At Engine by Starling, we are on a mission to find and work with leading banks all around the world who have the ambition to build rapid growth businesses, on our technology. 

Engine is Starling's software-as-a-service (SaaS) business, the technology that was built to power Starling Bank, and a year ago we split out as a separate business. 

Starling Bank has seen exceptional growth and success, and a large part of that is down to the fact that we have built our own modern technology from the ground up. This SaaS technology platform is now available to banks and financial institutions all around the world, enabling them to benefit from the innovative digital features, and efficient back-office processes that has helped achieve Starling's success.

As a company, everyone is expected to roll up their sleeves to help deliver great outcomes for our clients. We are an engineering led company and we’re looking for someone who will be excited by the potential for Engine’s technology to transform banking in different markets around the world.

Hybrid Working

We have a Hybrid approach to working here at Engine - our preference is that you're located within a commutable distance of one of our offices so that we're able to interact and collaborate in person. 

About the Role

We are looking for an experienced Penetration Tester who can bridge the gap between deep technical exploitation and real-world business risk.  This isn't just about running scanners and handing over a PDF; it’s about adversarial empathy, understanding how our systems and services work so you can show us how they may be compromised.

While you will sit within the Information Security team, you won’t be siloed; you will be "dropped in" to test across various business domains, working side-by-side with Infrastructure Engineers and Software Developers and in collaboration with all parts of the Information Security Team.  Your approach is to move beyond finding ‘bugs’ to helping out teams build inherently resilient systems.

As an early member of our internal Pentesting capability, you won't just follow a manual, you will help write it.  A key aspect of this role involves:

• Collaborating with your peers to design a continuous testing framework that evolves with our tech stack.
• Sharing knowledge with the wider technical faculty to elevate our collective security posture.

Additionally, we understand the importance of knowledge and expertise remaining current and you shall support the continued advancement of our penetration testing through research, design and implementation of new solutions, including automation.

Responsibilities:

• End-to-End Assessments: Conducting penetration tests on our core banking platform, focusing on Cloud and Application Security.
• Code Review: Performing manual secure code reviews to identify logic flaws and security anti-patterns.
• Threat Modelling: Participate in sessions with different teams to identify design flaws before code is written.
• Risk Contextualisation: Contextualising technical vulnerabilities into "Real-World Risk" scenarios to demonstrate business impact to non-technical executives and within Engine’s risk management framework.
• Cloud Security: Collaborating with Infrastructure teams to audit and secure cloud configurations.
• Autonomous Execution: Acting as an independent operator within the team, managing your own testing scope and timelines across different business domains.
• Remediation: Providing clear, actionable remediation advice that balances security requirements with engineering velocity.
• Strategic Reporting: Translate complex technical exploits into actionable business risk summaries for non-technical stakeholders and executive leadership.