Lead Security Engineer (IAM)

TL;DR

Lead Security Engineer (IAM): Designing and evolving IAM platforms using Okta, leading strategic initiatives in authentication, authorization, and large-scale identity integrations. Focus on solving complex cross-functional projects, establishing security standards, and strengthening the identity and access foundation in a fast-scaling environment.

Location: São Paulo, Brazil (Hybrid 2-3 times/week)

Company

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia.

What you will do

• Design, develop, and evolve IAM platforms using Okta, including authentication, authorization, and identity lifecycle management.
• Lead complex integrations between Okta and internal/external systems, ensuring security, scalability, and reliability.
• Own and drive security roadmaps and initiatives, collaborating with multiple business and engineering teams.
• Conduct threat modeling, risk assessments, and architecture reviews, delivering innovative solutions to reduce risk.
• Mentor engineers and cross-functional squads, influencing strategic decisions and advancing IAM maturity.
• Participate in critical identity and access incident response, lead RCA, and implement long-term preventive controls.
• Drive the strategy and implementation of Identity and Access Management within public cloud environments (AWS, Google Cloud).

Requirements

• Strong proficiency with Okta (Workforce): policies, workflows, provisioning, APIs, and custom integrations.
• Advanced knowledge of Identity & Access Management: OIDC, OAuth2, SAML, SWA, SCIM, JIT Provisioning.
• Solid background in Security Engineering: protocols, cryptography, access control, threat modeling.
• Experience integrating Okta with microservices, APIs, CI/CD platforms, directories (AD/LDAP), and SaaS applications.
• Proficiency in scripting or programming languages such as Python, Go, or Node.js for automation and integration.
• Cloud Security Expertise: Proven experience with native IAM services and security best practices for AWS or GCP.
• Understanding of IGA (Identity Governance and Administration) / PAM (Privileged Access Management) concepts.
• Proven ability to lead and govern complex projects autonomously, managing ambiguity and multiple stakeholders.
• High ownership mindset, setting long-term vision and enabling others through guidance and standards.
• English

Culture & Benefits

• Chance of earning equity at hirify.global
• Food/Meal Card (Vale-Refeição and/or Vale Alimentação)
• Public Transportation Commuting Benefit (Vale-Transporte)
• NuCare – Psychological, Financial and Legal Assistance Program
• Life Insurance, Medical Plan, and Dental Plan
• NuLanguage – Language Course Program and Nucleo - Learning platform of courses
• Extended Parental Leave, Daycare Allowance, and Parental Consultancy
• Work-from-home Allowance and Gym Partnerships
• 30 days of paid vacation
• Hybrid work model (2-3 times/week) maximizing team connection and collaboration.