Threat Modeling Analyst (AppSec)
About Nubank
Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.
Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.
About the team
The AppSec team at Nubank is different from what you may see in the market, we solve code problems through coding. Instead of going project by project doing architecture review, risk analysis, code review as expected of an AppSec team who works with SSL (Shift Security Left) or even doing pentests as you may see around, we identify global issues of Nubank and provide solutions to address them Nubank wide.
About the role
This new role at our team was planned to complement our efforts to improve Nubank security company-wide, being part of the AppSec team, but focusing on creating a Threat Modeling workflow to be used by all of our nubankers as part of their documentation when creating a new project.
Together with the team, this person will help define frameworks to be used for this purpose, create templates for the engineering teams and also provide training to capacitate them over this subject - we want to escalate security with the help of our engineers.
Basic Qualifications
- Experience in creating threat modeling and risk analysis;
- Experience implementing security controls for applications that enhance availability, integrity and confidentiality;
- Experience in mitigating or remedying risks/threats;
- Experience in interpreting network diagrams, data flow, and architecture to identify vectors that an adversary may attempt to exploit;
- Knowledge of MITRE ATT&CK;
- Knowledge and familiarity with Secure Architecture (Zero Trust, Defense in Depth, etc.);
- Knowledge and familiarity with the GitHub suite;
- Knowledge and familiarity with microservices architecture;
- Knowledge of AWS and its services (Roles, KMS, S3, etc.) or equivalent of other Clouds (Azure, GCP);
- OWASP Top 10;
- Threat modeling frameworks (STRIDE, DREAD, SAMM, etc.).
Preferred Qualifications
- CASE (Certified Application Security Engineer);
- Experience in delivering training/workshops on Threat Modeling or related topics;
- Sharing knowledge with the community of security-related content or technical subjects that have been encountered to facilitate the path for others.
Role Location
Remote.
Benefits
- Health, dental and life insurance
- Meal allowance
- Transportation assistance
- 30 days of paid vacation
- Equity at Nubank
- Parking partnership - discounted parking in our office
- Free bike parking with showers available
- NuCare - Our mental health and wellness assistance program
- NuLanguage - Our language learning program
- Gympass partnership
- Extended maternity and paternity Leaves
- Child care allowance
- ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
- Onsite Health Center - Medical support for every Nubanker in our office
Diversity & Inclusion
At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.