Lead Security Engineer - Offensive Security at Nubank

São Paulo, São Paulo, Brazil -

Full Time

Start Date

Immediate

Expiry Date

21 Feb, 26

Salary

0.0

Posted On

23 Nov, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Offensive Security, Red Team Activities, Pentesting, Vulnerability Management, Security Frameworks, AWS, CI/CD Pipelines, SDLC, Operating Systems, Networks, Databases, Infrastructure Architecture, Threat Modeling, CTF Participation, Bug Bounty Programs, Security Assessment Tools, Burp Suite

Industry

Financial Services

Description

About Nubank Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world. Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br. About the team We are looking for curious, driven individuals passionate about enhancing security maturity through attack to join us as a Lead Security Engineer for our Offensive Security team. At Nubank, our Offensive Security team plays a crucial role in proactively identifying and mitigating security threats before they can impact our customers, Nubankers, and financial assets. By simulating real-world attacks, we strengthen our security posture and continuously evolve our defense strategies to stay ahead of adversaries. Your role will be key in helping teams across Nubank understand and collaborate with Offensive Security initiatives. You'll work closely with security engineers, product teams, and other stakeholders to educate, guide, and support them in implementing secure development practices, ensuring that security is embedded into our products and services from the ground up. This is an exciting opportunity to play a pivotal role in enhancing Nubank's security maturity. You will be key in creating resources, providing guidance, and advocating for best practices to help teams proactively identify and address security risks, ultimately protecting our customers and the company from emerging threats. As an Offensive Security Lead Engineer, you’re expected to: Perform infrastructure, web, and mobile/API pentest; Craft and execute red team operations; Help with vulnerability management; Code tools that assist with offensive security reviews; Support operations to fix vulnerabilities and help development squads to understand security issues; Assist in architectural / logical reviews of different softwares. What are we looking for? Offensive Security background, with a focus on Red Team activities; Experience with different parts of a pentest, such as reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, etc; Strong knowledge of recent and past attack vectors, as well as exploitations, and how to fix them; Ability to reproduce behavior of Advanced Persistent Threat (APTs) groups; Experience with security frameworks, such as OWASP; Familiarity with AWS general concepts; Ability to harden and improve CI/CD Pipelines as well as experience with SDLC; General knowledge in all security scopes, as well as strong knowledge on Operating Systems, Networks, Databases and Infrastructure Architecture; Experience with Threat Modeling; Active participation in the CTF scene or Bug Bounty programs is a plus; Experience with security assessment tools is also a plus, especially Burp Suite (e.g., for intercepting and modifying HTTP requests, automating attacks with Intruder, or analyzing application security). Familiarity with Nmap, Metasploit, SQLmap, Nessus, Censys, Shodan, and Frida.re is also valuable. More broadly, proficiency with any tool that aids in assessing and validating security is highly desirable. We believe in good team chemistry, enthusiasm for building things, and our surprising capacity to learn new things when we stay humble and open-minded. Good computer science skills and concepts, as well as English language skills, are essential. Benefits Health, dental and life insurance Meal allowance Transportation assistance 30 days of paid vacation Equity at Nubank Parking partnership - discounted parking in our office Free bike parking with showers available NuCare - Our mental health and wellness assistance program NuLanguage - Our language learning program Gympass partnership Extended maternity and paternity Leaves Child care allowance ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings Onsite Health Center - Medical support for every Nubanker in our office Work Model for this Role Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/

Responsibilities

As a Lead Security Engineer, you will perform pentests, craft red team operations, and assist with vulnerability management. You will also support development teams in understanding and fixing security issues.