Senior Information Security Analyst – Incident Response

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Incident Management: Oversee the technical response to intricate security incidents (ransomware, APTs, insider threats), from initial detection to post-mortem analysis.

• Threat Hunting: Perform proactive threat hunting throughout the network and endpoints, guided by hypotheses derived from threat intelligence.

• Digital Forensics: Gather and examine digital artifacts (memory, disk, logs) to reconstruct the sequence of events during an attack.

• Detection Engineering: Develop and refine correlation rules within the SIEM and detection signatures (YARA, Snort/Suricata).

• Automation (SOAR): Create playbooks and scripts (Python/PowerShell) to streamline responses to recurring alerts.

• Mentorship: Facilitate the technical growth of junior and mid-level analysts (Tier 1/2).

⛳️ Requirements

• Solid Experience: Demonstrated experience in a Blue Team, SOC, or CSIRT (approximately 3 years recommended).

• Frameworks: Strong understanding of NIST CSF and particularly MITRE ATT&CK for mapping TTPs (tactics, techniques, and procedures).

• Operating Systems: In-depth knowledge of Windows internals (Event Logs, Registry, Prefetch) and Linux (logs, kernel, bash).

• Defensive Tools: Practical experience with SIEM tools (Splunk, Elastic, Sentinel, or QRadar) and EDR/XDR solutions (CrowdStrike, SentinelOne, Defender).

• Networking: Thorough analysis of network traffic (PCAP) utilizing tools like Wireshark or Zeek.

🏝️ Benefits

• We believe that talented individuals can be found everywhere; thus, our positions are available to all, irrespective of race, age, gender, sexual orientation, gender identity, and/or disability.