Today we chat with Manuel Nader, Security Engineer at Belvo, about how his team works to make Belvo’s open finance platform more secure every day.
After working for almost 10 years in the cybersecurity sector, Manuel joined Belvo to improve and develop the company’s security capabilities.
Working remotely from Bogotá – and one of Belvo’s first employees in Colombia–, he is now a Senior Security Engineer in the team responsible for managing Belvo’s information security initiatives. This includes responsibilities such as improving the company’s threat detection systems and promoting a security-first culture inside the team.
In his free time, Manuel enjoys building his own “geeky” projects, such as automated bots for social media that make “the internet a better place”.
Here, he shares with us some bits from his day-to-day as one of Belvo’s security guardians.
1. What do you do at Belvo?
I’m a Senior Security Engineer, which involves several tasks to help improve the security posture at Belvo.
Some of those responsibilities include reviewing submissions from our Bug Bounty program and findings from external pentests, reviewing and researching alerts, or internal activities such as a pentest of any service. We also work with different teams to do threat models, rapid risk assessments or answer internal questions related to security.
2. Can you describe your team’s mission and day-to-day responsibilities?
The security team is responsible for all aspects of information security. We focus on application and infrastructure security, compliance with industry standards, and positive reinforced security culture.
3. What is the tech stack that your team uses and what tools help you the most in your daily routine?
We rely on Vanta for compliance automation and on Datadog for observability, reading logs, event monitoring, and alerting. Our public bug bounty program is hosted on Federacy and part of our daily tasks is to review and triage new submissions. When we perform technical tasks, we use Burp Suite or other open-source security tools. We also have some internal tools built with Python.
Another key aspect of our tech stack is to help empower users on their day-to-day to address their security needs, so we also use Slack, Google Meet, and Google Docs to exchange information frequently with our teammates and help them answer their questions.
For me, a simple notebook is also very useful to keep track of items that need to be reviewed or tasks to be done!
4. How is it working in your team?
The team is very autonomous, we have a daily sync so we are aligned. We live in four different countries and on two continents, so having autonomy and being able to work asynchronously is important. We perform some tasks collaboratively, so we do have some meetings together and, of course, we keep each other updated via Slack.
Another important responsibility of our team is to help solve questions related to security, so we keep an eye on a Slack channel dedicated to the topic.
5. Where’s your team located and how do you sync with them?
The team is spread across Mexico, Spain, Brazil, and Germany, covering two different time zones, so we sync via Slack, Google Meet, and email.
My main tip regarding remote work, especially if the team works in different time zones, is to have very clear communication. This way you can better understand what is expected from you and what you can expect from your team or colleagues.
6. What do you like the most about working at Belvo?
The very talented folks and the great People team. Everyone I’ve interacted with at Belvo knows what they are doing, they have great energy and are very friendly. We have extremely knowledgeable people on the team and it’s always great working with them and learning from each other.
Our People team also deserves compliments. They do amazing work, including the development of a career ladder and learning opportunities for everybody. This really makes a difference when working on your career and self-development.
7. Where do you see yourself in 3 years?
In the next three years, I see myself in the next step of our career ladder. That would be a Staff Software Engineer. I also see myself working to achieve the next step: Principal Software Engineer.
I enjoy the IC (individual contributor) path since it allows me to focus on technical problems and find solutions. For me, the interesting part about the next steps in the ladder is that you don’t necessarily need to manage other team members, but you do have to collaborate with several teams and facilitate the decision-making process.
8. Why would you recommend to someone joining Belvo?
Because they will be solving great (and fun) problems to help democratize access to financial services in Latin America.
They will work in a team with very smart, passionate and talented people. And they will be joining a company where their voice matters and they can have a real and direct impact.
Join the team!
We are hiring in different areas across Latin America! Check out our open positions.