← Voltar para vagas

Staff Security Engineer (Iam) - Br - 2026

Nubank

Brazil, Belo Horizonte; Brazil, Campinas; Brazil, Rio de Janeiro; Brazil, Sao Paulo
Sem Categoria

Score da Vaga

70 pontos
Modelo presencial (+70)

About Us

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.
Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/ 

About the Role

Nubank is seeking a Staff Security Engineer to contribute in the Identity and Access Management security function across a financial technology organization serving over 100 million customers in Brazil, Mexico, and Colombia.
This is a senior individual-contributor role with organizational-level technical influence, responsible for supporting a multi-year IAM security strategy, directing its execution across multiple engineering teams, and ensuring that identity and access controls meet the security, regulatory, and operational requirements of a globally operating financial institution.

The Staff Security Engineer is expected to bring a demonstrated history of delivering consequential security programs — including programs that encountered setbacks — and the technical judgment that only sustained, hands-on experience in the domain produces.
Critically, this role requires a security engineering philosophy grounded in business enablement: the conviction that security done well accelerates what the organization can do, not merely protects it. This means rigorously distinguishing between controls that reduce real risk and those that create the appearance of compliance without reducing exposure, taking genuine ownership of outcomes rather than delegating accountability through policy, and continuously questioning inherited assumptions about what security measures are necessary, sufficient, or proportionate.



What You’ll Be Responsible For

  • Defining, communicating, and executing a multi-year security strategy (especially in the IAM field) aligned with the organization's risk posture, regulatory obligations, and business objectives across multiple countries and regulatory jurisdictions.
  • Lead organization-wide authentication migrations that span heterogeneous surfaces — browser, operating system login, CLI tooling, and API-level integrations — across thousands of employees, multiple device ecosystems, and distributed work environments, producing measurable outcomes: authentication success rates above 99%, material reductions in per-authentication time, support exception rates below 1%, and return on investment within weeks of enforcement.
  • Designing and maintaining the core identity infrastructure with the durability and operational discipline required at organizational scale: enterprise Identity Provider, PKI and X.509 certificate lifecycle automation, mutual TLS for service-to-service authentication, and credential management systems engineered to remain sound as the organization grows.
  • Translating least-privilege access from a principle into a measurable, organization-wide program — with defined metrics, visible adoption curves, and accountability structures that allow Security and Engineering leadership to track and act on the organization's access risk posture over time.
  • Designing and maintaining a security engineering framework — comprising technical mechanisms, policies, incentives, and assurance processes — that ensures security properties are durable, verifiable, and operationally sound, rather than dependent on individual vigilance or periodic audits.
  • Leading technical incident response for identity and access security events, including critical vulnerabilities in remote access infrastructure, ensuring thorough investigation, documented root cause analysis, and structural improvements that reduce the likelihood and impact of recurrence.
  • Designing and facilitating large-scale preparedness exercises grounded in realistic attack paths — involving engineering, operations, and executive functions — to identify genuine gaps in IAM controls, not merely satisfy a compliance requirement.
  • Providing technical mentorship and coaching to senior engineers; lead innovative projects with universities and actively collaborate in hiring and career decisions in order to maintain a high technical standard throughout the safety organization.
  • Serving as the technical authority in engagements with Legal, Compliance, internal audit, and external regulators on matters related to identity, authentication, and access control.

 

We Are Looking for a Person Who Has

  Must-have

  • +15 years of professional experience in security engineering, with a concentration in identity, authentication, or access management.
  • Demonstrated track record of leading complex, multi-year security programs from conception through measurable outcome — including programs that required navigating organizational obstacles, technical constraints, or material mid-course corrections.
  • Expert-level knowledge of IAM and authentication protocols: OIDC, OAuth 2.0, SAML 2.0, FIDO2/WebAuthn, mTLS, and Public Key Infrastructure (PKI).
  • Proficiency in software engineering: ability to produce, review, and reason about production-quality code in at least one general-purpose programming language.
  • Demonstrated ability to model identity-related threat scenarios, assess attacker techniques relevant to the IAM surface, and design controls that remain effective under adversarial conditions.
  • A demonstrable commitment to security as an organizational capability that enables business outcomes: a track record of solving real security problems, a disposition to challenge inherited security assumptions, and a clear pattern of distinguishing genuine risk reduction from security theater or responsibility transfer.
  • Experience communicating technical risk assessments and strategic recommendations to senior non-technical stakeholders, including executives and regulators.

Nice-to-have

  • Experience operating within a financial services institution or similarly regulated environment subject to multiple concurrent regulatory frameworks.
  • Hands-on experience administering or integrating with an enterprise Identity Provider at scale, particularly Okta, or Keycloak.
  • Experience designing and enforcing security controls for third-party, BPO, or partner environments without direct operational control of the partner's infrastructure.
  • Experience leading organizational adoption of Zero Trust architecture, including authentication and authorization mechanisms for hybrid and multi-cloud environments.
  • Contributions to the broader security community — published research, conference presentations, open-source tooling, or participation in standards bodies.

Our Benefits

  • Chance of earning equity at Nubank
  • Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
  • Public Transportation Commuting Benefit (Vale-Transporte)
  • NuCare – Psychological, Financial and Legal Assistance Program
  • Life Insurance
  • Medical Plan
  • Dental Plan
  • NuLanguage – Language Course Program
  • Nucleo - Our learning platform of courses
  • Extended Parental Leave
  • Daycare Allowance
  • Parental Consultancy
  • Work-from-home Allowance
  • Gym Partnerships
  • 30 days of paid vacation

Work Model for this Role

Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/




Dica do Especialista

Como Acionar a sua Rede para Conquistar a Próxima Vaga

O Poder do Networking Oculto: Como Acionar a sua Rede para Conquistar a Próxima Vaga

Descubra como os profissionais de Tech, Design e Marketing acessam as melhores oportunidades do mercado (antes mesmo delas serem publicadas) usando conexões estratégicas.

Por: Equipe Mondywork

O Mercado Oculto de Vagas

Você sabia que até 70% a 80% das vagas de emprego nunca chegam a ser publicadas em plataformas tradicionais? Esse fenômeno é conhecido como o "Mercado Oculto de Vagas". Muitas startups globais e empresas de tecnologia preferem contratar através de indicações internas por confiarem na validação de seus próprios colaboradores.

Para profissionais de tecnologia, design e marketing digital que buscam oportunidades remotas (muitas vezes com salários em dólar ou euro), enviar currículos no escuro não basta. É preciso saber como acionar a sua rede de contatos. Abaixo, listamos as estratégias mais eficazes validadas por recrutadores globais.

1. A Regra de Ouro: Entregue Valor Antes de Pedir

O maior erro no networking é o famoso "pedinte digital": adicionar um contato no LinkedIn e enviar uma mensagem genérica pedindo emprego nos primeiros 5 minutos. O networking eficaz baseia-se na reciprocidade.

  • Interaja genuinamente: Comente nas publicações dos líderes e recrutadores das empresas que você almeja, adicionando insights reais.
  • Compartilhe conhecimento: Se você é um desenvolvedor, compartilhe um trecho de código ou um repositório no GitHub. Se é designer, mostre um estudo de caso.
"O networking não é sobre quantas pessoas você conhece, mas quantas pessoas confiam no valor que você entrega." – Forbes Careers

2. Ative os seus "Laços Fracos" e Contatos Adormecidos

Um estudo clássico publicado pela Harvard Business Review revelou que as melhores oportunidades de carreira raramente vêm dos seus amigos íntimos (laços fortes), mas sim dos seus "laços fracos" ou adormecidos — ex-colegas de trabalho, pessoas que estudaram com você anos atrás ou conhecidos de eventos.

Como fazer: Envie uma mensagem simples para aquele ex-colega de projeto: "Olá, [Nome]! Vi que a sua empresa está usando a tecnologia X recentemente. Tenho estudado muito sobre isso e adoraria ouvir sua experiência de 15 minutos em uma chamada. Como estão as coisas por aí?".

3. Entrevistas Informacionais (Informational Interviews)

Em vez de pedir uma vaga diretamente, peça conselhos. Convide profissionais seniores, Tech Leads ou Product Managers da empresa dos seus sonhos para um café virtual rápido (15 a 20 minutos). Faça perguntas sobre a cultura da empresa, os desafios da área e conselhos para quem deseja ingressar lá.

Muitas vezes, ao final dessa conversa, é o próprio profissional quem pergunta: "Você está buscando oportunidades no momento? Posso encaminhar seu currículo para o nosso RH."

4. O Poder do "Dark Social" (Comunidades Fechadas)

O LinkedIn é a vitrine, mas o bastidor acontece em comunidades fechadas. Profissionais de tech e marketing respiram em grupos de Slack, servidores no Discord e repositórios do GitHub.

  • Participe ativamente resolvendo dúvidas de outros membros.
  • Fique de olho nos canais de #jobs ou #vagas, onde as oportunidades são postadas de forma orgânica antes de irem a público.

Conclusão: O Networking é um Cultivo Diário

A melhor hora para fazer networking é quando você não precisa de um emprego. Mantenha-se visível, seja útil e construa pontes antes de precisar atravessá-las. Quando a oportunidade remota perfeita surgir, a sua rede trabalhará por você.


🚀 Acelere a sua busca com a Mondywork

Além de um bom networking, ter acesso às vagas mais quentes do mercado no minuto em que elas abrem é o seu maior diferencial competitivo.

Não dependa apenas dos algoritmos! Inscreva o seu e-mail abaixo e receba diariamente os nossos Job Alerts com as melhores vagas remotas de Tech, Design e Marketing, com curadoria humana e oportunidades pagando em moedas fortes.