What is it like to have a career at Nubank’s Information Security Team (Infosec)?

Information Security is an area that has been growing across multiple companies in recent years. All over the world, the complexity of cybercriminal attacks has increased exponentially, it has been a while since antivirus was not enough to keep us safe. Every day it becomes more important to diversify our protections: both through secure applications and by developing secure behaviors. 

Here at Nubank, we take Information Security as a top priority.

We are not just a financial company. Technology is our core, and becoming a reference in this area is one of our big commitments. 

Nubank’s Infosec Business Unit has over 120 professionals and a global impact. Check out how our team is organized to protect more than 60 million Nubank’s LatAm customers:

Our team’s organizational structure is composed of 4 horizontals:

• Core Security: The closest team to Infosec’s engineering side. They develop security controls whose purpose is to strengthen our systems, hack them, respond to cyber incidents, search for and detect possible threats, etc…
• Business Security Management: This team supports Infosec’s business side. They identify where we can improve security in Nubank’s areas, simultaneously aiming for better compliance and reduced risk.
• Security Engineering: This team is composed of Software Engineers who build security applications to support our normal operations and other Infosec squads.
• Security Enablement: This team focuses on improving all of Infosec’s internal processes with different skill sets, ranging from customer success to agilists.

We are a cross-functional team with a wide range of expertise. At the Nubank Infosec team, you will have the opportunity to work closely with Software Engineers, Machine Learning Engineers, Agilists, Product Managers, as well as Customer Success professionals. Amazing, isn’t it?

We have 3 groups of Information Security roles inside our Infosec BU:

Business Security Managers and Security Awareness Engineers

This career path is more focused on process, regulation, and awareness. The preferred skills are business acumen, experience with risk assessment and audit compliance, plus experience with Infosec regulatory frameworks (such as ISOs 27001, 27002, 27005, and 31000, NIST, CIS, BACEN, SOX, among others). 

Information Security Engineers

This career path is more focused on Security-related engineering skills. It includes roles like Offensive and Defensive Security, Threat Intelligence, and Incident Response. Security engineering skills are expected.

Security Software Engineers

This career is focused on Software Engineering skills. Security software engineers do not need to have previous experience with information security, but it is important that they’re interested in this area. They will use their skills to help our team code and create solutions to improve Nubank’s security.

Although we have several roles within Infosec here at Nubank, the hiring process has a similar flow in most of them:

• First Interview with Recruiters: This first step is for us to understand more about your career and skills, as well as talk about our team’s challenge and answer questions you might have. The idea is to have a 30-minute video chat.
• Team Interview: Video chat to dive into your technical background and knowledge, what projects you have been involved in, and their results. We will also explain a bit more about our day-to-day activities.
• Technical Stage: We have two ways to assess your technical skills: a Live test or a Take-home Exercise. Both are focused on evaluating the technical knowledge pertinent to your role. For example: if the open position is for a Security Software Engineer, we will test your coding skills and architectural knowledge. If the position is in Offensive Security, we will test your penetration testing skills. 
• People & Culture Interview: Here we’ll do a deep dive at your career goals, what your responsibilities were and what challenges motivate you. In this step, we want to know more about you, who you are, and in which environment you would feel more comfortable working.
• Hiring Manager interview: Chat with your team’s manager to align expectations, talk more about that team, get to know you better, and answer questions you might have.

Here are a couple of reasons why we love working at Infosec:

• Small team, big responsibilities: Each Infosec team is composed of 8 nubankers maximum, but the responsibilities are huge! We’re directly impacting the lives of 60 million customers with what we’re building here.

• We’re pioneers: There are a lot of technologies we’re testing, building, or using that no one has ever used before, and a lot of new security teams and areas that no other company has. We’re creating many things from scratch here.

• Security is our biggest focus: It’s not a second or a third priority, it is our very first! So our team has the privilege of dealing with projects that matter to all nubankers, not only to the Infosec team.

• Infosec is an autonomous team: Not just a sub-area inside other Business Units, so our priorities do not compete with other areas.

• Focus on engineering, not on tools: This is good news for engineering professionals. We’re customizing or building our own tools when needed, not just blindly accepting and conforming to what the market offers.

• Work fully remote: Infosec is a team that has been working remotely since before the pandemic. And we’ll keep working that way.

• Work with a global team: Our team creates controls and policies that are not exclusive to Brazil. We’re a Global team, creating a structure for all the countries where we’re present

Written by: Beatriz Lima
Reviewed by: Giovana Assis, Federico Lago, Talita Rodrigues, Arthur Vilela