Lead Security Engineer

Lead Security Engineer

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationship with money across Latin America. With operations in Brazil, Mexico and Colombia, Nubank is today the largest digital banking platform in the world  and one of the leading technology companies in the world, reinventing over 60 million customers' financial lives.

Nubank achieved this by offering a no-fee credit card, entirely managed by a mobile app, and a digital account, free of taxes. Nubank also offers transparent and hassle-free personal loans, a business account tailored for SMBs, and life insurance. In 2020, Nubank acquired digital broker Easynvest, now called Nu invest, and became the leader in self-directed digital investments in Brazil. 

Throughout the years, Nubank raised around US$2 billion with some of the best-known growth and technology investors in the world, such as Berkshire Hathaway, Sequoia, DST, Tencent, Tiger, Kaszek, Founders Fund, Dragoneer, TCV, Redpoint, Ribbit, GIC, Whale Rock, Invesco, QED, and Capital Group.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States) and Berlin (Germany). Nubank was founded in São Paulo by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

The Lead Security Engineer will be responsible for:

• Lead the design, implementation, and support of multi-country endpoint security solutions and processes for both on-premises and cloud infrastructures, driving the development of scalable automation to enable efficient large-scale deployments and streamlined security operations across diverse environments.
• Define, develop, and maintain security policies and best practices for new and emerging endpoint technologies, ensuring thorough and accessible documentation for both technical and non-technical audiences. Create high-level content for stakeholders while also developing detailed, engineer-focused documentation from technical discussions, whiteboards, and design sessions.
• Ensure comprehensive endpoint security configuration across diverse systems and platforms, using OS-specific security tools and operating system security platforms to ensure endpoints and services are effectively secured and continuously managed in line with best practices and evolving threats.
• Assess and mitigate company risk related to endpoint security, contributing to broader information protection strategies and advising on the security implications of endpoint-related risks, from design to deployment.
• Lead security reviews and audits related to endpoint security, guiding internal audit teams through compliance and security assessments, actively engaging in discussions around vulnerabilities, risk mitigation, and ongoing improvements.
• Lead incident response and operational management for endpoint security tooling issues, responding proactively to cyber threats, incidents, and anomalies at the enterprise function and platform level. Take ownership of architectural and design decisions to prevent security issues and ensure resilient endpoint defenses across the organization.
• Evaluate build vs. buy alternatives for security systems, providing expert analysis on potential solutions. Consider and communicate the trade-offs between technical feasibility, platform needs, and efficiency vs. thoroughness, ensuring that decisions minimize technical debt while maximizing long-term security posture and operational efficiency.

What we are looking for:

Expert-level knowledge of operating systems (Windows, macOS, and Linux), with a focus on endpoint security protocols, including authentication and authorization mechanisms to ensure the integrity of systems at scale.Proven experience with application layer technologies (e.g., HTTP, HTTPS, SMTP, DNS, etc.) that support critical end-user services such as web browsing, email, and file transfers, while ensuring secure data exchanges across environments.Strong background in security research, analysis, and visualization, leveraging advanced identity and access management, security operations, and analytics platforms to inform strategic security decisions and strengthen the endpoint security posture.Extensive technical expertise in cloud environments (AWS, GCP, Azure) and on-premise technologies, applying security best practices across hybrid infrastructures and enabling secure access to endpoint data across environments.Broad knowledge of end-to-end security considerations, including system, application, and physical security, ensuring holistic protection of endpoints from all attack vectors.Advanced proficiency with infrastructure automation tools and languages (e.g., Terraform, Ansible, Puppet) to automate security hardening and ensure consistent configuration across all managed endpoints.Extensive experience in security incident management and response for high-impact events, including rapid diagnosis, containment, and remediation of security issues across endpoints and associated infrastructure.Proven ability to lead technical discussions and debates, guiding teams through complex decision-making processes, fostering collaboration, and driving consensus to implement effective endpoint security strategies.Strong communication and leadership skills, with the ability to articulate security challenges and solutions to both technical teams and senior management, ensuring alignment and timely decision-making.Expertise in conducting in-depth analysis of endpoint networks and systems, identifying vulnerabilities, and implementing mitigation strategies to enhance endpoint security resilience.Demonstrated ability to make fast, data-driven decisions during critical security incidents, ensuring rapid recovery and the swift resolution of vulnerabilities and flaws within endpoint systems.Keen awareness of the latest attack methods and emerging threats targeting endpoint systems, with a proactive approach to anticipate new attack vectors and fortify defenses before they are exploited.

Preferred Qualifications

Experience building scripts or with any programming language Understanding of infrastructure monitoring tools like Kibana or Prometheus Experience with tools for ticketing, whiteboarding, collaboration dashboarding, and Google Docs suites.Natural interest in security operations, coordinating actions with several stakeholders and teams like incident response, defensive security, etc..  in large projectsExperience collaborating in global projects, with distributed infosec teams.

Role location

Hybrid - NWW - https://blog.nubank.com.br/nu-way-of-working/

Benefits

• Health, dental, and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass/Wellhub partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• “Espaço Feijão” - Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to ensure that we are building a diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as key elements for our company, ensuring that none of them pose a barrier to recruiting talented individuals.

Lead Security Engineer - Infosec