
Security Incident Response Specialist
Posted 1 day ago

Posted 1 day ago
This is a fully remote position, open to applicants in Brazil.
• Assume technical leadership during critical (P1) incidents, outlining response strategies, prioritization, and business trade-offs.
• Oversee intricate, multivector investigations encompassing endpoints, identity, email, cloud, network, and applications.
• Conduct or oversee advanced forensic analyses, maintaining chain of custody and collaborating effectively with legal and privacy teams.
• Develop, advance, and sustain the Incident Response capability, including processes, tools, integrations, metrics, and a readiness roadmap.
• Guide junior and mid-level professionals, facilitate tabletop exercises and crisis simulations, and act as a representative to executives, auditors, and regulators.
• Foster relationships with vendors and strategic partners (DFIR, CSIRT, Threat Intelligence), executing POCs and technical evaluations as necessary.
• Establish and uphold detection standards and conventions, including naming conventions, severity levels, lookback windows, and cost/performance thresholds.
• Strategize and implement the detection roadmap in alignment with key risks, threats, and organizational objectives (e.g., coverage of primary TTPs).
• Create quality metrics and technical gates, such as minimum accuracy, mandatory testing, peer reviews, and criteria for promotion to production.
• Spearhead purple teaming initiatives, continuous validation of controls, and detection of evolving techniques; direct hypothesis-driven threat hunting.
• Act as the technical point of reference for detection code reviews, mentor the team, and represent the subject in technical committees and executive forums.
• Assess tools, frameworks, and architectures for SIEM/XDR/NDR, conducting POCs and scaling detection-as-code implementation.
• Define content standards, detection architecture, and coverage strategy utilizing the MITRE ATT&CK framework.
• Ensure operational quality through SLOs, effectiveness metrics, and thorough detection testing.
• Demonstrated experience in cyber Incident Response within complex corporate settings.
• Strong expertise in Detection Engineering, SIEM/XDR/NDR, and practical application of the MITRE ATT&CK framework.
• Advanced understanding of investigations involving endpoints, identity, cloud, email, network, and applications.
• Experience in forensic analysis, maintaining chain of custody, and engaging with legal and privacy teams.
• Proven technical leadership abilities, mentoring skills, and cross-functional influence.
• Exceptional technical communication skills, capable of operating effectively during crises, audits, and committee meetings.
• Preferred: Experience with detection-as-code methodologies (e.g., Sigma, KQL, SPL, Terraform, CI/CD pipelines).
• Previous exposure to purple teaming, structured threat hunting, and adversary simulations.
• Familiarity with frameworks such as NIST CSF, NIST 800-61, ISO 27001/27002.
• Experience collaborating with DFIR, Threat Intelligence, and MSSP vendors.
• Relevant certifications (e.g., GCED, GCIA, GCIH, GNFA, CISSP, or similar).
• Health insurance – valuable coverage when you need it.
• Dental insurance – because we care about smiles.
• Renascer Program – employee support and well-being initiative.
• Meaningful Dates – we celebrate important moments.
• Education investment – we support your learning journey.
• Results participation – we build together and share in the outcomes.
• Individual Development Plan – we value your career ownership.
• Private pension plan – supporting long-term future planning.
• Life insurance – an important benefit.
• Time Together – recognition for team engagement and in-person participation.
• Meal and/or grocery allowance.
• Transportation allowance – no deductions.
• Childcare/babysitting assistance – because your child deserves a safe, welcoming place.
Softgic
AttackIQ
DigitalOcean
Masabi
Get handpicked remote jobs straight to your inbox weekly.