Jan 15, 2023
This position reports to the offensive security lead and is part of our offensive security team. In order to make money work for everyone, you will also be a part of the larger Security Collective, a group of people driven to make us a safer place to work and bank with. We are searching for an accomplished Offensive Security Engineer to join, contribute to the development of a premier Offensive Security Team, and collaborate with the Blue Team to evaluate the efficacy of particular security measures. The ideal applicant will have a strong interest in security testing and the capacity to adopt an attacker's perspective. You'll be able to effectively convey threats to the business and design and carry out penetration tests and simulated attacks.
We’re particularly keen to hear from Offensive Security Engineers with experience testing the following:
Remotely managed MacOS environments
Microservices architecture environments
Containers
AWS
In addition to performing penetration tests on some of the newest and most exciting technologies, the role also reserves 30%-40% of your time for research and development, which is actively encouraged. You’ll be keen to publish and present the new and cutting-edge things you have discovered during your R&D time both internally and externally.
Reporting to the Offensive Security Squad Lead, you'll work closely with the security function as well as the rest of the business to help reduce the likelihood of security vulnerabilities negatively impacting Monzo or our customers.
Your day-to-day
As part of this role you’ll:
Help scope and execute:
Penetration tests
Red Team engagements that simulate the TTPs of known threat actors
Purple Team engagements alongside the Blue Team to test specific security controls
As well as:
Offer technically sound and considered remediation advice
Effectively communicate findings and remediation advice to the business
Work with the owning squads to triage identified vulnerabilities
Research and develop cutting edge tools, techniques and exploits specific to our environments and services
Produce blog posts and white papers as an output of the time spent on research and development
Work collaboratively and independently on specialised engagements
Help Monzo meet and surpass regulatory requirements for information security
Help manage the validation and triage of vulnerabilities from our bug bounty platform
Act as SME for squads outside the security collective who need advice on penetration testing or offensive security
You should apply if you have most, or all, of the following:
5+ years experience in security testing or penetration testing
An industry recognised qualification such as CREST CCSAS, CCT (APP or INF), OSCP, OSCE or other equivalent
Experience performing security assessments on the following:
MacOS
Kubernetes
AWS
Mobile Applications
Web Applications
APIs
As well as:
Experience using the MITRE ATT&CK framework for adversary simulations
Knowledge of MacOS C2 frameworks and hacking techniques
Experience working in microservices architecture environments
Experience researching security topics and publishing your findings
Experience with Programming/Scripting languages: Objective-C, GoLang, Bash, Python, JXA
A bachelor's degree in computer science or equivalent work experience
Experience working in a regulated environment
The ability to think outside the box and apply creative thinking to problem solving
An inquisitive and curious nature
A passion and enthusiasm for security research/testing with a flair for presentation and communication.
The Interview Process:
After an initial chat with one of the Hiring Team, our interview process involves three main stages:
Initial interview with one of the team
Technical interview
Values and Collaboration interview