ‘bugs’ to helping out teams build inherently resilient systems. As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it.

A key aspect of this role involves:

  • Collaborating with your peers to design a continuous testing framework that evolves with our tech stack.
  • Sharing knowledge with the wider technical faculty to elevate our collective security posture.

Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation.

Responsibilities
  • End-to-End Assessments:
    Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security.
  • Code Review:
    Performing manual secure code reviews to identify logic flaws and security anti-patterns.
  • Threat Modelling:
    Participate in sessions with different teams to identify design flaws before code is written.
  • Risk Contextualisation:
    Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine’s risk management framework.
  • Cloud Security:
    Collaborating with Infrastructure teams to audit and secure cloud configurations.
  • Autonomous Execution:
    Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains.
  • Remediation:
    Providing clear, actionable remediation advice that balances security requirements with engineering velocity.
  • Strategic Reporting:
    Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership.

We’re open-minded when it comes to hiring and we care more about aptitude and attitude than specific experience or qualifications.

Technical Skills

Ideally, we would like:

  • Experience:

    5+ years experience in penetration testing with a focus on cloud native infrastructure, web applications, APIs.
  • Tooling:
    Expert-level proficiency with industry-standard tools and the ability to "go manual" when scanners fail.
  • Cloud Native:
    Experience with Cloud Security, (AWS/GCP) specifically…
Position Requirements
5+ Years work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search