The nexus part was laid out nicely by others. ntlm proxy is a proxy that can authenticate inside a corporate network with your own credentials and forward all requests, while exposing a simple old school proxy. You hit simple local proxy, it gets forwarded to a small tool that does NTLM auth inside your company's network pretending you are doing that traffic yourself.
This is hopefully a trend that is disappearing with a wave of modern transparent proxy solutions, but in general companies tend to set up proxies that get automatically authorized by your workstation. It may have some issues with less known browsers and your console tools will not be able to use that at all.
So when you build something locally, want to download a .deb, or a pypi package to have modern Python tools your are out of luck - you have to download it manually using a browser or not at all.
Nexus Repository (commonly referred to as just "Nexus", which is confusing because Sonatype has several products called "Nexus $name") is a local artifact repository. Running it locally allows you to cache artifacts from external repositories like pypi.org or repo.maven.org, which is beneficial because it cuts down on the amount of outbound traffic required to install dependencies.
In the context of GP's comment bandwidth + proxies seems to have been their motivation. Not to mention that external package registries HATE how many large organizations hammer them with the exact same traffic every time a build is running, due to the lack of the local cache.
But you are correct as well; that is an uncommon yet hugely beneficial reason to have an internal artifact repository.
Okay, that makes sense and I can certainly see why that often makes sense.
It seems that running the proxy leaves the original problem uncorrected. I'd be inclined to exercise a bit of malicious compliance to increase pressure for changes to the security configuration.
This is hopefully a trend that is disappearing with a wave of modern transparent proxy solutions, but in general companies tend to set up proxies that get automatically authorized by your workstation. It may have some issues with less known browsers and your console tools will not be able to use that at all.
So when you build something locally, want to download a .deb, or a pypi package to have modern Python tools your are out of luck - you have to download it manually using a browser or not at all.
This is where such proxy comes into play.