Job Summary: Mais.Mobi is seeking a Senior Blue Team Analyst to perform defense, detection, and incident response activities, protecting information assets against cyber threats and continuously improving security processes. Key Highlights: 1. Integrate the Defensive Security team in urban mobility 2. Focus on detection, incident response, and security monitoring 3. Collaborate with Red Team, SOC, and DevSecOps teams Mais.Mobi is an urban mobility company dedicated to rethinking transportation and technology sectors to anticipate the future that cities and people desire. The organization manages multiple products and electronic fare systems, such as Riocard Mais and Cartão Macaé. We deliver tailored solutions for the market, supporting operations in customer service, management, loyalty programs, and payment methods—transforming mobility with security, transparency, and ongoing technical support. Position Objective: We seek a Senior Blue Team Analyst to join our Defensive Security team, executing defense, detection, incident response, and monitoring activities to ensure protection of the company’s information assets against cyber threats, while also driving continuous improvement of defensive security policies, processes, and tools. Responsibilities and Duties Responsibilities: * Detect and support remediation of environment vulnerabilities; maintain cybersecurity tools and conduct incident response; * Create, optimize, and maintain detection rules (correlation rules) in SIEM to identify malicious or anomalous activities; * Manage the vulnerability lifecycle—from identification through remediation—in coordination with other teams; * Support implementation of security best practices across cloud environments, servers, workstations, and networks, aligned with security frameworks; * Conduct security incident response, investigating alerts generated by SIEM or other security tools; * Provision and deprovision assets and resources within defensive security tools; * Support security failure analysis and propose mitigation solutions; * Ensure proper log collection from assets, meeting security requirements and monitoring rules; * Document procedures, incident analyses, and security configurations; * Prepare technical and executive reports, including evidence, impact assessments, and mitigation recommendations; * Automate processes and develop scripts to support defensive operations; * Collaborate with Red Team, SOC, Architecture, and DevSecOps teams to validate and remediate vulnerabilities; * Develop Blue Team playbooks, methodologies, and internal standards; * Monitor threat trends, exploits, emerging attack techniques, and update security tools with acquired intelligence. Requirements and Qualifications * Completed degree in Information Security, Information Systems, Computer Science, Software Engineering, or related fields; * Experience in Blue Team roles or equivalent functions; * Experience with key tools: SIEM, EDR or XDR, Vulnerability Management, and WAF; * Advanced knowledge of Windows and Linux environments, permissions, services, and common attack vectors; * Advanced knowledge of Firewall, Proxy, VPN, Cloud, and networking; * Familiarity with methodologies: MITRE ATT&CK, PTES, NIST SP; * Familiarity with security projects, processes, and policies; * Understanding of secure development and DevSecOps pipelines (CI/CD, Git, integration of automated scanners); * Experience preparing reports, Cybersec books, and technical presentations; * Experience in environment hardening and incident response activities, including playbook development; * Ability to produce clear, concise, and impact-oriented documentation; * Certifications: ISO/IEC 27001 and CompTIA Security+. Desirable: * Certifications such as: EHF (Ethical Hacking Foundation), OCI Security Professional, AWS Certified Security (Specialty), GCIA (GIAC Certified Intrusion Analyst), GCDA (GIAC Certified Detection Analyst), CCD (Certified CyberDefender) – CyberDefenders, CDN (Certified Network Security), CEH (Certified Ethical Hacker); * Experience with specific security tools such as Kaspersky, Umbrella, Cloudflare; * Programming language knowledge (e.g., Python, Shell Script, PowerShell) for security task automation; * Knowledge of the General Data Protection Law (LGPD); * Postgraduate studies in Information Security; * Intermediate/advanced English proficiency. Additional Information Employment Type: CLT. Benefits: Transportation allowance + Meal voucher + Food allowance + Health and dental insurance + Online course reimbursement + Life insurance + Emotional wellbeing program, etc. Work Format: Hybrid. Location: Centro – Rio de Janeiro. Mais.Mobi is an urban mobility company dedicated to rethinking transportation and technology sectors to anticipate the future that cities and people desire. We deliver tailored solutions for the market, supporting operations in customer service, management, loyalty programs, and payment methods—transforming mobility with security, transparency, and continuous technical support.