Information Security Analyst, SIEM

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Design, implement, and enhance detection use cases within SIEM platforms.

• Enhance threat detection capabilities while minimizing false positives.

• Develop, test, and sustain use cases and correlation rules in SIEM systems.

• Create and improve detections aligned with the MITRE ATT&CK framework.

• Conduct ongoing tuning to minimize false positives and negatives.

• Engage in log engineering tasks including onboarding, parsing, normalization, and enrichment.

• Define and track metrics for detection effectiveness (coverage, MTTD, etc.).

• Assist in complex investigations (N2/N3) through thorough event analysis.

• Integrate various data sources such as EDR, NDR, cloud platforms, IAM, and applications into the SIEM.

• Develop playbooks and automations (utilizing SOAR where applicable).

• Collaborate with incident response and threat intelligence teams.

• Document use cases, detection patterns, and implemented enhancements.

⛳️ Requirements

• Experience with at least one SIEM solution (e.g., Splunk Enterprise Security, Microsoft Sentinel, IBM QRadar, Elastic Security).

• Understanding of detection engineering and threat hunting methodologies.

• Proficiency in query languages such as KQL, SPL, Lucene, or similar.

• Familiarity with the MITRE ATT&CK framework.

• Experience handling logs from operating systems (Windows/Linux), cloud environments (AWS, Azure, GCP), and security solutions (firewalls, EDR, IAM, proxies).

• Basic scripting abilities in Python, PowerShell, or Bash.

• Knowledge of networking, protocols, and attack techniques.

🏝️ Benefits

• Health and dental insurance plans.

• Life insurance coverage.

• Meal allowance or food vouchers.

• Transportation vouchers.

• Employee discount programs.

• Access to Wellhub (fitness centers) and Mente Tranquila.

• Discounts on Positivo products.

• Partnership opportunities with a university.

• And much more.