Lead Security Engineer - Application Security

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

About the team

The Application Security team is part of the Information Security area. The team focuses on proactive hunting for and mitigating potential security threats on Nubank to protect our customers' financial assets and data. For that, we perform many tasks such as embedding and developing security controls on the applications, supporting all engineers during the software development lifecycle.

About the role

As a Security Engineer in our Application Security (AppSec) team, you will be part of the group responsible for enabling secure software development practices across Nubank’s entire engineering organization. We support teams working with a diverse technology stack – including Clojure, Python, Go for backend and Kotlin, Swift, Dart for mobile – by embedding security into their SDLC.

This role is ideal for someone with a strong foundation in application security concepts, who enjoys working closely with engineering teams to drive security best practices, and who has a keen interest in emerging areas such as AI security and threat modeling.

Your mission will include helping design and deploy security tools in our CI/CD pipelines (SAST, DAST, SCA), performing threat modeling for new projects, supporting security reviews, and contributing to the automation of AppSec processes, including those involving new AI technologies like Model Context Protocol (MCP) Servers and agents.

Basic Qualifications

• Solid understanding of application security concepts and secure software development practices.
• Hands-on experience with CI/CD pipelines and implementing security tools (e.g., SAST, DAST, SCA).
• Knowledge of scripting/programming with commonly used languages like Python, Go, bash, etc  for automation and tooling.
• Familiarity with container security tools (e.g., Trivy, Aqua).
• Experience working with modern software architectures: Web, Mobile, APIs, and MCPs.
• Strong communication and collaboration skills to work with multi-disciplinary teams.

Preferred Qualifications

• Experience with AI security concepts and emerging AI/ML security risks.
• Familiarity with threat modeling methodologies (e.g., STRIDE, PASTA, MAESTRO or OWASP Threat Dragon).
• Knowledge of regulatory and compliance requirements relevant to financial services.
• Previous experience conducting security assessments in distributed systems environments.
• Experience with tools like Semgrep, Fortify, Checkmarx, Veracode.

Responsibilities

• Embed security practices into the SDLC across backend, mobile, and web applications.
• Deploy and maintain security tools (SAST, DAST, SCA, MAST) in CI/CD pipelines.
• Perform threat modeling and security reviews for new and existing projects.
• Develop scripts and tools (Python, Go, Bash) to automate security checks and processes.
• Collaborate with engineering teams to explain and remediate vulnerabilities.
• Support AI-related security initiatives, ensuring safe adoption of ML/AI features in products.
• Contribute to the evolution of internal security guidelines and baselines.
• Participate in cross-functional discussions to align security requirements with business goals.

About AppSec at Nubank

Our AppSec team is at the forefront of enabling secure innovation at Nubank. We believe security should be an enabler, not a blocker, and we build scalable solutions to help developers ship secure code without friction. From designing AI-powered threat modeling tools to automating security in CI/CD, our work impacts every Nubanker engineer.

Join us and help shape the future of secure development.

Role Location

NWW

Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Nubank Equities
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.