Job Summary: We are seeking an SOC Analyst (Threat Detection & Response) to work on cyber defense, transforming alerts into intelligent investigations and mitigating operational risks. Key Highlights: 1. Continuous evolution in a high-performance environment 2. Join a team passionate about technology 3. Leave your mark on impactful digital solutions **\#JoinLuby** ---------------- **Here, you will have the opportunity to:** * **Evolve in a high-performance environment:** A culture where development is continuous, with autonomy and involvement in national and international projects that truly challenge your skills and accelerate your potential. * **Join a team passionate about technology:** Here, you’ll work alongside experienced talent in a collaborative and disruptive environment, using the most advanced technologies in the market. * **Leave your mark on the world:** Our digital solutions directly impact the lives of thousands of people—and this is your chance to actively contribute to building a more digital and connected future. * **Work remotely and flexibly:** No matter where you are, we’re ready to welcome you onto our team! **Your Mission:** We seek an SOC Analyst (Threat Detection & Response) to operate on the front line of cyber defense—serving as the first set of eyes on security events. Your mission is to transform raw alerts into intelligent investigations, leveraging industry-standard frameworks to mitigate operational risks in real time. **Key Responsibilities:** * Monitor, triage, and investigate incidents in hybrid environments (Cloud/On-premise) via SIEM (Elastic/Sentinel). * Analyze security events with a behavioral focus—going beyond simple Indicators of Compromise (IOCs). * Apply the MITRE ATT&CK framework to map adversary tactics and recommend improvements to detection rules. * Document incidents following best practices (NIST 800-61) and support the creation of operational playbooks. * Investigate critical identity-related incidents and suspicious access attempts. **Essential Requirements:** * Proven prior experience in SOC or CSIRT operations. * Practical proficiency with SIEM tools (Elastic, Sentinel, or Defender). * Applied knowledge of MITRE ATT&CK. * Strong analytical ability for correlating cloud and network logs. * Intermediate English (technical reading and documentation). **Nice-to-Have:** * Operational familiarity with EQL / KQL * Basic knowledge of AWS environments (for understanding alerts) * Experience with behavioral analysis * Introductory knowledge of incident response playbooks (NIST 800-61) **What We Offer:** * **Remote Work:** Enjoy the flexibility of working from anywhere in Brazil—with full autonomy and self-organization. * **Health & Well-being:** Health and dental plans, life insurance, and Wellhub (Gympass). * **\+Education:** Discounts on FIAP courses and USP Esalq MBA programs—to keep learning and growing. * **Exclusive Perks:** Discounts at Multilaser stores, referral bonuses for professionals and business leads, adaptable working hours, and an annual bonus. ### ***Learn more about our culture, benefits, and what it means to be a \#Luber on our*** ***Careers Page!***