Staff Security Engineer (IAM) - BR - 2026

About the role

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building. Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human. Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company's Most Innovative Companies, and Forbes World's Best Bank. Visit our institutional page https://international.nubank.com.br/careers/ Nubank is seeking a Staff Security Engineer to contribute in the Identity and Access Management security function across a financial technology organization serving over 100 million customers in Brazil, Mexico, and Colombia. This is a senior individual-contributor role with organizational-level technical influence, responsible for supporting a multi-year IAM security strategy, directing its execution across multiple engineering teams, and ensuring that identity and access controls meet the security, regulatory, and operational requirements of a globally operating financial institution. The Staff Security Engineer is expected to bring a demonstrated history of delivering consequential security programs - including programs that encountered setbacks - and the technical judgment that only sustained, hands-on experience in the domain produces. Critically, this role requires a security engineering philosophy grounded in business enablement: the conviction that security done well accelerates what the organization can do, not merely protects it. This means rigorously distinguishing between controls that reduce real risk and those that create the appearance of compliance without reducing exposure, taking genuine ownership of outcomes rather than delegating accountability through policy, and continuously questioning inherited assumptions about what security measures are necessary, sufficient, or proportionate. What You'll Be Responsible For Defining, communicating, and executing a multi-year security strategy (especially in the IAM field) aligned with the organization's risk posture, regulatory obligations, and business objectives across multiple countries and regulatory jurisdictions. Lead organization-wide authentication migrations that span heterogeneous surfaces - browser, operating system login, CLI tooling, and API-level integrations - across thousands of employees, multiple device ecosystems, and distributed work environments, producing measurable outcomes: authentication success rates above 99%, material reductions in per-authentication time, support exception rates below 1%, and return on investment within weeks of enforcement. Designing and maintaining the core identity infrastructure with the durability and operational discipline required at organizational scale: enterprise Identity Provider, PKI and X.509 certificate lifecycle automation, mutual TLS for service-to-service authentication, and credential management systems engineered to remain sound as the organization grows. Translating least-privilege access from a principle into a measurable, organization-wide program - with defined metrics, visible adoption curves, and accountability structures that allow Security and Engineering leadership to track and act on the organization's access risk posture over time. Designing and maintaining a security engineering framework - comprising technical mechanisms, policies, incentives, and assurance processes - that ensures security properties are durable, verifiable, and operationally sound, rather than dependent on individual vigilance or periodic audits. Leading technical incident response for identity and access security events, including critical vulnerabilities in remote access infrastructure, ensuring thorough investigation, documented root cause analysis, and structural improvements that reduce the likelihood and impact of recurrence. Designing and facilitating large-scale preparedness exercises grounded in realistic attack paths - involving engineering, operations, and executive functions - to identify genuine gaps in IAM controls, not merely satisfy a compliance requirement. Providing technical mentorship and coaching to senior engineers; lead innovative projects with universities and actively collaborate in hiring and career decisions in order to maintain a high technical standard throughout the safety organization. Serving as the technical authority in engagements with Legal, Compliance, internal audit, and external regulators on matters related to identity, authentication, and access control. We Are Looking for a Person Who Has

Requirements

• +15 years of professional experience in security engineering, with a concentr

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Nubank? Share your experience