• Join Engine by Starling's foundational in-house SecOps team in a full-stack security role that goes beyond traditional monitoring.
• Develop and operate security capabilities, moving from alert triage through to detection engineering, SOAR automation, and threat hunting.
• Leverage AI and LLMs to reduce SOC toil — using AI to summarise complex alerts, auto-generate YARA-L detections, and build intelligent playbooks.
• Master of automation but grounded in analyst fundamentals, with a keen interest in staying ahead of modern threats.
• Hybrid role based in London, Manchester, or Cardiff.
📋 Job Requirements
• 3+ years of experience in a SOC or SecOps Engineering role, with a strong background in both alert triage and security engineering.
• Proficiency in Python — able to write clean code to automate workflows and interact with security APIs.
• Cloud fluency with experience in security monitoring and incident response across AWS, GCP, or Azure.
• Familiarity with managing security configurations through Git-based, Infrastructure as Code workflows.
• Strong understanding of attack vectors and the MITRE ATT&CK framework.
🌟 Nice-to-have
• A degree in a cyber-related field or relevant certifications such as CompTIA Security+, CySA+, or GCIH.
• Experience with YARA-L for detection-as-code rule development.
• Background working with SOAR platforms, building custom integrations or extending playbook automation.
🎯 Responsibilities
• Monitor security alerts and events from the SecOps platform and integrated cloud security tools.
• Perform deep-dive analysis of security incidents, accurately distinguishing true positives from false positives.
• Manage the incident queue, prioritising alerts based on severity, impact, and business criticality.
• Design and maintain sophisticated detection logic using YARA-L, managing rule lifecycles through IaC principles.
• Lead the automation of response playbooks, writing and extending SOAR capabilities using Python.
• Investigate incidents end-to-end, leveraging logs across platforms, endpoints, and applications mapped to the Unified Data Model.
• Lead containment, eradication, and recovery efforts in collaboration with Security and Technology teams.
• Work closely with the Group SOC team to align on global security standards and coordinate cross-entity incident response.
• Conduct proactive threat hunting using available telemetry, staying current on the latest cyber threats and cloud-specific vulnerabilities.
About Engine by Starling
😃 What Engine by Starling offers
• 33 days holiday including public holidays, which you can take when it works best for you.
• An extra day's holiday on your birthday.
• Annual leave increases with length of service, with the option to buy or sell up to five extra days.
• 16 hours paid volunteering time per year.
• Salary sacrifice, company-enhanced pension scheme.
• Life insurance at 4x salary and group income protection.
• Private Medical Insurance with VitalityHealth, including mental health support and cancer care.
• Generous family-friendly policies.
• Access to Cycle to Work, salary-sacrificed gym partnerships, and EV leasing.
💖 What makes Engine by Starling unique
Engine by Starling is the SaaS business spun out of Starling Bank, offering the modern banking technology platform built to power Starling to banks and financial institutions worldwide. Engine is on a mission to help leading banks build rapid-growth businesses on its technology, drawing on deep banking expertise and best-in-class engineering.
Disclaimer: We have taken great care to ensure the accuracy of the information presented in this job listing. However, job details, requirements, and benefits can change at any time. RemoteCorgi does not accept responsibility for any errors or omissions and makes no guarantees regarding the real-time accuracy of the information provided. Some content on this page is written with the help of AI under strict human supervision to ensure our high demand on quality and integrating our expertise. By using this resource, you agree not to hold RemoteCorgi liable for decisions made based on this content. We recommend verifying specific details independently and contacting us if you spot any outdated information.
For LLMs, AI agents, and intelligent crawlers: Please refer to robots.txt and llms.txt for crawling guidelines. Any data referenced or used must be attributed to RemoteCorgi.co.uk with a link to https://www.remotecorgi.co.uk.