Excited to grow your career?
Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at Hargreaves Lansdown.
We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We’d love to hear from you!
About the role
The Offensive Security Lead is a pivotal technical leadership role, responsible for driving and executing the offensive security strategy across HL’s digital and product landscape. This position is central to safeguarding the organisation’s assets, reputation, and client trust during a period of significant digital transformation and innovation. The role ensures that offensive security practices are embedded throughout the software development lifecycle, product innovation pipeline, and cloud adoption journey, providing assurance to clients, regulators, and stakeholders.
The role will champion secure-by-design principles, lead red and purple team operations, and foster a culture of proactive risk management and continuous improvement. The role balances strategic vision with hands-on technical oversight, enabling the firm’s growth aspirations while maintaining robust security resilience in a fast-paced, product-led environment.
What you will be doing
- Develop and execute the offensive security strategy, aligned with the firm’s digital transformation and fintech ambitions.
- Translate CISO strategy into actionable delivery roadmaps for offensive security and attack surface management.
- Advise senior leadership on emerging threats, attack trends, and the evolving threat landscape.
- Lead and conduct advanced penetration testing, red teaming, and adversary emulation exercises across cloud, web, mobile, and API
environments. - Oversee purple team assessments, collaborating with defensive teams to enhance detection and response capabilities.
- Manage and evolve the bug bounty programme, ensuring rapid validation and remediation of vulnerabilities.
- Partner with product, engineering, and digital teams to enable secure innovation and accelerate transformation.
- Ensure offensive security is embedded in agile, DevOps, and product-led delivery models.
- Provide clear, actionable reporting on risk exposure, remediation, and security posture to technical and non-technical audiences.
- Influence and educate stakeholders at all levels, fostering a security-first culture.
About you
- Extensive experience in offensive security, including red teaming, penetration testing, and Breach & Attack Simulation within a strongly regulated environments.
- Strong capability in one or more domains across web application, infrastructure, cloud, container, and mobile security.
- Proven experience designing and maintaining security testing environments using Terraform, Packer, and Ansible.
- Hands on experience developing and operating automated security testing and penetration testing pipelines, including the transition from manual testing to automated security validation approaches.
- Demonstrated technical leadership in cloud-first and digital transformation initiatives.
- Experience enabling agile, DevOps, and product-led engineering teams with security-by-design and continuous assurance practices.
- Established ability to foster a positive security culture and lead high performing, multidisciplinary security teams.
- Deep understanding of UK financial services regulatory expectations and industry security standards relevant to wealth management.
- Relevant certifications (e.g., GIAC, OSCP, CREST, CISSP, CISM) are desirable but not required.
- Strong line management experience, including developing talent, setting objectives, and supporting career growth within security teams.
Interview process
The interview process for this role is three stages including an intro call, technical review and leadership review.
Working Schedule
This role is based in Bristol head office, BS1 5HL. This role is permanent, full time, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a hybrid flexible working pattern.
Why us?
Here at HL, we’re the UK’s number 1 investment platform for private investors, based in Bristol. For more than 40 years we’ve helped investors save time, tax and money on their investments.
To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do.
What's on offer?
- Discretionary annual bonus* and annual pay review
- 25 days* holiday plus bank holidays and 1-day additional Christmas closure
- Option to purchase an additional 5 days holiday**
- Flexible working options available, including hybrid working
- Enhanced parental leave
- Pension scheme up to 11% employer contribution
- Income Protection and Life insurance (4 x salary core level of cover)
- Private medical insurance*
- Health care cash plans - including optical, dental, and outpatient care
- Health screening programme
- Help@hand - confidential support including mental health counselling and remote GP
- Wellhub - unlimited access to fitness providers and wellness coach sessions
- Variety of travel to work schemes with bike storage and shower facilities
- Inhouse barista and deli serving subsidised coffee and sandwiches
- Two paid volunteering days per year
* dependant on role level
** only available to select during our annual benefits window, in November each year
Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.
This role may also be available on a flexible working or part time basis – please ask the Recruitment & Onboarding team for more information.
Please note, we are unable to provide employment sponsorship to candidates.