Monzo
Offensive Security Manager
Job Summary
The role involves leading and scaling Monzo's Offensive Security team, focusing on security testing, vulnerability assessment, and red teaming activities. The candidate should have significant experience in security testing, team management, and familiarity with adversary simulation frameworks including MITRE ATT&CK. Responsibilities include process improvement, collaboration with other teams, reviewing bug bounty reports, and mentoring junior members. The position offers flexible working arrangements, remote work support, and ongoing professional development opportunities.
Required Skills
Benefits
Job Description
🚀 We’re on a mission to make money work for everyone.
We’re waving goodbye to the complicated and confusing ways of traditional banking.
After starting as a prepaid card, our product offering has grown a lot in the last 10 years in the UK. As well as personal and business bank accounts, we offer joint accounts, accounts for 16-17 year olds, a free kids account and credit cards in the UK, with more exciting things to come beyond. Our UK customers can also save, invest and combine their pensions with us.
With our hot coral cards and get-paid-early feature, combined with financial education on social media and our award winning customer service, we have a long history of creating magical moments for our customers!
We’re not about selling products - we want to solve problems and change lives through Monzo ❤️
Hear from our UK team about what it's like working at Monzo ✨
📍UK Remote | 💰£88,200 - £110,000 + share options & Benefits | Hear from the team ✨
⭐ Our Offensive Security Team
At Monzo, our Offensive Security team is an integral part of our wider Security Collective, a passionate group dedicated to enhancing Monzo's security posture and ensuring a safer environment for our customers and employees. We're the "breakers, not makers" - a team focused on finding vulnerabilities, proving their exploitability, and then collaborating with other teams to get them fixed. We don't write the fixes ourselves, but we provide expert advice to mitigate issues. We're also deeply committed to fostering diversity within our team, believing that a variety of perspectives makes us stronger.
🔑 You’ll play a key role by...
- Leading and scaling our dynamic Offensive Security team
- Owning and continually improving our team's processes and methodologies
- Acting as the main point of contact for other teams, fostering collaboration and sharing offensive security knowledge
- Engaging in strategic planning for the team's long-term direction
- Reviewing bug bounty reports and making authoritative decisions as well as scaling the program beyond where it is now
- Performing hands-on security testing across a broad range of areas, from web applications to red teaming
- Mentoring junior team members, guiding their development and ensuring the team's ongoing success
🤩 We’d love to hear from you if…
- You have significant experience in security testing
- A proven track record of managing and growing high-performing teams
- You possess practiced competence with red teaming methodologies and experience using the MITRE ATT&CK framework for adversary simulations
- You're skilled in Objective-C, Go, Bash, Python, or JXA, and have knowledge of macOS C2 frameworks and hacking techniques
- You're a creative problem-solver with an inquisitive and curious nature, always seeking to learn and improve
- You're passionate about security testing and can think like an attacker
Not ticking every box? That’s totally okay! Studies show that women and people of colour might hesitate to apply unless they meet every single requirement. At Monzo, we’re dedicated to creating a diverse and welcoming team. If you’re passionate about this role and keen to learn and grow with us, we encourage you to apply - even if you don’t have everything that's listed just yet. Drop us your application, we’d love to hear from you!
🙌 What’s in it for you
💰£88,200 - £110,000 ➕ share options
📍This role can be based in our London office, but we're open to distributed working within the UK (with ad hoc meetings in London)
⏰We offer flexible working hours and trust you to work enough hours to do your job well, and at times that suit you and your team.
📚£1,000 learning budget each year to use on books, training courses and conferences.
🏡We will set you up to work from home; all employees are given Macbooks and for fully remote workers we will provide extra support for your work-from-home setup.
➕ Plus lots more! Read our full list of benefits.
🌈 The application journey has 3 key steps
- 30 minute call with the Recruiter
- 45 minute initial call with the Hiring Manager
- 2 hours of technical and behavioural interviews
This process should take around 2-3 weeks - your schedule is really important to us, so we promise to be as flexible as possible!
We have some guidelines on using Artificial Intelligence (AI) to ace an application and interview at Monzo. You can read them here.
You’ll hear from us throughout the application process, but if you’ve got any questions, please reach out to [email protected]. You can also use this email address to let us know if there’s anything we can do to make the process easier for you because of disability, neurodiversity or anything else.
We’ll only close this role once we have enough applications for the next stage. Please submit your application as soon as possible to make sure you don’t miss out.
#LS-OS1 #LI-REMOTE
Equal opportunities for everyone
Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Monzo. At Monzo, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog, 2024 Diversity and Inclusion Report and 2024 Gender Pay Gap Report.
We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.
If you have a preferred name, please use it to apply. We don't need full or birth names at application stage 😊
Monzo
Organise, save & invest with a free UK current account, joint account or business account. Make your money more Monzo.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.