
Information Security Analyst (Mid-level) – Vulnerability and Identity Management
Posted Jun 30

Posted Jun 30
This is a fully remote position, open to applicants in Brazil.
• Manage Information Security controls with a focus on the Vulnerability Management lifecycle and the implementation of Identity and Access Management (IAM), collaborating on monitoring, triage, and initial incident response throughout the organization.
• Implement the Vulnerability Management lifecycle: assess scan results, prioritize based on risk, and coordinate remediation efforts with the relevant teams (Infrastructure, Systems, etc.).
• Maintain, enhance, and update operational metrics and remediation documentation (agent coverage, severity, SLA tracking for fixes).
• Administer Identity and Access Management (IAM) procedures: user provisioning, deprovisioning, privilege assignment, conducting periodic access reviews, and supporting MFA solutions.
• Provide active support for corporate access review initiatives and the validation of segregation of duties (SoD).
• Monitor, categorize, and investigate alerts produced by security tools within your jurisdiction.
• Conduct triage and initial evaluations of security incidents, performing structured escalation to a Specialist when required.
• Generate regular operational reports and security metrics for your designated area.
• Develop and maintain technical documentation and standard operating procedures (SOPs) in a current state.
• Relevant professional experience in Information Security, Infrastructure, Systems Administration, or similar fields with a security emphasis.
• Practical experience in Vulnerability Management processes and familiarity with commercial scanning tools (Qualys, Tenable, Rapid7, or similar).
• Strong understanding of Active Directory, IAM, SSO, and MFA technologies.
• Experience in monitoring and triaging alerts within SIEM platforms.
• Knowledge of TCP/IP networking, segmentation, and communication protocols.
• Basic administration skills in Windows and Linux environments.
• Demonstrated ability for technical analysis and a strong commitment to documenting activities.
• Excellent analytical capabilities and keen attention to detail.
• Well-organized, disciplined, and focused on executing standardized procedures.
• Effective communication skills for daily interactions with technical teams and business departments.
• A sense of responsibility and a desire for continuous professional growth.
• Specific experience with Wazuh, Elastic Stack (ELK), or other open-source SIEM platforms.
• Familiarity with the ISO/IEC 27001 and CIS Controls frameworks.
• Understanding of LGPD (Brazilian General Data Protection Law) as it pertains to logs, identities, and personal data protection within security tools.
• Basic scripting abilities (PowerShell, Bash, or Python) for automating routine tasks.
• Entry-level information security certifications (e.g., Security+, CySA+, Microsoft SC-900/SC-300).
• Life insurance
• Health and dental insurance
• On-site cafeteria
• Transportation voucher or dedicated company shuttle for employees — specific routes
• Corporate learning platform (Universidade Portobello)
• On-site medical clinic
• Workplace physical exercise program
• Profit-sharing program (PPR)
• Discounts at local pharmacies
• Free parking
• Private pension plan
• Union membership
• Discount network — partnerships with various educational institutions
• Discounts on Portobello product purchases
• Vacation allowance
• Portobello "Mom" allowance — assistance for baby layette purchases
• Childcare allowance
• Support for dependents with disabilities
• Training and professional development programs
• Wellhub and many more!
FS-ISAC
Proficio
CrowdStrike
Get handpicked remote jobs straight to your inbox weekly.