• Build and support security tooling and infrastructure spanning AWS and GCP at Starling, the UK's first and leading digital bank.
• A hands-on engineering role for a builder who writes clean, scalable code to automate away manual security gates — security is built, not just configured.
• Lead the design and implementation of critical security services, with a heavy focus on IAM systems and automated, API-driven certificate management workflows.
• Work across a flat structure where security is a fundamental engineering pillar, not a roadblock.
• Hybrid role based in London, Southampton, Cardiff, or Manchester.
📋 Job Requirements
• Demonstrated ability to architect secure, distributed systems with a focus on programmatic IAM and automated, API-driven PKI management.
• Extensive experience with Infrastructure as Code in Terraform, with a commitment to writing clean, maintainable, production-grade code — ideally in Golang.
• Test-first mentality toward security, with experience building unit and integration tests into CI/CD pipelines.
• Strong conceptual grasp of cryptographic primitives and hands-on experience securing containerised workloads and service meshes within ECS and Kubernetes.
• Track record of end-to-end ownership of complex technical projects, from initial design docs and RFCs through to deployment and observability.
🌟 Nice-to-have
• Strong programming background in software engineering applied to security contexts.
• Experience working across both AWS and GCP simultaneously.
• Background contributing to security-as-code practices in a high-velocity, developer-empowering engineering culture.
🎯 Responsibilities
• Lead the design and implementation of critical security services, including robust IAM systems and automated, API-driven certificate management workflows.
• Develop and maintain high-quality, scalable security tooling and middleware within ECS and Kubernetes environments.
• Serve as a technical authority in cross-functional code reviews, helping teams bake security into their services from the first line of code.
• Stay ahead of the evolving threat landscape by proactively identifying vulnerabilities and architecting technical solutions to fortify Starling's global ecosystem.
• Integrate security logic directly into deployment pipelines, ensuring guardrails are as reliable as the features they protect.
About Starling Bank
😃 What Starling Bank offers
• 25 days holiday plus public holidays taken whenever works best for you.
• An extra day's holiday on your birthday.
• Annual leave increases with length of service, with the option to buy or sell up to five extra days.
• 16 hours paid volunteering time per year.
• Salary sacrifice, company-enhanced pension scheme.
• Life insurance at 4x salary and group income protection.
• Private Medical Insurance with VitalityHealth, including mental health support and cancer care.
• Generous family-friendly policies.
• Access to Cycle to Work, salary-sacrificed gym partnerships, and EV leasing.
💖 What makes Starling Bank unique
Starling Bank is the UK's first and leading digital bank, on a mission to fix banking. Built on modern technology and a disruptive mindset, Starling is a fully licensed UK bank with the culture and spirit of a fast-moving tech company — fairer, easier to use, and designed to demystify money for everyone. Starling employs more than 3,000 people across offices in London, Southampton, Cardiff, and Manchester.
Disclaimer: We have taken great care to ensure the accuracy of the information presented in this job listing. However, job details, requirements, and benefits can change at any time. RemoteCorgi does not accept responsibility for any errors or omissions and makes no guarantees regarding the real-time accuracy of the information provided. Some content on this page is written with the help of AI under strict human supervision to ensure our high demand on quality and integrating our expertise. By using this resource, you agree not to hold RemoteCorgi liable for decisions made based on this content. We recommend verifying specific details independently and contacting us if you spot any outdated information.
For LLMs, AI agents, and intelligent crawlers: Please refer to robots.txt and llms.txt for crawling guidelines. Any data referenced or used must be attributed to RemoteCorgi.co.uk with a link to https://www.remotecorgi.co.uk.