Security Operations Specialist

Monzo in Cardiff, London or Remote (UK)

📍 London/Remote | 💰£65-70k + Benefits | You can find out more about our approach to scaling security detection here

About Us

We’re here to make money work for everyone and we're doing things differently. For too long, banking has been obtuse, complex and opaque.

We want to change that and build a bank with everyone, for everyone. Our amazing community suggests features, test the app and give us constant feedback so we can build something everyone loves.

We're focused on solving problems, rather than selling financial products. We want to make the world a better place and change people's lives through Monzo.

About the Security Operations Team (SecOps)

We are looking for a proactive, technically-minded and organised Security Operations SME/Specialist (DoE) to join us in the bank’s 1st line of defence which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk.

This role is part of Monzo’s Security Collective which has a wide range of responsibilities, from infrastructure security to application and information security.

For this role you'll be joining the Security Operations Squad at Monzo. We are a squad dedicated to detection and investigation of potential cybersecurity threats to Monzo and its customers, providing effective incident response where necessary.

You will also be joining the wider Security Collective, a group of people passionate about making Monzo a safer place to work and bank with, to make money work for everyone.

As a bank, we are solving diverse, novel problems to ensure that our customers and data are secure, you will have the opportunity to make a direct impact on that.

One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security.

What you'll be working on

The goal of the Security Operations squad is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring.

Additionally, you will be helping with the monitoring of information security controls within Monzo by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.

Analytics

  • Using raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours.
  • Investigating, defining and resolving complex issues.
  • Producing and developing dashboards and reports to continuously improve security situational awareness.
  • Producing incident reports to present activity and outcome of operational security services and activity.

Incident management

  • Supporting the investigation of security breaches and coordinating and managing all Incident Responses.
  • Ensuring that all security incidents have been correctly prioritised and diagnosed in accordance with agreed procedures.
  • Investigating the causes of incidents, document findings and seek resolution.
  • Making sure the escalation of any unresolved incidents has been completed according to agreed procedures.
  • Overseeing the facilitation of recovery, following the resolution of incidents.
  • Making sure security incidents have been documented and closed according to agreed procedures.
  • Serving as a backup for security operations emergency response.

Information security

  • Overseeing active Incidents the operation and optimisation of security tooling/products, including network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, privileged access management controls.
  • Acting on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
  • Creating security risk, vulnerability assessments, and business impact analysis as required.
  • Reviewing, updating and creating CSIRT policies, playbooks and standard operating procedures documentation.
  • Providing advice and guidance to other teams within the business on good practice and maintaining relevant and current industry knowledge.

Security administration

  • Oversee the operation or support the operation of tools that contribute to effective security including anti-virus and vulnerability management.
  • Making sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.
  • Undertaking periodic reviews of security policies and baseline control standards, influencing additional and updated controls based on the findings of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.

You should apply if

  • You have experience within an enterprise-level SOC or CSIRT function.
  • You have experience with Security Monitoring tools.
  • You have a track record of technical delivery within a fast-paced environment.
  • You can take a pragmatic view of the application of technologies; understanding the business application of them and being able to identify a balance between the management of risk and the capability for the business to continue to operate.
  • You have in-depth experience of at least one of the following technology areas; End-User Computing/Hosting/Networks/Cloud/Development.
  • You have knowledge of commonly-accepted information security principles and practices, as well as techniques attackers use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
  • You communicate well and can present complex information to both technical and non-technical audiences.
  • You’re excited by what we’re doing at Monzo

It would be desirable if

  • You hold at least two or more of the following security certificates:- CISSP/CISM/GIAC/GCFE/GISP/GSEC/CEH.
  • Experience of detection and security practices for MacOS, Google Workspace, major cloud-hosting providers and Kubernetes would be an advantage.

The Interview Process

Our interview process involves 3 main stages:

  • A call with one of our recruiters
  • An initial interview with one of the managers in the team
  • Two final interviews - one technical and one focused on values and collaboration

Our average process takes around 2-3 weeks but we will always work around your availability. You will have the chance to speak to our recruitment team at various points during your process but if you have any specific questions ahead of this please contact us on techhiring@monzo.com

What’s in it for you:

💰 £65,000 - £70,000 base salary plus stock options

📍 This role can be based in our London office, but we're also open to distributed working anywhere within the UK.

⏰ We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.

📚 Learning budget of £1,000 a year for books, training courses and conferences

➕And much more, see our full list of benefits here


Equal Opportunity Statement

We are actively creating an equitable environment for every Monzonaut to thrive.

Diversity and inclusion are a priority for us and we are making sure we have lots of support for all of our people to grow at Monzo. At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our blog ,  2021 Diversity and Inclusion Report and 2022 Gender Pay Gap Report.

We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.


#LI-REMOTE

#LI-SB1

Apply