Senior Security Engineer - Data Security

About Us

Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/  

About the role

At Nubank, protecting customer data is a foundational element of our relationship with over 100 million users. As a Data Security Analytics Engineer, you will be responsible for designing and evolving the secure infrastructure that allows our teams to innovate at scale while maintaining the highest standards of privacy and compliance. You will lead the integration between Data Engineering and Security, ensuring that sensitive data is classified, governed, and monitored across our global analytics environment. Your mission is to balance risk reduction with high usability and performance, ensuring that data security is embedded by design in every pipeline and analytical layer.

You'll be responsible for

• Designing Secure Data Architectures: Independently build and evolve secure data ingestion, transformation, and analytics pipelines that support sensitive and regulated data across all analytics environments.
• Implementing Platform-Level Security: Drive the rollout of improvements such as classification tags, policy-driven access controls, and automated validations to reduce risk without compromising system performance.
• Governing Data Models: Own the design and evolution of data models and semantic views that enforce security and privacy requirements by default.
• Operationalizing Metadata and Lineage: Lead initiatives to track data lineage and sensitivity metadata across critical sources, enabling scalable governance and observability.
• Executing Audits and Remediation: Actively lead access reviews and remediation efforts, identifying gaps in least-privilege enforcement and proposing structural improvements.
• Monitoring and Detection: Design and maintain dashboards, logs, and alerts to detect anomalous data access, misuse patterns, or risky joins across analytics workloads.
• Incident Response and Investigation: Investigate complex access anomalies or security incidents, performing root cause analysis and proposing preventive controls in collaboration with Security Engineering and Data Platform teams.
• Building Internal Tooling: Maintain and develop tooling that enables secure data usage at scale, such as permission helpers and metadata validation frameworks.

We are looking for a person who has

• Data Engineering Expertise: Solid understanding of ETL/ELT fundamentals, data warehouses, and distributed systems such as BigQuery, Databricks, Kafka, or Redshift.
• Security Control Implementation: Strong working knowledge of encryption, masking, tokenization, classification, and fine-grained access control (RBAC/ABAC).
• Advanced Analytical Skills: High proficiency in SQL and experience designing analytical data models with a focus on performance, correctness, and sensitive data handling.
• Production-Grade Programming: Proficiency in writing maintainable and testable code in at least one language, such as Python, Scala, Clojure, or Go.
• Infrastructure and DevOps Knowledge: Familiarity with CI/CD pipelines, Infrastructure as Code, and containerized environments like Docker and Kubernetes.
• Data Observability: Experience in surfacing actionable metrics and logs for security monitoring and incident investigation.
• Strategic Communication: Ability to translate security and regulatory requirements into concrete engineering solutions while engaging with technical and non-technical stakeholders.
• Cloud Proficiency: Exposure to cloud security practices in large-scale environments, specifically AWS or GCP.

Location for this opportunity (City, Country)

• São Paulo, Brazil 
• Campinas, Brazil 
• Rio de Janeiro, Brazil 
• Belo Horizonte, Brazil 

Our Benefits

• Chance of earning equity at Nubank
• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
• Public Transportation Commuting Benefit (Vale-Transporte)
• NuCare – Psychological, Financial and Legal Assistance Program
• Life Insurance
• Medical Plan
• Dental Plan
• NuLanguage – Language Course Program
• Nucleo - Our learning platform of courses
• Extended Parental Leave
• Daycare Allowance
• Parental Consultancy
• Work-from-home Allowance
• Gym Partnerships
• 30 days of paid vacation
• Relocation Assistance Package, if applicable

Work Model for this Role

Option 1: Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/