Lead Offensive Security Engineer
Brazil, Sao Paulo
Nubank
Você finalmente no controle do seu dinheiro. Controle total do cartão de crédito e da conta 100% digitalAbout Nubank
Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.
Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.
- Perform infrastructure, web and mobile pentest;
- Help with vulnerability management;
- Code tools that assist with offensive security security reviews;
- Support operations to fix vulnerabilities and help development squads to understand security issues;
- Assist in architectural / logical reviews of different softwares.
What skills do I need?
- Offensive Security background, with a focus on Red Team activities;
- Experience with different parts of a pentest, such as reconnaissance, enumeration, exploitation, post-exploitation, lateral movement, etc…;
- Strong knowledge of recent and past attack vectors, as well as exploitations, and how to fix them;
- Ability to reproduce behavior of Advanced Persistent Threat groups;
- Experience with security frameworks, such as OWASP;
- Familiarity with AWS general concepts;
- Ability to harden and improve CI/CD Pipelines as well as experience with SDLC
- General knowledge in all security scopes, as well as strong knowledge on Operating Systems, Networks, Databases and Infrastructure Architecture;
- Experience with Threat Modeling;
- Active participation in the CTF Scene or Bug Bounty programs;
- Knowledge of these tools is a plus: Nmap, Metasploit, SQLmap, Burp Suite, Nessus, Censys and/or Shodan, Cloud security assessment tools.
We believe in good team chemistry, enthusiasm for building things, and our surprising capacity to learn new things when we stay humble and open-minded. Good computer science skills and concepts, as well as English language skills, are essential.
We are a very process-light organization that values human interactions. We love working in small, independent teams that feel like small startups and eschew coupling and centralizing where realistic. We understand that execution is the key to success and optimize processes to remove bottlenecks.
Role Location
Remote.
Benefits
- Health, dental and life insurance
- Meal allowance
- Transportation assistance
- 30 days of paid vacation
- Equity at Nubank
- Parking partnership - discounted parking in our office
- Free bike parking with showers available
- NuCare - Our mental health and wellness assistance program
- NuLanguage - Our language learning program
- Gympass partnership
- Extended maternity and paternity Leaves
- Child care allowance
- ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
- Onsite Health Center - Medical support for every Nubanker in our office
Diversity & Inclusion
At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: AWS Banking Burp Suite CI/CD Cloud Computer Science CTF Metasploit Nessus Nmap Offensive security OWASP Red team SDLC Security assessment SHODAN Vulnerabilities Vulnerability management
Perks/benefits: Career development Fitness / gym Health care Parental leave Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Security Operations Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open CISM-related jobs
- Open Pentesting-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevSecOps-related jobs
- Open CI/CD-related jobs