Threat Detection Tech Lead

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow, and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in São Paulo, by Colombian David Vélez, and co founded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

About the team

The Nubank Threat Detection team proactively hunts for security threats and builds relevant and robust detections to protect Customers and Nubankers. Also, we support the CSIRT on threat investigations, with a strong engineering power to decrease the time to act through automation, and by receiving valuable information from our internal Threat Intelligence team, acting as a true Security Operation Center. 

You can find more about Nubank Infosec here: 

https://blog.nubank.com.br/infosec-nubank-protecao-dados/

You will be responsible for

This role will focus on ensuring that effective threat detection rules and actionable insights are in place, adhering to best-in-class standards, aiming to effectively identify, prevent, and detect adversary activities. This includes analyzing cyber threat intelligence data,building detections based on emerging trends, and threat modeling, aiming to mitigate false positives that ensure efficient security operations. The role will require attention on Business Unit Strategy and cross-functionally with security engineering, intelligence, engineering and incident response teams to build scalable solutions for analyzing security events data, enabling the organization to proactively identify and respond to threats in real-time. 

As a leader, you will be responsible for building and leading a high-performing threat detection team, fostering a culture of ownership and accountability. Additionally, this role will involve running simulations and exercises, working closely with the offensive security team to develop and implement action plans that enhance the organization's defensive posture as a Purple Team member. This includes developing processes and ensuring the entire detection lifecycle is in place, from intelligence gathering and threat modeling to detection engineering, response, and continuous improvement. You will act as an owner, driving the development of a strategic threat detection program and supporting leadership in building a world-class security team. Furthermore, you will ensure that detection processes support auditing requirements and facilitate effective communication with regulatory bodies. By collaborating closely with these teams, this role will contribute to the development of a comprehensive and robust security architecture that protects our organization from evolving cyber threats.

We are looking for a person who

Must Have:

• Good communication skills and be a real team player / team leader;
• Be able to work on a team where diversity is the key to high performance;
• Be able to provide mentorship and guidance to team members, acting as a genuine technical leader.
• Solid experience with Threat Hunting and Incident Response;
• Experience as technical leadership in the identification, analysis, and response to complex security threats.
• Ability to develop and maintain detection as code solutions to automate threat identification and response;
• Be able to develop processes, measure results, and deliver continuous improvement;
• Proficiency with security platforms including WAFs (Web Application Firewalls), Firewalls (e.g., Palo Alto, Cisco ASA), IDS/IPS (Intrusion Detection/Prevention Systems);
• Proficient in SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) tools;
• Proven experience in information security operations;
• Expertise in managing, analyzing and deriving insights from logs and other security-related data;
• Skills in utilizing and integrating threat intelligence feeds and applying them to improve threat detection;
• Proficiency in SQL for querying and managing security-related databases;.
• Knowledge of cloud security principles and experience with securing cloud environments across different providers (e.g. AWS);
• Advanced English.

Nice to Have:

• Cyber Security certifications such as CISSP, CEH, GCIH or equivalent knowledge.
• Ability to create, modify and refine detection rules in Yara-L (2.0 desirable) in platforms such as Google SecOps SIEM (formally Chronicle);
• Skills in scripting languages as Python and Bash for automating security tasks and building custom tools;
• Proficient in Git/Github;
• Adept at incident response and mitigation, capable of handling and resolving security incidents effectively.
• In-depth understanding of network protocols, architecture, and security principles.
• Familiarity with endpoint security solutions and best practices for securing various types of endpoints (e.g., laptops, servers).
• Understanding of security policies, standards, and compliance requirements (e.g., PCI, SOX);
• Familiarity with deception technologies and techniques, including the deployment and management of honeypots and canaries;
• Experience with vulnerability assessment tools and methods for identifying and mitigating security vulnerabilities;
• Basic understanding of how artificial intelligence and machine learning can be leveraged for threat detection and response;
• Spanish would be a plus.

Role location

Remote (within Brazil).

Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass/Wellhub partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• “Espaço Feijão” - Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to ensure that we are building a diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as key elements for our company, ensuring that none of them pose a barrier to recruiting talented individuals.