Cloud Security Engineer

Starling is the UK's first and leading digital bank on a mission to fix banking! We built a new kind of bank because we knew technology had the power to help people save, spend and manage their money in a new and transformative way. We're a fully licensed UK bank with the culture and spirit of a fast-moving, disruptive tech company, operating across London, Southampton, Cardiff and Manchester.

Our technologists enjoy a fast‑paced environment focused on building things, creating new stuff, and keeping us on the cutting edge of fintech. We operate a flat structure that empowers everyone to make decisions, innovate and collaborate, and a culture that supports you and your team.

We have a hybrid approach to working here at Starling – our preference is that you're located within a commutable distance of one of our offices so that we can interact and collaborate in person.

Starling engineers are excited about helping us deliver new features, regardless of what their primary tech stack may be. Hear from the team in our latest blogs or our case studies with Women in Tech.

We are seeking an experienced Cloud Security Engineer who believes that great security is built, not just configured. At Starling, security is a fundamental engineering pillar, and we're looking for a practitioner who thinks like a developer. While we are looking for deep cloud expertise, we are also highly interested in candidates with strong programming skills and a background in software engineering who want to apply those talents to security.

• Engineer Secure Foundations: lead the design and implementation of critical security services, with a heavy focus on building robust Identity and Access Management (IAM) systems and automated, API‑driven certificate management workflows.
• Security‑as‑Code & Scalability: develop and maintain high‑quality, scalable security tooling and middleware within ECS and Kubernetes environments, ensuring security logic is integrated directly into the deployment pipeline.
• Collaborative Code Ownership: serve as a technical authority in cross‑functional code reviews, acting as an engineering peer who helps teams bake security into their services from the first line of code to the final pull request.
• Proactive System Hardening: stay ahead of the evolving threat landscape by treating security as a continuous engineering challenge – proactively identifying vulnerabilities and architecting technical solutions to fortify our global ecosystem.

• Demonstrated ability to architect secure, distributed systems with a focus on programmatic IAM and automated, API‑driven PKI management.
• Extensive experience with Infrastructure as Code (IaC) in Terraform and a deep commitment to writing clean, maintainable, and production‑grade code – ideally in Golang.
• A test‑first mentality toward security, with experience building unit and integration tests into CI/CD pipelines to ensure that security guardrails are as reliable as the features they protect.
• A strong conceptual grasp of cryptographic primitives and hands‑on experience securing containerized workloads and service meshes within ECS and Kubernetes.
• A track record of taking end‑to‑end ownership of complex technical projects, from initial design docs and RFCs through to deployment and observability.
• A belief that if it isn’t tested, it’s broken, and a drive to proactively identify and fix vulnerabilities by treating security as a continuous engineering challenge.

The Security Engineering team is a diverse and dynamic group passionate about building secure and resilient systems. We believe in striking a balance between protecting our systems and empowering our developers to build and innovate. Our goal is to make security a seamless part of the development lifecycle, not a roadblock.

Interviewing is a two‑way process designed to give both parties a clear sense of fit. Our interviews are conversational and we want you to bring questions and be curious. In general you can expect the following stages, following a chat with one of our Talent Team:

• Initial phone…