# Senior Penetration Tester

**Company**: Starling
**Location**: Southampton
**Work arrangement**: hybrid
**Experience**: senior
**Job type**: full-time
**Category**: Engineering
**Industry**: Technology

**Apply**: https://apply.workable.com/j/4F1A58C8DC
**Canonical**: https://yubhub.co/jobs/job_a6a63728-1cf

## Description

We're seeking a Senior Penetration Tester to join our established team, working with talented cyber security professionals to ensure our services are designed, developed, and operated securely. As an internal tester, you'll gain a strong understanding of how technology works at Starling to enable in-depth testing. You'll also support remediation processes, seeing your findings lead to tangible security improvements.

Responsibilities:
Scoping and performing mobile, web application, cloud, and infrastructure penetration tests.
Collaborating with engineering teams to facilitate secure development, including reviewing and analysing proposed technical solutions to identify appropriate security controls, conducting code reviews of features and critical security components, and performing in-depth practical security testing.
Advising on the remediation of security issues and identifying solutions to address root causes.
Automating security testing and developing internal tooling to achieve continuous assurance.
Identifying and implementing improvements to the team's internal processes and procedures.
Mentoring less-experienced team members, leading by example in technical assessments, and promoting a collaborative approach to security across Starling.

Requirements:
5+ years technical information security experience.
Experience in mobile, web application, cloud, and infrastructure penetration testing.
Technical knowledge in mobile security (iOS and Android), web application security, networking and associated protocols, cloud security (AWS and GCP), containers and Kubernetes.
Penetration testing qualifications (e.g. CREST Certified Tester, OSCP) or equivalent industry experience.
Excellent verbal and written communication skills.

## Skills

### Required
- penetration testing
- mobile security
- web application security
- cloud security
- networking
- containers and Kubernetes
- security testing
- code review
- automation

### Nice to have
- Java
- Go
- Python
- CREST Certified Tester
- OSCP