Lucas Palma

CEO

Limeira, São Paulo, Brazil14 yrs experience
Most Likely To SwitchHighly Stable

Key Highlights

  • Reduced banking malware incidents by 90%
  • Led AI security initiatives impacting the entire company
  • Created a full InfoSec program from scratch
Stackforce AI infers this person is a Cybersecurity expert in Fintech, specializing in secure product development and risk management.

Contact

LinkedIn

Skills

Core Skills

CybersecuritySoftware EngineeringMobile SecurityInformation SecuritySecurity ManagementApplication SecurityQuality AssuranceTest AutomationPenetration TestingSecurity TestingCyber Threat IntelligenceFraud Investigation

Other Skills

People ManagementStrategic PlanningProduct InnovationFeedback construtivoTeam ManagementMobile DevicesGestão de incidentesVisão de longo prazoInformation Security ManagementConfiabilidadeAndroidEficiência operacionalLeadershipVisão de produtoResolução de problemas

About

I build security strategies that are seamless, scale fast, and protect millions of customers. With over a 15 years of experience in Information Security, Software Engineering, and Financial Services, I’ve led high-impact initiatives across multiple domains, from creating a full InfoSec program at a Fintech from scratch to launching and leading specialized teams in Mobile and AI Security at Nubank, one of the world's largest digital bank . At Nubank, I spearheaded efforts that: - Reduced banking malware incidents by 90% through layered mobile protection. - Embedded real-time security into mobile apps and products using RASP, SAST, DAST, and SCA. - Led initiatives to define how to safeguard Nubank's AI usage, impacting the whole company. - Promoted a product-oriented, developer-friendly security culture across the SDLC. I’m passionate about solving complex challenges where innovation and protection meet, whether it's building secure-by-design platforms, implementing threat-informed defenses, or helping engineers, Product Managers, and Data Scientists ship safer products. Always open to conversations about AI security, secure mobile development, or shifting security left at scale.

Experience

14 yrs
Total Experience
1 yr 9 mos
Average Tenure
3 yrs 1 mo
Current Experience

Nubank

2 roles

Information Security Manager III

Promoted

Feb 2025Present · 1 yr 3 mos · Remote

  • Creation and leadership of the Product Security structure inside InfoSec, covering Application Security, Mobile Security, and AI Security.
  • Drive a shift-left strategy across Nubank’s SDLC, integrating security into dev workflows and product decisions.
  • Oversee platform protection and advise engineers, PMs, and data scientists on security best practices.
  • Managing and mentoring managers.
  • Defining mid and long term strategies to make the product development process safer.
Software EngineeringCybersecurityPeople ManagementStrategic PlanningProduct Innovation

Information Security Manager II

Apr 2023Feb 2025 · 1 yr 10 mos · Remote

  • Responsible for Platforms Security area, protecting platforms from the largest Latin America's digital bank against a wide variety of attacks.
  • AI Security
  • Key Results:
  • Team creation, roadmap, overall scenario analysis
  • Business needs and awareness vs AI Risks
  • Initial assessments on safer AI usage
  • Mobile Security
  • Key results:
  • Reducing banking malwares by 90%;
  • Improving the mobile apps roadmap considering the security and customer experience.
  • Main activities:
  • CI/CD tools for mobile apps (SAST, DAST, SCA);
  • Embedding real time security directly into the apps;
  • Performing security assessments;
  • Improving observability enabling data-driven decisions;
  • Executive reports, dashboards and presentation;
  • People management.
Feedback construtivoTeam ManagementMobile DevicesGestão de incidentesVisão de longo prazoCybersecurity+9

Ifood

2 roles

Information Security Manager II

Promoted

Oct 2022Apr 2023 · 6 mos · Remote

  • Responsible on merging MovilePay Fintech security area into iFood.
Feedback construtivoAnálise arquitetônicaTeam ManagementGestão de incidentesCybersecurityInformation Security+7

Information Security Manager I

Aug 2020Sep 2022 · 2 yrs 1 mo · Remote

  • Role on MovilePay, a Fintech (Credit and Banking) from Movile group, now part of iFood.
  • Structured the Information Security area on MovilePay, a fintech responsible for iFood's Banking Digital Account;
  • Managed Engineering and Tech related teams;
  • Information Security reports to the board and to internal and external audits.
  • Main results:
  • Structured the Information Security area, culture and roadmap for MovilePay;
  • Supported MovilePay's growth with shift left Information Security approach;
  • Raised the Security Awareness;
  • Focal point on global audits and on communications with other companies from the group;
  • Information Security Master Plan creation.
  • Main skills:
  • CISO, Security Management, KPIs, OKRs, Security by Design, Security Awareness, Risk Management, Risk Assessment, Application Security, Incident Response, IT Risks, Security Auditing, Cryptography.
Feedback construtivoAnálise arquitetônicaTeam ManagementGestão de incidentesVisão de longo prazoCybersecurity+8

Rede

Information Security Analyst

Jul 2019Jul 2020 · 1 yr · Greater São Paulo Area · On-site

  • Supporting Engineering and Product teams on applying Information Security on their products, architecture and code;
  • Adding and reviewing Information Security tools on CI/CD;
  • Develop and apply training to improve the team knowledge on Information Security.
  • Main results:
  • Supported the whole company on fixing Critical and High vulnerabilities according to SAST;
  • Supported on renewing PCI-DSS audit;
  • Mitigated critical and high risks together with IT Risks team;
  • Developed tool to automate security assessment on code repository;
  • Structured Security Champions program.
  • Main skills:
  • Application Security, IT Risks, Risk Management, Risk Assessment, Security Champions, Security Awareness, SAST, PCI, Security Architecture.
Payment Card Industry Data Security Standard (PCI DSS)Application SecurityAnálise arquitetônicaSecurity Architecture DesignSecurity Development LifecycleConfiabilidade+4

C6 bank

2 roles

Information Security Analyst

Promoted

Jan 2019Jun 2019 · 5 mos · On-site

  • Supporting Engineering and Product teams on applying Information Security on their products, architecture and code;
  • Adding and reviewing Information Security tools on CI/CD;
  • Develop and apply training to improve the team knowledge on Information Security;
  • Performing and report of Web Penetration tests.
  • Main results:
  • Supported the Company's growth with shift left Information Security approach;
  • Implemented and reviewed SAST tools;
  • Security trainings for teams and other companies.
  • Main skills:
  • Application Security, Security Architecture, Security by Design, Cryptography, Red Team, Security Awareness, SAST.
Application SecuritySecurity ArchitectureSecurity by DesignCryptographyRed TeamSecurity Awareness+2

Software Quality Assurance Engineer

May 2018Dec 2018 · 7 mos · On-site

  • Definition and review of the functional requisites on products;
  • Support to Information Security team on requirements and tests;
  • Automated tests implementation;
  • Manual tests;
  • Tools and methodologies development to monitor the products and KPIs health.
  • Main results:
  • Supported to structure the Quality Assurance area, as the first member of the team;
  • Organization and managing of the teams tasks according to the company's growth and products priorities;
  • Definition of quality tools and methodologies.
  • Main skills:
  • Test automation, KPIs, OKRs, Kanban, Functional requirements, QA, Java, Kotlin, Ruby, Python, JavaScript.
Test automationKPIOKRKanbanFunctional requirementsQA+7

Maxipago!

Software Quality Assurance Engineer

Nov 2017May 2018 · 6 mos · Barueri, Sao Paulo, Brazil · On-site

  • Responsible for Quality Assurance and Information Security areas;
  • Automated tests development;
  • Manual tests;
  • Performance tests;
  • Penetration tests;
  • Secure code review.
  • Main results:
  • Created the first automated test suite;
  • Supported the Company's growth with shift left Quality and Information Security approach;
  • Support on migrating the code repositories to GIT;
  • Focal point on renewing PCI-DSS audit.
  • Main skills:
  • Test automation, performance test, JMeter, QA, pentest, PCI, Java, JavaScript.
Payment Card Industry Data Security Standard (PCI DSS)Quality AssuranceTest AutomationConfiabilidadeLoad TestingPenetration Testing+3

Independent consultant

Information Security Consultant

Jan 2017Dec 2018 · 1 yr 11 mos · Remote

  • Penetration tests on web sites;
  • Secure code review;
  • Game debugging to find cheats.
  • Main results:
  • Improved the security of the clients.
  • Main skills:
  • Web pentest, code auditing.
JavaSecure Code ReviewPenetration TestingResolução de problemasApplication Security

Daitan group

Software Quality Assurance Engineer

Dec 2015Nov 2017 · 1 yr 11 mos · Greater Campinas · On-site

  • Daily interaction with international team;
  • Tech lead for the Quality Assurance team;
  • Automated and manual tests for Mobile (iOS and Android), Web (Frontend), Backend (API) and embedded platforms;
  • Software development in Java and C++;
  • Release and documentation of new firmware versions for the embedded devices.
  • Main results:
  • Technical leadership of quality teams;
  • Focal point of communication with international companies;
  • Tools development to automate the deploy of new firmware for embedded devices.
  • Main skills:
  • Test automation, web, mobile, backend, embedded, Gherkin, Java, C++.
Test automationCryptographyJavaC++Test AutomationSecurity Testing

Instituto de pesquisas eldorado

2 roles

Software Quality Assurance Engineer

Oct 2014Dec 2015 · 1 yr 2 mos · On-site

  • Test automation on Web and Backend using Java;
  • Debug customer issues reported.
  • Main results:
  • Created automated test suites to validate systems security and compliance.
  • Main skills:
  • Test automation, Cryptography, Java, C++.
Cyber Threat Intelligence (CTI)Resolução de problemasFraud InvestigationsCyber Threat IntelligenceFraud Investigation

Information Security Analyst

Jan 2014Oct 2014 · 9 mos · On-site

  • Threat Intelligence analysis;
  • Fraud investigation for credit cards;
  • Reports and presentations with results and new fraud techniques;
  • Daily contact with international teams.
  • Main results:
  • Obtained credentials for secret Brazilian forums;
  • Discovery of new frauds on Brazilian market;
  • Support on "boleto" frauds investigation.
  • Main skills:
  • Threat intel, frauds, credit cards.
Resolução de problemas

Cpqd

2 roles

Information Security Consultant

Jan 2012Jan 2014 · 2 yrs · On-site

  • Consulting, auditing and training for internal and external clients;
  • Consulting on Secure Software Development Life Cycle;
  • Code Auditing;
  • Web Penetration Testing;
  • Consulting on Cryptography development and assessment;
  • Security research projects on Cryptography, Mobile Platform, NFC and SIM Cards.
  • Main results:
  • Articles and book chapter published;
  • Training for clients;
  • Implementation of cryptographic algorithms and test vectors for validation.
  • Main skills:
  • Security consulting, security auditing, security research, cryptography, application security (appsec), pentest, NFC, SIM Cards.

Intern

Jul 2011Dec 2011 · 5 mos · On-site

  • Web development using Java and JavaScript.
  • Main results:
  • Development of web systems for software defined networks project.
  • Main skills:
  • Java, JSF, Hibernate, JavaScript, HTML, CSS.

Gopoints

Intern

Jul 2010Jan 2011 · 6 mos · Greater São Paulo Area · On-site

  • Web development using Java (JSF) and JavaScript;
  • JBoss configuration;
  • Database on MySQL with Hibernate;
  • Web crawling tools development using Java.
  • Main results:
  • Development on a CRM system, with improvements using Google libraries;
  • Improvements on JBoss configuration;
  • Development of web crawlers.
  • Main skills:
  • Java, JSF, Hibernate, JavaScript, HTML, CSS, Google Charts.

Guiadohardware

Translator

Oct 2006Mar 2008 · 1 yr 5 mos · Remote

  • Translation of articles and tutorials from Portuguese to English.

Education

USP - Universidade de São Paulo

Bachelor's degree — Computer Science

Jan 2004Jan 2009

Universidade Estadual de Campinas

Incomplete Master’s Degree — Computer Engineering

Jan 2013Jan 2014

University of Maryland

Specialization — Cybersecurity

Jan 2015Jan 2015

FGV - Fundação Getulio Vargas

Executive Degree — CyberSecurity

Sep 2022Dec 2022

Stackforce found 100+ more professionals with Cybersecurity & Software Engineering

Explore similar profiles based on matching skills and experience

Clint Gibler

Clint Gibler

Founder

at tl;dr sec

San Francisco, United States16 yrs 6 mos exp
Mahima Dongre

Mahima Dongre

Associate Security Consultant

at Varutra Consulting

Pune, India5 yrs 3 mos exp
API TestingCybersecurity
Sandeep Wawdane

Sandeep Wawdane

Offensive Security Consultant

at WorkNest

India5 yrs 11 mos exp
Penetration Testing
Nisha kumari

Nisha kumari

Associate

at Morgan Stanley

Bengaluru, India7 yrs 11 mos exp
Vibha S

Vibha S

Expert Engineer

at Eviden

Dubai, United Arab Emirates6 yrs 8 mos exp
Application SecurityPenetration Testing
Juan Urbano Stordeur

Juan Urbano Stordeur

Founder & CEO

at Just Mobile Security

Argentina13 yrs 5 mos exp
MOHAMMAD SAQLAIN

MOHAMMAD SAQLAIN

Solution Delivery Advisor

at Deloitte

Banswada, India4 yrs 5 mos exp
Application SecurityAPI SecurityWeb ApplicationsSecurity EngineeringSecurity Testing
Shubham Pandey

Shubham Pandey

Senior Engineer

at Target

Bengaluru, India7 yrs 4 mos exp