Job Summary: We are seeking an Information Security Leader passionate about innovation to promote security, uphold best practices, and manage risks. Key Highlights: 1. Lead and manage the SOC team, defining goals and evaluating performance. 2. Ensure SOC operations and evolution by structuring incident management processes. 3. Serve as the technical reference for Detection and Rule Engineering. If you are passionate about innovation and seek to work in an agile, collaborative, and challenging environment, this could be your opportunity! For our **Information Security** team, we seek a detail-oriented, critical-thinking professional to promote information security within Asaas, uphold daily best practices, and ensure projects are conceived and developed with a risk management, security, and quality mindset—thus contributing to business success. Interested but not located in Joinville? No problem—we support **remote/home office** work. **Responsibilities and Duties** * Lead, develop, and manage the SOC team (analysts and/or detection engineers), including goal setting, KPIs (MTTD, MTTR, false positive rate, use case coverage), performance evaluation, and career development planning; * Ensure SOC operations and evolution by structuring triage, classification, escalation, and incident communication processes, ensuring operational consistency and predictability; * Direct the full incident response lifecycle within the SOC context (detection, triage, initial containment, escalation, monitoring through resolution), ensuring proper logging, evidence collection, and alignment with the corporate Incident Response (IR) process; * Lead the SIEM strategy (log onboarding, normalization, correlation, data quality, retention, and use cases), ensuring coverage for critical assets, cloud environments, and applications—with focus on reducing “alert fatigue” and increasing effectiveness; * Drive SOAR implementation and optimization (playbooks, automations, integrations, orchestration), improving team efficiency and standardizing response actions—including enrichment with internal and external data (CTI); * Serve as the technical reference for Detection and Rule Engineering (alert tuning, rule development and versioning, testing, validation in controlled environments, change governance), ensuring traceability and quality; * Ensure integrations and operational synergy with defensive tools (EDR/XDR, NDR, IDS/IPS, Firewalls, WAF, DLP, CASB, IAM), connecting telemetry, automated actions, and escalation workflows; * Monitor vulnerability and exposure management from the SOC perspective (correlating critical vulnerabilities with exploitation signals, risk- and active-exploitation-based prioritization, supporting remediation teams and validating fixes); * Develop and maintain runbooks, playbooks, standard operating procedures (SOPs), and incident communication plans—ensuring adherence, continuous training, and simulations (tabletop exercises); * Report risks, trends, and results to leadership and stakeholders, translating technical data into executive metrics (detection posture, top attack vectors, top incidents, root causes, action plans); * Ensure SOC governance and compliance with regulations and standards (e.g., PCI-DSS, ISO 27001/27002, Central Bank regulations), including evidence, audits, audit trails, and controls applicable to monitoring and response. **Requirements and Qualifications** * Proven experience leading/managing SOC/Blue Team teams (operations, detection, response) in critical, high-availability environments; * Mastery of SOC processes: triage, queue management, severity classification, escalation, communication, post-incident review, and continuous improvement; * Advanced hands-on experience with SIEM (log management, correlation, rule development/tuning, use cases, data quality) and SOAR (playbooks, automations, integrations); * Practical knowledge of EDR/XDR, networks and protocols, operating systems (Windows/Linux/Mac), and cloud security fundamentals (AWS/Azure) and hybrid environments; * Familiarity with MITRE ATT&CK, detection techniques, threat hunting, and basic forensic investigation (evidence collection and preservation, event analysis, timeline reconstruction); * Experience applying security frameworks and best practices: NIST Cybersecurity Framework, NIST, ISO 27001/27002, CIS Controls; * Experience in regulated and/or auditable environments, with ability to produce evidence, reports, and corrective action plans; * Ability to align SOC priorities with business objectives, clearly communicate risks, and lead discussions with Infrastructure/Cloud/Engineering, Architecture, Product, and GRC teams; * Capability to define metrics and operate by KPIs (MTTD/MTTR, backlog, detection coverage, false positives, automation rate, SLAs), driving SOC efficiency and effectiveness. **Additional Information** * 8-hour daily schedule (Monday to Friday—no Saturday compensation); * CLT employment contract. **We are a Fintech**, a Payment Institution accredited by the Central Bank of Brazil, and **our purpose is to maximize business productivity through technology.** We offer a comprehensive solution for billing, payments, receivables anticipation, and serve over 200,000 customers—including self-employed professionals, microentrepreneurs (MEI), and large enterprises. Our dream began in 2010 in Joinville/SC, and we believe the sky is not the limit for our growth. That’s why our team is now spread across Brazil! **Over 1,000 people dream together with Asaas—collaboratively, innovatively, efficiently, with autonomy and freedom to soar high.** High-flying ambitions require resources to live and work better—and freedom to manage them. That’s why we welcome and care for our team by offering benefits that support personal and professional growth: **For health and well-being:** We provide comprehensive medical and dental coverage (no co-pay), life insurance, medication purchase assistance, and physical activity support. Additionally, Neon is our partner for financial wellness, and Zenklub supports physical and mental health (we offer 4 free monthly therapy or nutritionist sessions). At our headquarters, we also offer *quick massage.* **For meals and family:** Our flexible meal benefit is delivered via a Visa-branded credit card—the balance can be used however each person prefers. At our headquarters, we offer *free food*, and for families, we provide daycare assistance, parental support programs, and extended maternity and paternity leave. **For education and growth:** Beyond a challenging and highly developmental environment, we offer an in-house training platform and an Education Assistance program covering 70% of tuition fees for undergraduate degrees and language courses—as well as course and book purchases—so our team never stops learning. **For high-quality remote work:** We provide Home Office allowance, work equipment, furniture allowance, and partner with WOBA so our employees can access coworking spaces across Brazil whenever desired. Explore our headquarters in Joinville/SC with **this virtual tour!** **Extras—because the Dream Team deserves them:** We offer a birthday *Day Off*, Happy Hour allowance, referral bonuses, annual goal-based bonuses, a Stock Options plan, and a relaxed, no-dress-code environment!