Enable job alerts via email!
Vulnerability Lead - Engine by Starling
Starling Bank
London
Hybrid
GBP 60,000 - 100,000
Full time
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
Join a forward-thinking company as a Vulnerability Lead, where you will spearhead the development of a robust vulnerability management program. This role offers a unique opportunity to enhance security posture by defining best practices and overseeing the vulnerability management lifecycle. You will conduct scans, prioritize vulnerabilities, and collaborate with teams to integrate security into CI/CD pipelines. With a focus on innovation and client outcomes, this dynamic environment encourages professional growth and the chance to make a significant impact in transforming banking security. If you are passionate about security and ready to lead, this role is for you.
Benefits
Qualifications
- 5+ years experience in vulnerability management or security operations.
- Understanding of CVSS, OWASP Top 10, and MITRE ATT&CK.
Responsibilities
- Conduct regular vulnerability scans and validate findings.
- Manage remediation efforts and ensure timely patching of vulnerabilities.
- Generate reports to support risk-based vulnerability management.
Skills
Tools
Job description
At Engine by Starling, we are on a mission to find and work with leading banks worldwide that aim to build rapid growth businesses using our technology.
Engine is Starling's SaaS business, built to power Starling Bank, which became a separate entity two years ago.
Starling Bank has experienced exceptional growth, largely due to its modern, ground-up technology. Our SaaS platform now enables banks globally to leverage innovative digital features and efficient back-office processes that contributed to Starling's success.
As a company, we expect everyone to contribute to delivering great outcomes for our clients. We are engineering-led and seek someone excited by the potential of Engine’s technology to transform banking across various markets.
Hybrid Working
We adopt a hybrid work model—preferably, team members should be within commuting distance of an office to facilitate in-person collaboration.
About the Role
We are looking for a passionate and experienced Vulnerability Lead to develop and oversee our vulnerability management program. This role offers a unique chance to establish a vital security function, define best practices, and improve our security posture.
The role involves managing and enhancing the vulnerability management lifecycle, including defining scanning strategies, triaging risks, overseeing remediation, and reporting to improve security.
What you'll do:
- Conduct regular vulnerability scans and validate findings.
- Prioritize vulnerabilities based on risk and enrich findings with threat intelligence and business impact analysis.
- Facilitate resolution by triaging vulnerabilities for resolver groups.
- Manage remediation efforts and ensure timely patching of critical vulnerabilities.
- Maintain visibility across all technology environments, including cloud, data centers, containers, and web apps.
- Generate reports and metrics to support risk-based vulnerability management.
- Identify gaps in scan coverage and asset inventory.
- Stay updated on zero-day vulnerabilities and emerging threats.
- Maintain dashboards and reports on vulnerability trends, KPIs, and SLAs.
- Update documentation to meet compliance standards like ISO 27001, PCI DSS, SOC 2, and NIST.
- Define scanning schedules, thresholds, and automation opportunities.
- Collaborate with DevSecOps and product teams to integrate security into CI/CD pipelines.
- Assess new tools and processes to improve automation and risk tracking.
Essential Skills and Experience:
- Self-sufficient and a trusted escalation point.
- Understanding of systemic risk and prioritization.
- Experience in vulnerability management, security operations, or infrastructure security (5+ years).
- Familiarity with vulnerability management lifecycle, tools, and platforms.
- Ability to coordinate remediation activities effectively.
- Knowledge of CVSS, OWASP Top 10, and MITRE ATT&CK.
- Comfort working with cloud environments, containers, and modern infrastructure.
- Organized with strong reporting skills.
- Ability to translate scan data into clear, risk-based reports for management.
- Partner with risk management teams for assurance evidence.
Desired Skills:
- Experience integrating security tooling within CI/CD pipelines.
- Knowledge of threat contextualization and threat intelligence application.
Interview Process
Our interview process is conversational and designed for mutual understanding. It typically involves:
- Stage 1: 45-minute chat with BISO
- Stage 2: 60-minute interview with peers
- Stage 3: Final interview with CTO or Deputy CTO
Benefits include 33 days of holiday, extra days for birthdays, flexible leave options, volunteering time, pension schemes, insurance, private medical, family policies, referral incentives, Perkbox membership, and initiatives supporting health, wellness, and sustainability.
About Us
We value diversity and inclusion and consider all applicants without discrimination. If you're excited about this role but unsure if you meet every criterion, we encourage you to apply and discuss your potential with us.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
