Security Operations Specialist 

About the job

At Monzo we’re aiming to build the best bank in the world . We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be safe and secure for our customers, so security is very important to us.

Security at Monzo

We are looking for a proactive, technically-minded and organised Security Operations SME/Specialist (DoE) to join us in the bank’s 1st line of defence which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk.

This role is part of Monzo’s Security Collective which has a wide range of responsibilities, from infrastructure security to application and information security.

As a bank, we are solving diverse, novel problems to ensure that our customers and data are secure, you will have the opportunity to make a direct impact on that.

One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security.

The role

The goal of the Security Operations squad is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring.

Additionally, you will be helping with the monitoring of information security controls within Monzo by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.


  • Using raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours.
  • Investigating, defining and resolving complex issues.
  • Producing and developing dashboards and reports to continuously improve security situational awareness.
  • Producing incident reports to present activity and outcome of operational security services and activity.

Incident management

  • Supporting the investigation of security breaches and coordinating and managing all Incident Responses.
  • Ensuring that all security incidents have been correctly prioritised and diagnosed in accordance with agreed procedures.
  • Investigating the causes of incidents, document findings and seek resolution.
  • Making sure the escalation of any unresolved incidents has been completed according to agreed procedures.
  • Overseeing the facilitation of recovery, following the resolution of incidents.
  • Making sure security incidents have been documented and closed according to agreed procedures.
  • Serving as a backup for security operations emergency response.

Information security

  • Overseeing active Incidents the operation and optimisation of security tooling/products, including network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, privileged access management controls.
  • Acting on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
  • Creating security risk, vulnerability assessments, and business impact analysis as required.
  • Reviewing, updating and creating CSIRT policies, playbooks and standard operating procedures documentation.
  • Providing advice and guidance to other teams within the business on good practice and maintaining relevant and current industry knowledge.

Security administration

  • Oversee the operation or support the operation of tools that contribute to effective security including anti-virus and vulnerability management.
  • Making sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.
  • Undertaking periodic reviews of security policies and baseline control standards, influencing additional and updated controls based on the findings of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.

You should apply if

  • You have experience within an enterprise-level SOC or CSIRT function.
  • You have experience with Security Monitoring tools.
  • You have a track record of technical delivery within a fast-paced environment.
  • You can take a pragmatic view of the application of technologies; understanding the business application of them and being able to identify a balance between the management of risk and the capability for the business to continue to operate.
  • You have in-depth experience of at least one of the following technology areas; End-User Computing/Hosting/Networks/Cloud/Development.
  • You have knowledge of commonly-accepted information security principles and practices, as well as techniques attackers use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
  • You communicate well and can present complex information to both technical and non-technical audiences.
  • You’re excited by what we’re doing at Monzo

It would be desirable if 

  • You hold at least two or more of the following security certificates:- CISSP/CISM/GIAC/GCFE/GISP/GSEC/CEH.
  • Experience of detection and security practices for MacOS, Google Workspace, major cloud-hosting providers and Kubernetes would be an advantage.


Salary range for this role is £55,000 - £80,000 DOE plus stock options and other benefits .

This role can be based in our London office or remotely within the UK

We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.

Diversity and inclusion is a priority for us – if we want to solve problems for people around the world, our team has to represent our customers. So we need to attract the best talent and create an environment that supports and includes them. You can read more about diversity and inclusion on our blog .

If you prefer to work part-time, we'll make this happen whenever we can - whether this is to help you meet other commitments or strike a great work-life balance.

The application process consists of a 30mins phone call with a recruiter, an initial call with someone from the team, followed by a practical written exercise and 2-3 on-site interviews at our office in London or remotely via hangouts. We promise not to ask you any brain teasers or trick questions.

Equal Opportunity Statement

At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.




Apply for this Job

* Required

👤 Identity survey

Our goal at Monzo is to make money work for everyone. To do that, working at Monzo must work for everyone. We want to create an equitable, engaged and innovative workplace which gives people from all backgrounds the support they need to thrive and grow. 

Making Monzo work for everyone starts right at the beginning of every Monzonaut's journey: when they apply to work here. This demographic survey will help us better understand the people who apply to work at Monzo. It'll help us see how different groups progress through our hiring process, and where we need to make improvements to be more inclusive. If you choose to fill it out, all of the information you give us is:

  • Voluntary. And we've included a "prefer not to say" option for every question. It'd be helpful if you still fill out the survey even if you choose "prefer not to say" for every question, as it's useful for us to understand & record this. We won't know if you choose to fill this survey in or not.
  • Anonymous to Monzo. We can't tie your responses to you and they won't make a difference to the outcome of your application. We'll only use grouped responses for equal opportunities monitoring in our hiring process.

For more information on how we'll use this data, please read our candidate privacy notice.

By filling out this survey, you agree that we can use your responses for the purposes we've mentioned above. You are not letting us know if we need to make any adjustments to the hiring process because of disability or neurodiversity - to do this please email us.

How would you describe your gender identity?

Do you identify as transgender?

What's your sexual orientation?

Do you identify as having a disability?

Do you consider yourself to be neurodiverse?

How would your describe your ethnicity?