Offensive Security Engineer

🚀 We’re on a mission to make money work for everyone.

We’re waving goodbye to the complicated and confusing ways of traditional banking. 

With our hot coral cards and get-paid-early feature, combined with financial education on social media and our award winning customer service, we have a long history of creating magical moments for our customers!

We’re not about selling products - we want to solve problems and change lives through Monzo ❤️

Hear from our team about what it's like working at Monzo ✨

📍London or Remote (UK) | 💰 £35,000 - £50,000 + Benefits | Hear from the team ✨

⭐ Our Offensive Security team

This role sits within our Offensive Security team, reporting into the Offensive Security Manager. But this team is a part of the wider Security collective here at Monzo, a power-house team of passionate security professionals all working to make Monzo as secure as possible for our customers.

At our core though, the Offensive Security team is made up of breakers, not makers. We find the vulnerabilities, prove exploitability, then work with the other teams to fix those problems. We aren’t developers though, so we give advice to mitigate issues but don’t start coding fixes ourselves.

🔑You’ll play a key role by…

The work we do within the Offensive Security team is varied, but all involve hacking in one way or another. A lot of our work is project-based, with focus placed on areas we consider weak. This might mean hacking some new internal software or testing a new feature in the apps for example.

We also do projects that simulate a real adversarial attack (a bit like red teaming), and cooperate with our defensive teams to improve capabilities and skills.

The biggest service we provide to the other teams is placing a security mindset in the room. Ask those “what ifs” and get people thinking like an attacker. And it always helps to have a proof of concept to show to others!

As an Offensive Security Engineer, you’ll first be covering the smaller projects the more senior engineers can’t get to. This could include:

• Testing new features in the Monzo apps (mainly the mobile apps, but sometimes web apps too)
• Testing internal and public web services that support our products, tools and systems
• Doing network testing (like attacking our office networks or hunting for vulnerabilities in sensitive networks)
• Supporting the security bounty program

As you get more familiar and confident within the team, we’ll encourage you to take on some bigger, more challenging projects to help with your career progression at Monzo. But you won’t be alone, and always have the support of the others in the team!

🤩We’d love to hear from you if…

First and foremost you:

• Have an unending curiosity to understand how the security of systems work at all levels
• Have a strong attacker mindset, always thinking “what if I did…” when testing a system

The following would be nice, but aren’t requirements:

• At least 2 years experience in security testing (ideally internal testers or consultants)
• An industry recognised qualification such as CREST CRT, CCT (APP or INF), OSCP, OSCE or other equivalent (don’t be put off if you don’t have any, experience is preferred!)

🙌What’s in it for you

💰£35,000 - £50,000 ➕ share options.

📍This role can be based in our London office, but we're open to distributed working within the UK (with ad hoc meetings in London) (Please note, we are not able to offer sponsorship or relocation to the UK for this role)

⏰We offer flexible working hours and trust you to work enough hours to do your job well, and at times that suit you and your team. 

📚£1,000 learning budget each year to use on books, training courses and conferences.

🏡We will set you up to work from home; all employees are given Macbooks and for fully remote workers we will provide extra support for your work-from-home setup. 

➕ Plus lots more! Read our full list of benefits.

🌈 The application journey 

If shortlisted after your application, you’ll firstly have a chat with one of the Hiring Team. If successful following on from this ⬇️

• Initial call with a member of the security team
• Technical interview
• Values and Collaboration interview

This process should take around 2-3 weeks - your schedule is really important to us, so we promise to be as flexible as possible! 

We have some guidelines on using Artificial Intelligence (AI) to ace an application and interview at Monzo 🤖 You can read them here.

You’ll hear from us throughout the application process, but if you’ve got any questions, please reach out to business-hiring@monzo.com. You can also use this email address to let us know if there’s anything we can do to make the process easier for you because of disability, neurodiversity or anything else.

We’ll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don’t miss out! 

If you’d prefer to work part-time, please let us know and we'll make this happen if we can.

Equal opportunities for everyone

Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Monzo. At Monzo, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2023 Diversity and Inclusion Report and 2023 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

Linkedin Tags: #LI-REMOTE #LI-MY1

Equal opportunities for everyone

Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Monzo. At Monzo, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2023 Diversity and Inclusion Report and 2023 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.

If you have a preferred name, please use it to apply. We don't need full or birth names at application stage 😊