Lead Security Engineer - Application Security

2 Weeks ago • All levels • Cyber Security

Job Summary

Job Description

Nubank is a leading digital banking platform in Latin America, seeking a Lead Security Engineer specializing in Application Security (AppSec). The AppSec team is responsible for identifying and mitigating security threats to protect customer financial assets and data. This role involves embedding security controls into applications and supporting engineers throughout the software development lifecycle. The engineer will work with diverse technologies, including Clojure, Python, Go, Kotlin, Swift, and Dart. Key responsibilities include designing and deploying security tools in CI/CD pipelines (SAST, DAST, SCA), performing threat modeling, supporting security reviews, and automating AppSec processes, with a focus on emerging areas like AI security. The goal is to enable secure software development practices across the organization.
Must have:
  • Solid understanding of application security concepts
  • Experience with CI/CD and security tools (SAST, DAST, SCA)
  • Knowledge of scripting/programming (Python, Go, Bash)
  • Familiarity with container security tools (Trivy, Aqua)
  • Experience with modern software architectures (Web, Mobile, APIs, MCPs)
  • Strong communication and collaboration skills
Good to have:
  • Experience with AI security concepts
  • Familiarity with threat modeling methodologies (STRIDE, PASTA, MAESTRO, OWASP Threat Dragon)
  • Knowledge of financial services regulatory requirements
  • Experience in distributed systems security assessments
  • Experience with tools like Semgrep, Fortify, Checkmarx, Veracode
Perks:
  • Health, dental and life insurance
  • Meal allowance
  • Transportation assistance
  • 30 days of paid vacation
  • Nubank Equities
  • Discounted parking
  • Free bike parking with showers
  • Mental health and wellness assistance
  • Language learning program
  • Gympass partnership
  • Extended maternity and paternity leaves
  • Child care allowance
  • Private nursing and breastfeeding spaces
  • Onsite Health Center

Job Details

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

About the team

The Application Security team is part of the Information Security area. The team focuses on proactive hunting for and mitigating potential security threats on Nubank to protect our customers' financial assets and data. For that, we perform many tasks such as embedding and developing security controls on the applications, supporting all engineers during the software development lifecycle.

About the role

As a Security Engineer in our Application Security (AppSec) team, you will be part of the group responsible for enabling secure software development practices across Nubank’s entire engineering organization. We support teams working with a diverse technology stack – including Clojure, Python, Go for backend and Kotlin, Swift, Dart for mobile – by embedding security into their SDLC.

This role is ideal for someone with a strong foundation in application security concepts, who enjoys working closely with engineering teams to drive security best practices, and who has a keen interest in emerging areas such as AI security and threat modeling.

Your mission will include helping design and deploy security tools in our CI/CD pipelines (SAST, DAST, SCA), performing threat modeling for new projects, supporting security reviews, and contributing to the automation of AppSec processes, including those involving new AI technologies like Model Context Protocol (MCP) Servers and agents.

Basic Qualifications

  • Solid understanding of application security concepts and secure software development practices.
  • Hands-on experience with CI/CD pipelines and implementing security tools (e.g., SAST, DAST, SCA).
  • Knowledge of scripting/programming with commonly used languages like Python, Go, bash, etc  for automation and tooling.
  • Familiarity with container security tools (e.g., Trivy, Aqua).
  • Experience working with modern software architectures: Web, Mobile, APIs, and MCPs.
  • Strong communication and collaboration skills to work with multi-disciplinary teams.

Preferred Qualifications

  • Experience with AI security concepts and emerging AI/ML security risks.
  • Familiarity with threat modeling methodologies (e.g., STRIDE, PASTA, MAESTRO or OWASP Threat Dragon).
  • Knowledge of regulatory and compliance requirements relevant to financial services.
  • Previous experience conducting security assessments in distributed systems environments.
  • Experience with tools like Semgrep, Fortify, Checkmarx, Veracode.

Responsibilities

  • Embed security practices into the SDLC across backend, mobile, and web applications.
  • Deploy and maintain security tools (SAST, DAST, SCA, MAST) in CI/CD pipelines.
  • Perform threat modeling and security reviews for new and existing projects.
  • Develop scripts and tools (Python, Go, Bash) to automate security checks and processes.
  • Collaborate with engineering teams to explain and remediate vulnerabilities.
  • Support AI-related security initiatives, ensuring safe adoption of ML/AI features in products.
  • Contribute to the evolution of internal security guidelines and baselines.
  • Participate in cross-functional discussions to align security requirements with business goals.

About AppSec at Nubank

Our AppSec team is at the forefront of enabling secure innovation at Nubank. We believe security should be an enabler, not a blocker, and we build scalable solutions to help developers ship secure code without friction. From designing AI-powered threat modeling tools to automating security in CI/CD, our work impacts every Nubanker engineer.

Join us and help shape the future of secure development.

Role Location

NWW

Benefits

  • Health, dental and life insurance
  • Meal allowance
  • Transportation assistance
  • 30 days of paid vacation
  • Nubank Equities
  • Parking partnership - discounted parking in our office
  • Free bike parking with showers available
  • NuCare - Our mental health and wellness assistance program
  • NuLanguage - Our language learning program
  • Gympass partnership
  • Extended maternity and paternity Leaves  
  • Child care allowance
  • ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
  • Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.

Similar Jobs

Match Group - Staff Machine Learning Platform Engineer

Match Group

New York, New York, United States (Hybrid)
2 Months ago
FICO - Salesforce Senior Business Analyst

FICO

United States (Remote)
1 Month ago
Interactive Brokers - Client Services Representative - New Accounts

Interactive Brokers

Chicago, Illinois, United States (Hybrid)
2 Months ago
FICO - Senior Cloud Engineer

FICO

United States (Remote)
1 Week ago
Zamp - Account Executive

Zamp

San Francisco, California, United States (Remote)
4 Months ago
Veeam Software - Cloud Application Security Engineer (Middle/Senior)

Veeam Software

Prague, Czechia (On-Site)
2 Weeks ago
Roof Stacks - Senior Cyber Security Engineer

Roof Stacks

Istanbul, İstanbul, Türkiye (Remote)
6 Months ago
FalconX - Senior Cloud Security Engineer

FalconX

Bengaluru, Karnataka, India (On-Site)
2 Months ago
Techland - Security Engineer (Blue Team)

Techland

Warsaw, Masovian Voivodeship, Poland (On-Site)
2 Months ago
Vercel - Software Engineer, CDN Security

Vercel

United States (Remote)
2 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Apple - Software Engineer - Backend Systems (Golang)

Apple

San Diego, California, United States (On-Site)
1 Month ago
Crunchyroll - Engineering Manager, tvOS

Crunchyroll

San Francisco, California, United States (Hybrid)
2 Months ago
CME Group - Scrum Master

CME Group

Bengaluru, Karnataka, India (On-Site)
2 Weeks ago
Temporal Technologies - Staff Software Engineer, Cloud Capacity

Temporal Technologies

United States (Remote)
2 Weeks ago
PrizePicks - Director of Engineering

PrizePicks

Atlanta, Georgia, United States (Remote)
2 Months ago
Actian - C++ Engineer - Pune

Actian

Pune, Maharashtra, India (On-Site)
9 Months ago
Sigma Software - Technical Support Engineer (FinTech)

Sigma Software

Warsaw, Masovian Voivodeship, Poland (On-Site)
8 Months ago
Ciklum - Senior Android Developer

Ciklum

Chennai, Tamil Nadu, India (Hybrid)
10 Months ago
Capgemini - Payments Testing

Capgemini

Chennai, Tamil Nadu, India (On-Site)
1 Month ago
Zscaler - Director of Engineering Operations

Zscaler

San Jose, California, United States (Hybrid)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Jobs in State of São Paulo, Brazil

Google - Software Engineer, People with Disabilities

Google

State Of Minas Gerais, Brazil (On-Site)
7 Months ago
ARVORE Immersive Experiences - Sound Designer

ARVORE Immersive Experiences

São Paulo, Brazil (Remote)
4 Weeks ago
Flexera Software - Partner Business Manager (Brazil)

Flexera Software

Brazil (On-Site)
1 Month ago
nissan - Banco de Talentos para Operador e ou Operadora

nissan

Resende, State Of Rio De Janeiro, Brazil (On-Site)
9 Months ago
Epic Games - Associate 2D Art Producer

Epic Games

Porto Alegre, State Of Rio Grande Do Sul, Brazil (On-Site)
3 Months ago
Google - Tech Lead, Software Engineering, Black Community Inclusion

Google

São Paulo, State Of São Paulo, Brazil (On-Site)
8 Months ago
Google - Account Manager, Black Community Inclusion

Google

São Paulo, State Of São Paulo, Brazil (On-Site)
2 Months ago
Match Group - QA Automation

Match Group

Rio De Janeiro, Brazil (Remote)
1 Month ago
ARVORE Immersive Experiences - Game Producer

ARVORE Immersive Experiences

São Paulo, State Of São Paulo, Brazil (Remote)
3 Months ago
Google - Software Engineering Manager (For Women in Tech Candidates)

Google

São Paulo, State Of São Paulo, Brazil (On-Site)
8 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Cadence - IT- Staff Software Security Engineer

Cadence

Noida, Uttar Pradesh, India (On-Site)
1 Month ago
PwC - ETIC, Cybersecurity Cloud Security - Manager

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
9 Months ago
Tesla - Security Systems Field Engineer

Tesla

Brandenburg, Germany (On-Site)
5 Months ago
Zuora - Security Engineer

Zuora

Costa Rica (Remote)
3 Weeks ago
Klüber Lubrication - Vulnerability Analyst (F/M/D)

Klüber Lubrication

Bengaluru, Karnataka, India (Hybrid)
10 Months ago
Zscaler - Senior Devops Engineer (Terraform/Security Solutions)

Zscaler

Bengaluru, Karnataka, India (Hybrid)
2 Months ago
rivos - Security Infrastructure Engineer

rivos

Santa Clara, California, United States (Hybrid)
2 Years ago
Interactive Brokers - Client Operations Security and Fraud Prevention Analyst (Mandarin Speaker)

Interactive Brokers

Dublin, County Dublin, Ireland (Hybrid)
1 Month ago
bytedance - Security Engineer, Security Assurance

bytedance

Singapore (On-Site)
4 Months ago
Rackspace Technology - Corporate Counsel - Privacy, Cybersecurity & AI

Rackspace Technology

San Antonio, Texas, United States (Hybrid)
1 Month ago

Get notifed when new similar jobs are uploaded

About The Company

Nubank was born in 2013 with the mission to fight against the complexity of the financial market to help our customers regain control of their financial lives. We have spent 11 years dedicated to bringing very simple ideas to places no one has ever taken them. For us, past success does not guarantee the future, which is why every day is “Day 1.” Being part of Nubank is embarking on a long-term journey where we know each challenge sparks creativity and innovation, where obstacles become opportunities to go a little further. Recently, we reached the milestone of 100 million customers globally, a significant achievement in our journey, but we know it wasn’t just the customers who chose us. We have over 8,000 Nubankers who choose to work with us daily.

Mexico City, Mexico (Hybrid)

Bogota, Colombia (Hybrid)

Bogotá, Bogota, Colombia (On-Site)

Mexico City, Mexico (On-Site)

State Of São Paulo, Brazil (Hybrid)

Mexico City, Mexico (Hybrid)

State Of São Paulo, Brazil (On-Site)

United States (Hybrid)

Mexico City, Mexico (On-Site)

View All Jobs

Get notified when new jobs are added by nubank