Job Summary: This role involves monitoring, preventing, and responding to cybersecurity incidents within a Security Operations Center, requiring expertise in various security layers and incident documentation. Key Highlights: 1. Working in the Security Operations Center (SOC) 2. Monitoring, prevention, and response to cybersecurity incidents 3. Knowledge of MITRE ATT&CK and Cyber Kill Chain **This position is 100% on-site.** **Mandatory Requirements for the Position:** I. **Minimum 6 months of experience as a security infrastructure analyst or as an analyst in a security incident response team;** II. ITIL v3 Foundation or higher; III. A diploma, duly registered by a higher education institution recognized by the Brazilian Ministry of Education (MEC), certifying completion of an undergraduate degree in Information Technology; IV. **Security and Privacy Certification (ISO family, CompTIA Security+);** **Main Responsibilities of the Position:** I. Perform activities related to monitoring, prevention, and response to cybersecurity incidents within the Security Operations Center (SOC); II. Understand core security strategies and corresponding controls across multiple security layers—from foundational premises through to the cyber domain; III. Conduct required routines for documenting cybersecurity events, especially those classified and addressed as security incidents; IV. Support security event monitoring routines; V. Support cybersecurity incident response routines; VI. Generate, extract, and visualize control and incident response metrics from dedicated and specialized dashboards. **Required Knowledge, Skills, and Attitudes:** I. Knowledge of Linux/Unix and Microsoft Windows operating systems, computer networks, network protocols, IT architectures, and LDAP/AD as authoritative directories. Understanding of best practices and appropriate configurations for environments to achieve expected performance in detecting suspicious activities and investigating security incidents; II. Familiarity with the **MITRE ATT&CK framework**, including its primary tactics, techniques, and procedures associated with cybercriminal groups; and understanding of necessary controls, configurations, and procedures to mitigate such malicious actions; III. Knowledge of conceptual and reference models such as the **Cyber Kill Chain** (Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objectives), particularly emphasizing understanding of key stages executed by malicious actors; IV. Knowledge of endpoint protection solutions (EPP) and endpoint detection and response solutions (**EDR/xDR**); V. Knowledge of web and mobile application protection solutions, including load balancers, application-layer firewalls, and their core functionalities; VI. Knowledge of external and internal network perimeter protection and related controls, such as web gateways (web proxies) and email gateways; VII. Knowledge of Security Information and Event Management (**SIEM**) tools for security information management and event correlation. VIII. Linux and Windows operating systems; IX. **Knowledge of security event monitoring and correlation tools.** X. Knowledge of Linux/Unix and Microsoft Windows operating systems, computer networks, network protocols, IT architectures, and LDAP/AD as authoritative directories; XII. Understanding of best practices and appropriate configurations for environments to achieve expected performance in detecting suspicious activities and investigating security incidents; XIII. Familiarity with the MITRE ATT&CK framework, including its primary tactics, techniques, and procedures associated with cybercriminal groups; and understanding of necessary controls, configurations, and procedures to mitigate such malicious actions; XIV. Knowledge of conceptual and reference models such as the Cyber Kill Chain (Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objectives), particularly emphasizing understanding of key stages executed by malicious actors.