Lead Network Engineer

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow, and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in São Paulo, by Colombian David Vélez, and co founded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

 

About the Role

The Lead Network Engineer will be part of the Connectivity Engineering team, within Nubank’s Global IT & Security area, working alongside other lead and senior engineers. This team builds and operates the connectivity backbone that powers Nubank’s customer-facing products, ensuring a reliable, high-performance, and secure network infrastructure.

In this role, you will be responsible for daily operations, on-call rotation, and the engineering and architecture of our data centers and select cloud environments. You will drive automation at scale and mentor other network engineers. Your mission will be to take the connectivity team to the next level, with a strong focus on automation and observability.

 

You will be responsible for

• Strategic Network Leadership: Define, document, and evangelize global network standards (hardware, protocols, transport, topology), ensuring alignment with business objectives and future growth.
• Engineering & Design: Architect and review High-Level Designs (HLD) and Low-Level Designs (LLD) for end-to-end connectivity solutions (data centers, edge, hybrid cloud networks), proactively identifying and mitigating risks.
• Operations & Support: Own daily network and security device operations, including on-call rotations: troubleshoot incidents, drive Root Cause Analyses (RCAs), execute changes, refine runbooks, and maintain streamlined support models.
• Monitoring & Observability: Optimize existing networking tools (Prometheus, Grafana) and evaluate additional network-specific platforms (PRTG, SolarWinds, Zabbix, Dynatrace, ThousandEyes) to ensure end-to-end visibility of networking infrastructure, robust alerting, and automated remediation.
• Automation & Infrastructure as Code (IaC): Develop and maintain IaC for network resources using Terraform, Ansible, and Python libraries (Netmiko, NAPALM, Paramiko), integrated into CI/CD pipelines (Jenkins, GitLab CI), and managed through version control platforms like GitHub, driving automation initiatives to improve efficiency and reduce operational burden.
• Multi-Vendor & Hybrid Expertise: Configure and support multivendor platforms (Juniper, Cisco, F5, Fortinet, Palo Alto, Infoblox) in on-premises and AWS/OCI environments; evaluate emerging technologies for potential adoption.
• Collaboration & Mentorship: Partner with security, platform, and product teams to embed networking considerations into roadmaps and compliance objectives. Mentor and guide network engineers and participate in hiring processes.
• Incident Management & Continuous Improvement: Lead the resolution of major incidents, analyze trends, and drive innovative solutions and process improvements to enhance reliability and performance.

We are looking for a person who

Must-Have:

• 8+ years of hands-on network engineering experience with deep expertise in Layer 2 (STP, VLAN, LACP, port security) and Layer 3 (OSPF, IS-IS, BGP, VXLAN, IPv6) protocols.
• Proven experience designing high-availability solutions (HSRP, VRRP, VRF).
• Experience implementing secure traffic filtering (ACLs, prefix-lists, route-maps, PBR).
• Strong knowledge of encrypted connectivity and authentication protocols (IPsec, TLS/EAP, VPN/DMVPN).
• Proven experience configuring and operating FortiGate and Palo Alto next-generation firewalls.
• Solid experience with WAN technologies (MPLS, L2/L3 VPN, MP-BGP, SD-WAN, Carrier Ethernet) and foundational network services (TCP/IP, DNS, NTP, DHCP, ARP, SNMP, ICMP).
• Solid understanding of spine-and-leaf data center architectures and their operational configuration.
• Experience designing and troubleshooting load balancing environments using F5 Big-IP (LTM/GTM).
• Proficiency with observability and network management platforms (Prometheus/Grafana, SolarWinds, Cisco ThousandEyes, Zabbix).
• Demonstrated ability to troubleshoot complex production issues using packet capture tools (e.g., Wireshark) and structured root cause analysis.
• Strong knowledge of infrastructure governance, including capacity planning, risk and vulnerability management, and incident/change management processes.
• Hands-on experience with automation and Infrastructure-as-Code tools, including Python, Ansible, and Terraform.
• Cloud networking experience in AWS (VPC, Transit Gateway, Direct Connect) and Oracle Cloud Infrastructure (VCNs, Transit Gateways, FastConnect).
• Advanced English

Nice to Have:

• Experience with Brazilian financial-sector connectivity networks such as RSFN, FinancialNET, and RCB.
• Familiarity with SDN platforms such as Cisco ACI, Apstra, or Juniper Cloud Vision, especially for policy-driven automation and enhanced telemetry.
• Exposure to CI/CD principles applied to network automation (NetDevOps).
• Active network automation certification (e.g., Cisco DevNet).
• Knowledge of IDS/IPS, URL filtering, SIEM integration, and financial-sector compliance requirements.
• Understanding of Secure Access Service Edge (SASE) architectures and technologies (e.g., ZTNA, SWG, CASB, SD-WAN, SSE).
• Proficiency with tools from the Atlassian Suite (Jira, Confluence).

You will fit well if you have:

• A proven track record of owning complex, mission-critical network initiatives end-to-end, with full accountability for delivery, reliability, and continuous improvement.
• The ability to navigate ambiguity and fast-paced environments by setting clear priorities, managing risks, and driving pragmatic, impactful solutions.
• A strong customer obsession, consistently delivering secure, resilient, and scalable network infrastructure that empowers business and product teams.
• A collaborative mindset that thrives in cross-functional teams, valuing knowledge sharing, mentorship, and constructive feedback.
• A genuine desire to help others grow and succeed, actively supporting teammates and fostering a culture of collaboration and continuous learning.
• A passion for automation and observability as essential pillars to reduce toil, elevate operational excellence, and innovate network engineering practices.
• Excellent communication skills, capable of translating complex technical concepts to diverse audiences—from technical peers to business stakeholders.
• A growth mindset and curiosity to stay ahead of emerging network technologies, security trends, and industry best practices.

Role location

NWW

Benefits

• Health, dental, and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass/Wellhub partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• “Espaço Feijão” - Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to ensure that we are building a diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as key elements for our company, ensuring that none of them pose a barrier to recruiting talented individuals.