Security Incident Responder Engineer

Nubank

Nubank

Mexico City, Mexico
Posted on Friday, April 12, 2024

About Nubank

Tackling the complex banking system to empower people in one of the world's most bureaucratic markets seems like a crazy idea, right? But that's why, how, and where Nubank was born. We fight complexity through our transparent and straightforward products and experiences: a no-fee credit card, a rewards program, a lending platform, and a digital savings account. In a nutshell, we are the most innovative tech company in Latin America, and we are obsessed with building financial services and products that make our customers love us fanatically. With over 40 million customers and $1.2 billion raised in investment rounds, we are the fastest growing digital bank in the world, with offices in Brazil, Mexico, Colombia, Germany, EUA and Argentina. And it's still only Day One for us!

Infosec & Security Operation Center (SOC)

The Nubank Security Operation team proactively hunts for security threats that may affect Customers or Nubankers, acts fast on security incidents to investigate those threats, and applies mechanisms to mitigate them. Also, Security Operation has a strong engineering power to decrease the time to act on threats through automation and dedicated micro-services.

You can find more about Nubank Infosec here: https://blog.nubank.com.br/infosec-nubank-protecao-dados/

We believe in:

Strong and diverse teams;

Enthusiasm for building and delivering new features and products;

Capacity to keep learning new things while constantly improving what we are already good at;

Collaborating efficiently to ship quality service/products.

Our Challenges

Nubank is experiencing hyper-growth in several dimensions: number of customers, products, international markets, and employees. We are seeking a Cyber Security Manager who, together with the team, can relentlessly pursue and eradicate threats across complex environments. As a Cyber Security Manager, you will be able to build and scale a healthy security operation team to tackle challenges from anomaly detection to incident response. Furthermore, you will be able to work to protect the applications powering one of the most sophisticated digital banking platforms ever built, and building solutions that enable faster and more effective security operation.

What is a typical day for a Senior Security Incident Responder?

The Nu Incident Response team analyzes information, discusses observations and activities, and shares reports and communications across the company. The amount of time spent on any one of these activities depends on one key question: Is this a time of calm or crisis? That’s why it’s essential to have an extraordinary person who combines intellectual curiosity with a tireless passion for never giving up, especially during times of crisis.

Security Operations (SecOps) is a collaboration between security and IT operations teams, where security and operations staff assume joint ownership and responsibility for security concerns. It is a set of SOC processes, practices, and tools that can help Nubank meet security goals more efficiently. As a Senior Security Incident Responder, you will identify several types of security incidents by understanding how attacks work, and how to effectively respond before they get out of hand.

The Senior Security Incident Responder will be responsible for:

  • Analyzing and investigating every source of alerts and proactive improving our rule detection base
  • Creating and keeping updated playbooks that are used to handle security incidents
  • Stabilizing well-done communication between different squads to make it easy to automate or outsource incident response and analysis to MSSP
  • Mapping IT systems and functions needed in the security incident playbooks
  • Building Indicators of Compromise (IOCs) that arise from security investigations

What you’ll need to be successful:

Must Have

  • Strong experience handling security incidents
  • Real experience as SOC L2 and L3 using methodologies for investigation and incident response
  • Strong teamwork
  • English verbal and written communication skills
  • Knowledge of frameworks such as Mitre or NIST
  • Log Analysis experience
  • Yara/Yara-L language, how to query and modify alerts at Google Chronicle
  • Curious and innovative Security Analyst with a passion for information security operations, customer service, and automation

Nice to have

  • Experience (administration/implementation/configuration) on security platforms such as Firewalls, IPS/IDS, WAF, EDR, or IDM
  • Experience in incident response in regulated or financial companies
  • Defensive certifications or equivalent knowledge
  • Github real-world experience
  • Experience scripting such as Python, shell script or Clojure
  • Experience with AWS products
  • Experience with automation and usage of:
    • Okta
    • Fortinet
    • Palo Alto technologies
    • Google Security Tools (Gmail, DLP, and Google products hardening)

Benefits
● Nubank equity
● Health and life insurance
● Food card
● 17 days of paid vacation with 25% vacation bonus
● Holiday Bonus ("Aguinaldo") of 30 days of pay per year
● NuCare - Our mental health and wellness assistance program
● NuLanguage - Our language learning program
● Extended maternity and paternity leaves