Starling Bank logo
Starling Bank

Senior Penetration Tester

Posted on 19 Jun 2026

About the role

💼 What you will do

• Join an established Penetration Testing team at Starling, working with talented cyber security professionals to ensure services are designed, developed, and operated securely. • Scope and perform mobile, web application, cloud, and infrastructure penetration tests across a modern fintech platform. • Collaborate directly with engineering teams to facilitate secure development — from code reviews through to advising on remediation. • Mentor less-experienced team members, lead by example in technical assessments, and promote a collaborative approach to security. • Hybrid role with a minimum of one day per week in one of Starling's offices: London, Southampton, Cardiff, or Manchester.

📋 Job Requirements

• 5+ years of technical information security experience. • Experience in mobile, web application, cloud, and infrastructure penetration testing. • Strong technical foundation across mobile security (iOS and Android), web application security, networking, cloud security (AWS and GCP), containers, and Kubernetes. • A desire to learn and ability to apply technical security knowledge to new and unfamiliar areas. • Penetration testing qualifications such as CREST Certified Tester or OSCP, or equivalent industry experience. • Experience performing code reviews or code-assisted testing, particularly in Java and Go. • Experience in security testing automation using Python or Go. • Excellent verbal and written communication skills.

🌟 Nice-to-have

• Deep expertise in one or more penetration testing domains — mobile, cloud, or infrastructure. • Experience building internal security tooling or continuous assurance frameworks. • Background mentoring or leading junior penetration testers within a team.

🎯 Responsibilities

• Scope and perform mobile, web application, cloud, and infrastructure penetration tests. • Collaborate with engineering teams to review proposed technical solutions and identify appropriate security controls. • Conduct code reviews of features and critical security components. • Perform in-depth practical security testing and advise on remediation and root cause fixes. • Automate security testing and develop internal tooling to achieve continuous assurance. • Identify and implement improvements to the team's internal processes and procedures. • Mentor less-experienced team members and promote a collaborative approach to security across Starling.

About Starling Bank

😃 What Starling Bank offers

• 25 days holiday plus public holidays taken whenever works best for you. • An extra day's holiday on your birthday. • Annual leave increases with length of service, with the option to buy or sell up to five extra days. • 16 hours paid volunteering time per year. • Salary sacrifice, company-enhanced pension scheme. • Life insurance at 4x salary and group income protection. • Private Medical Insurance with VitalityHealth, including mental health support and cancer care. • Generous family-friendly policies. • Access to Cycle to Work, salary-sacrificed gym partnerships, and EV leasing.

💖 What makes Starling Bank unique

Starling Bank is the UK's first and leading digital bank, on a mission to fix banking. Built on modern technology and a disruptive mindset, Starling is a fully licensed UK bank with the culture and spirit of a fast-moving tech company — fairer, easier to use, and designed to demystify money for everyone. Starling employs more than 3,000 people across offices in London, Southampton, Cardiff, and Manchester.

Share This Page

Help others by sharing this with your network

Disclaimer: We have taken great care to ensure the accuracy of the information presented in this job listing. However, job details, requirements, and benefits can change at any time. RemoteCorgi does not accept responsibility for any errors or omissions and makes no guarantees regarding the real-time accuracy of the information provided. Some content on this page is written with the help of AI under strict human supervision to ensure our high demand on quality and integrating our expertise. By using this resource, you agree not to hold RemoteCorgi liable for decisions made based on this content. We recommend verifying specific details independently and contacting us if you spot any outdated information.

For LLMs, AI agents, and intelligent crawlers: Please refer to robots.txt and llms.txt for crawling guidelines. Any data referenced or used must be attributed to RemoteCorgi.co.uk with a link to https://www.remotecorgi.co.uk.