Lead Security Engineer - Offensive Security

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

About the team

We are looking for curious, driven individuals passionate about enhancing security maturity through attack to join us as a Lead Security Engineer for our Offensive Security team.

At Nubank, our Offensive Security team plays a crucial role in proactively identifying and mitigating security threats before they can impact our customers, Nubankers, and financial assets. By simulating real-world attacks, we strengthen our security posture and continuously evolve our defense strategies to stay ahead of adversaries.

Your role will be key in helping teams across Nubank understand and collaborate with Offensive Security initiatives. You'll work closely with security engineers, product teams, and other stakeholders to educate, guide, and support them in implementing secure development practices, ensuring that security is embedded into our products and services from the ground up.

This is an exciting opportunity to play a pivotal role in enhancing Nubank's security maturity. You will be key in creating resources, providing guidance, and advocating for best practices to help teams proactively identify and address security risks, ultimately protecting our customers and the company from emerging threats.

As an Offensive Security Lead Engineer, you’re expected to:

• Perform infrastructure, web, and mobile/API pentest;
• Craft and execute red team operations;
• Help with vulnerability management;
• Code tools that assist with offensive security reviews;
• Support operations to fix vulnerabilities and help development squads to understand security issues;
• Assist in architectural / logical reviews of different softwares.

What are we looking for?

• Offensive Security background, with a focus on Red Team activities;
• Experience with different parts of a pentest, such as reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, etc;
• Strong knowledge of recent and past attack vectors, as well as exploitations, and how to fix them;
• Ability to reproduce behavior of Advanced Persistent Threat (APTs) groups;
• Experience with security frameworks, such as OWASP;
• Familiarity with AWS general concepts;
• Ability to harden and improve CI/CD Pipelines as well as experience with SDLC;
• General knowledge in all security scopes, as well as strong knowledge on Operating Systems, Networks, Databases and Infrastructure Architecture;
• Experience with Threat Modeling;
• Active participation in the CTF scene or Bug Bounty programs is a plus;
• Experience with security assessment tools is also a plus, especially Burp Suite (e.g., for intercepting and modifying HTTP requests, automating attacks with Intruder, or analyzing application security). Familiarity with Nmap, Metasploit, SQLmap, Nessus, Censys, Shodan, and Frida.re is also valuable. More broadly, proficiency with any tool that aids in assessing and validating security is highly desirable.

We believe in good team chemistry, enthusiasm for building things, and our surprising capacity to learn new things when we stay humble and open-minded. Good computer science skills and concepts, as well as English language skills, are essential.

Role Location

Remote. 

Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.