Senior Security Engineer - Offensive Security

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

About the team

We are looking for curious, driven individuals who are passionate about enhancing security maturity through offensive techniques — and who think beyond their own lane. As a Senior Security Engineer on our Offensive Security team, you won't just execute tasks: you'll take ownership of identifying and mitigating security threats before they impact our customers, Nubankers, and financial assets.

Our Offensive Security team plays a strategic role at Nubank. By simulating real-world attacks, we strengthen our security posture and continuously evolve our defense strategies to stay ahead of adversaries. We think boldly, aim high, and challenge our own assumptions about what secure looks like — because the status quo is always a hypothesis to test, not a boundary to accept.

You'll work closely with security engineers, product teams, and other stakeholders to educate, guide, and support them in building security in from the ground up. This is an exciting opportunity to drive real impact across the whole organization — and to do it as an owner, not just a contributor.

We believe diverse perspectives make our security stronger. Whether your background comes from CTF competitions, bug bounty programs, traditional pentesting, or a non-linear path into offensive security — we want to hear from you.

As a Senior Security Engineer (Offensive Security), you'll take ownership of:

• Driving infrastructure, web, and mobile/API pentests end-to-end;
• Crafting and executing red team operations that challenge our defenses;
• Leading vulnerability management initiatives and helping prioritize remediation;
• Building tools that enhance offensive security reviews and automate repetitive tasks;
• Partnering with development squads to ensure security issues are understood and addressed at the root;
• Contributing to architectural and logical reviews of different systems and products.

What we're looking for

Must have:

• Strong Offensive Security background, with a focus on Red Team activities;
• Deep experience across the pentest lifecycle: reconnaissance, enumeration, exploitation, post-exploitation, lateral movement;
• Strong knowledge of current and historical attack vectors, exploitation techniques, and how to remediate them;
• Ability to replicate the behavior of Advanced Persistent Threat (APT) groups;
• Experience with security frameworks such as OWASP;
• Experience working in cloud environments (AWS preferred);
• Ability to harden and improve CI/CD Pipelines and experience with SDLC;
• Solid knowledge across security domains, with strong depth in Operating Systems, Networks, Databases, and Infrastructure Architecture;
• Experience with Threat Modeling.

Nice to have:

• Active participation in CTF competitions or Bug Bounty programs;
• Proficiency with security assessment tools such as Burp Suite, Nmap, Metasploit, SQLmap, Nessus, Censys, Shodan, or Frida.re — or any equivalent tooling that supports security validation.

Location for this opportunity

São Paulo; Campinas; Belo Horizonte; Rio de Janeiro — Brazil

Benefits

• Chance of earning equity at Nubank
• Food / Meal Card (Vale-Refeição and/or Vale Alimentação)
• Public Transportation Commuting Benefit (Vale-Transporte)
• NuCare – Psychological, Financial and Legal Assistance Program
• Life Insurance
• Medical Plan
• Dental Plan
• NuLanguage – Language Course Program
• Nucleo – Our learning platform of courses
• Extended Parental Leave
• Daycare Allowance
• Parental Consultancy
• Work-from-home Allowance
• Gym Partnerships
• 30 days of paid vacation
• Relocation Assistance Package, if applicable

Work Model for this Role

Hybrid 2–3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/.