Lead Security Engineer - Okta/IAM Specialist

About Us

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/

About the Role

We are seeking a Lead Security Engineer with deep expertise in Identity & Access Management (IAM), specialized in Okta (or similar platforms), to lead strategic initiatives in authentication, authorization, and large-scale identity integrations. This individual will operate with high autonomy, drive complex cross-functional projects, and establish standards that elevate our security posture across the organization.

This role is critical to strengthening the identity and access foundation in a fast-scaling environment. We are looking for a security engineer who combines deep technical expertise, strategic thinking, organizational influence, hands on execution and result delivery, acting as a reference point for IAM and Okta across the company.

Responsibilities

• Design, develop and evolve IAM platforms using Okta, including authentication (OIDC, OAuth2, SAML, SCIM), authorization, and identity lifecycle management.

• Lead complex integrations between Okta and internal/external systems, ensuring security, scalability, and reliability.

• Own and drive/ execute security roadmaps and initiatives, working independently while collaborating with multiple business and engineering teams.

• Conduct threat modeling, risk assessments, and architecture reviews, delivering innovative solutions that reduce risk and enable business growth.

• Mentor engineers and cross-functional squads, influencing strategic decisions and advancing IAM maturity.

• Participate in critical identity and access incident response, lead RCA, and implement long-term preventive controls.

• Data driven mindset to measure outcome and drive down security risks.

• Automation and Artificial Intelligence mindset applied to IAM.

• Audit Automation: Automate evidence collection and reporting for all access reviews and audit cycles.

• Cloud Identity Posture: Drive the strategy and implementation of Identity and Access Management within public cloud environments (e.g., AWS IAM and Google Cloud IAM), focusing on least-privilege access for cloud resources.

• Deliver medium-to-long-term security mechanisms that shape the organization’s identity and access management strategy.

• Set organizational standards in IAM, influencing engineering, product, and compliance teams.

• Actively contribute to task forces and strategic decision-making, driving functional growth and transformation.

Required Skills and Expertise

• Strong proficiency with Okta (Workforce): policies, workflows, provisioning, APIs, and custom integrations.

• Advanced knowledge of Identity & Access Management: OIDC, OAuth2, SAML, SWA, SCIM, JIT Provisioning.

• Solid background in Security Engineering: protocols, cryptography, access control, threat modeling, complete mediation, open-design, least privilege, authentication, authorization.

• Experience integrating Okta with microservices, APIs, CI/CD platforms, directories (AD/LDAP), and SaaS applications.

• Proficiency in scripting or programming languages such as Python, Go, or Node.js for automation and integration.

• Cloud Security Expertise: Proven experience with native IAM services and security best practices for at least one major cloud provider (AWS or GCP).

• Understanding of IGA (Identity Governance and Administration) / PAM (Privileged Access Management) concepts.

• Proven ability to lead and govern complex projects autonomously, managing ambiguity and multiple stakeholders.

• Strong communication and influence, able to translate technical risk into product and business decisions.

• High ownership mindset, setting long-term vision and enabling others through guidance and standards.

• English

Role Location

São Paulo, Brazil

Benefits

• Chance of earning equity at Nubank

• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)

• Public Transportation Commuting Benefit (Vale-Transporte)

• NuCare – Psychological, Financial and Legal Assistance Program

• Life Insurance

• Medical Plan

• Dental Plan

• NuLanguage – Language Course Program

• Nucleo - Our learning platform of courses

• Extended Parental Leave

• Daycare Allowance

• Parental Consultancy

• Work-from-home Allowance

• Gym Partnerships

• 30 days of paid vacation

• Relocation Assistance Package, if applicable

Work Model for this Role

Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/