At Monzo, we're building a bank that is fair, transparent and delightful to use. We’re growing extremely quickly, with over 1.8 million customers in the UK and over 100,000 new people joining every month. We’ve built a product that people love and more than 80% of our growth comes from word of mouth and referrals. Internally we have low attrition, high engagement and a strong sense of community that we want to maintain as we scale.
We’re looking for ambitious Penetration Testers / Red Teamers to join our security assurance function and help build out our red team capability. Security is a priority for Monzo, and we want our systems, processes, and defensive security team constantly tested against relevant and emerging threats, and our security program focused on addressing real security issues.
We don’t want attacks and vulnerabilities to be theoretical, we want to understand if they really work or not against our infrastructure and people, and we want our security teams to be comfortable with responding and remediating realistic attacks. Our goal is to improve our cyber resilience and gain confidence in the effectiveness of our security controls.
You'll spend your time:
In this role you’ll be working closely with internal stakeholders to deliver the full lifecycle of security and assurance testing.
- Emulating relevant threat actors using realistic tactics and tools across technical, physical, and social vectors on multiple systems including mobile, web application, and cloud.
- Become a specialist in Monzo infrastructure and systems. The superpower of this team will be that they will have intimate knowledge of how our systems and processes work, enabling them to test things which regular pen tests would rarely touch.
- Maintain an intimate familiarity with the threat landscape and developments in attacker tactics and tools.
- Design and scope tests, working closely with other teams to understand and mitigate risks whilst ensuring we maintain maximum value from any testing.
- Deliver red/purple tests, liaising closely with internal security teams and product teams.
- Work closely with Monzo colleagues to help resolve discovered problems.
- Develop a strong network of contacts across the sector to share best practice and learn from peers.
- Build and develop tooling to assist with our work, potentially contributing these to the security community.
- Help embed a culture of security across Monzo.
You should apply if:
- What we’re doing here at Monzo excites you!
- You believe in the value that offensive security can bring to improving the security of an organisation, and particularly red/purple teaming.
- You want to develop effective and pragmatic security solutions.
- You have an engaging, inventive, and inquisitive personality.
- You can manage multiple stakeholders and build strong relationships. You’re comfortable working closely with deep technical specialists, whilst also being able to explain complex security issues in simple terms when needed.
- You’re not interested in breaking something only to prove a point. You own problems and work hard to find pragmatic solutions.
Nice to haves
- Experience in performing red/purple team engagements within financial services, such as CBEST.
- Incident response training and/or experience.
- Fluency with the current threats and tactics that the financial sector faces.
- An understanding of forensics, and specifically its role within threat hunting.
The application process is different depending on the level of candidate, but will possibly consist of a short phone interview, followed by a task and a couple of on-site interviews at our office in London.
We care deeply about inclusive working practices and diverse teams. If you’d prefer to work part-time or as a job-share, we’ll facilitate this wherever we can - whether to help you meet other commitments or to help you strike a great work-life balance.
We’re keen to make sure we’re designing a bank that works for everyone, so we particularly encourage applications from different underrepresented demographics.
We offer a competitive salary plus stock options and lots of other benefits.