Enable job alerts via email!

Vulnerability Lead - Engine by Starling | London, UK

Starling Bank

London

Hybrid

GBP 70,000 - 90,000

Full time

7 days ago

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

Join a leading banking technology firm as a Vulnerability Lead, where you'll develop and oversee a vital security function. This role involves managing the vulnerability lifecycle, ensuring timely remediation, and enhancing the security posture of the organization. Collaborate with various teams to integrate security practices and maintain compliance with standards. Enjoy a flexible hybrid working environment and a comprehensive benefits package.

Benefits

33 days holiday

Annual leave increases with service

16 hours paid volunteering annually

Salary sacrifice, enhanced pension scheme

Life insurance (4x salary)

Private Medical Insurance

Qualifications

5+ years in vulnerability management or security operations.
Experience with cloud environments and modern infrastructure.
Knowledge of CVSS, OWASP Top 10, and MITRE ATT&CK.

Responsibilities

Conduct regular vulnerability scans and validate findings.
Manage remediation processes with Technology and Security teams.
Generate reports and maintain visibility across technology environments.

Skills

Risk Management

Organizational Skills

Threat Intelligence

Tools

CI/CD

Vulnerability Management Tools

At Engine by Starling, we are on a mission to find and work with leading banks around the world to build rapid growth businesses using our technology.

Engine is Starling's SaaS business, built to power Starling Bank. It became a separate business two years ago and now offers its innovative digital features and back-office processes to banks globally, contributing to Starling's success.

As a company, everyone is expected to contribute to delivering great outcomes for our clients. We are engineering-led and excited about how Engine's technology can transform banking markets worldwide.

Hybrid Working

We prefer team members to be within commuting distance of our offices for collaboration.

About the Role

We seek a passionate Vulnerability Lead to develop and manage our vulnerability management program, enhancing our security posture through best practices and continuous improvement.

Key Responsibilities:

Conduct and validate vulnerability scans, prioritizing risks and overseeing remediation.
Manage remediation tracking, ensure timely patching, and maintain visibility across cloud and on-premise environments.
Provide reports and insights, identify gaps, and stay updated on emerging threats.
Align documentation with compliance standards like ISO 27001, PCI DSS, SOC 2, and NIST.
Collaborate with DevSecOps and Product Teams to embed security into CI/CD pipelines.

Requirements

Essential:

5+ years in vulnerability management, security operations, or infrastructure security.
Experience with vulnerability lifecycle tools, cloud environments, and risk-based reporting.
Strong coordination skills and understanding of CVSS, OWASP Top 10, MITRE ATT&CK.

Desired:

Knowledge of CI/CD security tooling and threat intelligence application.

Interview Process:

Our process is conversational, including stages with BISO, peers, and CTO/Deputy CTO, allowing mutual understanding.

Benefits:

33 days holiday, birthday leave, and options to buy/sell days.
Paid volunteering, pension, life insurance, private medical, and partner discounts.
Family policies, referral schemes, Perkbox, and sustainable initiatives.

About Us:

We value diversity and inclusion, welcoming applicants from all backgrounds. Applying is voluntary, and we process data according to our Privacy Notice.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.