• 3+ years of experience in offensive security roles such as red teaming or malware dev
• Relevant industry certification (e.g. CCSAS, CRTL, OSMR, OSEP, CCT, or similar)
• Ability to work to defined rules of engagement and to show strong discipline and steady judgement, working both independently or as part of a team
• Experience with executing end to end red and purple team engagements using standard C2 frameworks (Mythic or CobaltStrike)
• Familiarity with the cyber risks faced by Starling Bank and other financial institutions
• In-depth understanding of network and operating system fundamentals with Windows and MacOS
• Big picture understanding and experience with cloud technology such as AWS & GCP
• Familiarity with modern software engineering paradigms (CI/CD, Infra as Code)

Desirable

• Designing and executing red/purple team operations against the Bank, including end to end kill chain - scoping, planning, execution and reporting
• Emulate read-world cyber threats to test the organisation's defences and response capabilities
• Dedicated research time to identify vulnerabilities and build exploits that can be leveraged during assessments
• Actively work with the team to continuously develop the methodology and internal capability to enhance in-house capabilities.
• Working along with other teams post engagement to actively remediate the vulnerabilities and improve the overall security posture of the organisation
• Engage in continuous learning and professional development, keeping up to date with current trends
• Operations will emulate real threat actors and target cutting edge technology in Starling Bank’s platform as well as ranging across the endpoint estate
• You will use emerging threat intelligence to inform and develop effective attacks
• You will be an early member of the team and have the opportunity to shape the development and growth of the team