Lead Security Engineer - Blockchain Security

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow, and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in São Paulo, by Colombian David Vélez, and co founded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

About the team

The Blockchain Security team is part of the Information Security business unit (BU). The team is responsible for protecting the integrity and security of the company's blockchain systems. This includes ensuring that blockchain networks and products are protected against malicious attacks, identifying and fixing vulnerabilities in smart contracts and blockchain protocols, monitoring the network for suspicious activity and working to maintain regulatory compliance. A proactive and adversarial approach is key to ensuring that the company can defend itself against cyber threats and maintain user confidence in blockchain technology.

You will be responsible for

As a Lead Blockchain Security Engineer, you will focus on improving the security of our cryptocurrency and blockchain products through the implementation of monitoring and control mechanisms, as well as contributing to the definition of the architecture and secure development of these products. We are looking for an experienced engineer with offensive security and blockchain experience to help the Blockchain Security team achieve its goals of keeping these products more secure in the context of our global expansion. Your primary responsibilities will include:

• Offensive Security Expertise: Utilize your offensive security skills to identify vulnerabilities and simulate attacks, providing insights into potential security threats and helping implement effective mitigation strategies.
• Improving the security of Nubank's cryptocurrency and blockchain products: Implement and maintain cutting-edge security measures specific to blockchain technology, including smart contract security audits, cryptographic techniques, and consensus mechanism evaluation. This includes implementing monitoring and control mechanisms, conducting security assessments, and identifying and mitigating vulnerabilities.
• Architecture and Development: Collaborate with product and engineering teams to design secure blockchain infrastructures. Contribute to the architecture and development of secure systems, ensuring best practices in security by design.
• Policy and Standards Development: Contributing to the development of security policies, standards and guidelines governing the security operations of blockchain products.
• Monitoring and Control: Develop and deploy real-time monitoring tools to detect and respond to security incidents. Optimize control mechanisms to ensure rapid identification and resolution of security issues.
• Staying up-to-date on the latest security threats and best practices in the cryptocurrency and blockchain space: This includes researching new technologies, attending industry conferences, and collaborating with other security professionals.
• Mentoring a team of security engineers: This involves providing guidance, training, and support to ensure the team is performing at its best.
• Collaborating with other teams within Nubank: This includes working with product managers, developers, and operations teams to ensure the security of cryptocurrency and blockchain products is a top priority.

What are we looking for?

We are seeking a highly skilled and experienced Blockchain Security Engineer with a strong background in offensive security and blockchain security. In this role, you will be instrumental in ensuring the security and integrity of our cryptocurrency and blockchain products. You will work with our Blockchain Security team to implement advanced monitoring and control mechanisms, contribute to secure architecture design, and guide the development of robust security practices.

Must Have:

• Offensive Security background, with a focus on blockchain security activities.
• Knowledge of cryptocurrency and blockchain technologies, including consensus algorithms, cryptographic protocols, and smart contracts.
• Experience with security tools and techniques, such as penetration testing, vulnerability scanning, and incident response.
• Experience with security frameworks, such as OWASP, NIST Cybersecurity Framework (CSF), etc.
• Scripting or programming skills (Python, Shell script, Clojure, etc.) to automate data gathering, attack scenarios and analysis tasks.
• Strong knowledge of recent and past attack vectors, as well as exploitations, and how to fix them.
• Familiarity with AWS general concepts;
• General knowledge in all security scopes, as well as strong knowledge on Operating Systems, Networks, Databases and Infrastructure Architecture;
• Ability to work autonomously and proactively to co-create solutions with the team;
• Problem-Solving: Excellent analytical skills with the ability to assess complex security issues and develop effective solutions.
• Strong verbal and written communication skills to articulate complex security concepts to technical and non-technical stakeholders in spoken and written English.

Nice to Have:

• Previous experience with bug bounties and/or CTFs.
• Relevant security certifications like OSCP, OSWE, CISSP, or Certified Blockchain Security Professional are strongly preferred.
• Adept at spotting attacker patterns, assessing organizational risk, and recommending effective defense strategies.
• Proven ability to mentor less experienced engineers, share best practices, and foster a culture of knowledge exchange.

If you are passionate about blockchain security and offensive strategies and are ready to take on challenging projects in a fast-paced environment, it will be a pleasure to have you on board.

Role location

Remote (within Brazil).

Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass/Wellhub partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• “Espaço Feijão” - Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to ensure that we are building a diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as key elements for our company, ensuring that none of them pose a barrier to recruiting talented individuals.