Browse
···
Log in / Register
Job Summary: The professional will work in information security, performing intrusion testing, vulnerability analysis, threat monitoring, and contributing to security policies. Key Highlights: 1. Penetration testing and vulnerability analysis experience 2. Threat monitoring and incident response experience 3. Knowledge of security frameworks and cloud environments **Requirements:** * **Bachelor's degree completed in Information Systems or related fields** * **Solid experience in the role;** * **Practical knowledge of penetration testing tools: Burp Suite, Nmap, Nikto, SQLMap, Metasploit, etc.;** * **Experience with vulnerability analysis using GVM (Greenbone/OpenVAS), Nessus, or similar tools;** * **Knowledge of network protocols, routing, firewalls, VPNs, DNS, HTTP/HTTPS, SMTP, etc.;** * **Experience with Active Directory, GPOs, and authentication (LDAP, Kerberos, MFA);** * **Ability to identify data leaks on paste sites, forums, and dark web markets;** * **Familiarity with SIEM, EDR, and incident response (e.g., SentinelOne, CrowdStrike, QRadar, etc.);** * **Knowledge of frameworks such as ISO 27001, CIS Controls v8, NIST CSF, and LGPD;** * **Knowledge of OSINT techniques and digital investigation;** * **Familiarity with cloud environments (AWS, Azure, GCP) and their security configurations;** * **Experience with DLP, SIEM, WAF, IDS/IPS, and network segmentation tools;** * **Knowledge of cloud computing environments (AWS, Azure, Google Cloud) with emphasis on security;** * **Experience in audits, compliance, and IT governance;** * **Ability to draft technical reports using clear language and well-documented evidence. * Conduct vulnerability scans using automated tools and manual analysis; * Monitor cyber threats, especially exposure of sensitive data in open sources and on the dark web; * Produce technical and executive reports with evidence, impact analysis, and recommendations; * Support GRC teams in risk assessments, internal audits, and LGPD compliance activities; * Track security updates, vulnerability bulletins (CVE, CVSS), and threat trends; * Contribute to the development and review of information security policies; * Collaborate with infrastructure, networking, and support teams to strengthen protective controls; * Perform penetration testing (pentest) on web applications, infrastructure, and internal networks; * Conduct attack simulations (light red teaming), phishing analysis, social engineering assessments, and system hardening.
