Senior Information Security Analyst

Description

Job Summary: Work as a Senior Information Security Analyst, serving as a reference in governance, risk, and compliance; leading projects and analyses; and responding to critical incidents within an innovative environment. Key Highlights: 1. Company recognized by GPTW with over 25 years of tradition. 2. Culture of innovation, diversity, development, and flexibility. 3. Flexible work schedule and collaborative work environment. ***Who We Are?*** Bellinati Perez*,* specializes in debt recovery—both secured and unsecured—through amicable and judicial processes, operating across human, digital, and hybrid negotiation models. Over 25 years of experience and tradition strengthen our efficiency and reputation, enabling\-us to partner with the largest credit originators in Brazil. We are recognized as one of the top 20 best companies to work for in the state of Paraná and among the best in Brazil by GPTW (Great Place To Work). Additionally, we foster a diverse, inclusive environment that values competence, professionalism, and innovation. ***Cultural Fit*** **Innovation**: Innovation is part of our DNA—we continuously seek new technologies to enhance experiences for our clients and employees. **Diversity**: We value diversity. Here, everyone can shine as their authentic self! **Development**: You build your career here. Seize opportunities along your journey and grow alongside us! **Team Play**: When we exchange ideas and solutions, there are no limits to where we can go! **Flexibility**: We adapt, have fun, and always find the best path—all within a flexible work schedule. Responsibilities and Duties: ***Your Daily Routine at BP as a Senior Information Security Analyst?*** * Serve as the subject-matter expert on critical governance, risk, and compliance topics, operating cross-functionally across the Plan, Attack, and Defend pillars; * Handle sensitive projects, critical data, and demanding audits. **Strategic and Analytical Responsibilities:** * Conduct risk assessments for new projects and systems; * Develop and review security policies and procedures; * Coordinate responses to critical incidents (technical and strategic perspective); * Apply threat intelligence and propose countermeasures; * Participate in implementing security within DevSecOps pipelines. **Operational Responsibilities:** * Perform tuning and improvements on tools such as SIEM, DLP, and XDR; * Conduct security testing and forensic analysis; * Monitor critical vulnerabilities from identification through remediation; * Monitor critical vulnerabilities from detection through remediation; * Act as the technical point of contact during audits and internal threat investigations. **Leadership and Development Responsibilities:** * Mentor junior professionals in both technical and strategic competencies; * Contribute to continuous improvement initiatives within the security area; * Deliver security awareness training and related activities; * Represent the security team in forums, committees, and technical meetings. Requirements and Qualifications: ***What Do You Need to Join Us?*** * Completed undergraduate degree in Technology fields, such as Information Security, Computer Science, Information Systems, or related disciplines; * 3–5 years of experience in Information Security; * Strong communication and interpersonal skills, with ability to collaborate across departments and present results effectively; * Technical writing proficiency for developing advanced documentation and corporate policies; * Autonomy in making technical decisions and managing projects; * Analytical mindset, with mentoring capability, strategic collaboration skills, and business-oriented vision; * Focus on continuous improvement and innovation. **Hard Skills:** ***Cloud, Containers, and DevSecOps*** * Experience in on\-premises, AWS, Azure, or GCP environments; * Experience with Docker, Kubernetes, and CI/CD security (GitLab, Jenkins, SonarQube); * Knowledge of automation using Python, PowerShell, or Bash; * Security practices for REST/GraphQL APIs and infrastructure-as-code. ***Monitoring and Incident Response*** * Use of SIEM tools (e.g., Splunk, QRadar), SOAR platforms (e.g., Cortex, Splunk SOAR), and XDR solutions (e.g., CrowdStrike, Defender); * Experience in forensic analysis (e.g., FTK, Volatility) and vulnerability management (e.g., Nessus, Qualys); * Familiarity with DLP, UEBA, NGFW firewalls, email security, CASB, and SSPM solutions. **Threats and Testing** * Knowledge of Threat Intelligence frameworks (e.g., MITRE ATT\&CK, Mandiant); * Execution or support of penetration tests (Pentest) and Red Team simulations; * Basic understanding of reverse engineering and malware analysis (a plus). ***What Increases Your Chances?*** * Postgraduate degree or MBA in Information Security, Risk Management, or related fields; * Certifications and specializations in the field are considered advantageous. Additional Information: ***Work Schedule:*** * 8 hours and 48 minutes per day; * Monday to Friday, 8:00 AM to 5:48 PM\. ***Work Model/Location:*** * Hybrid \| Downtown \- Curitiba / PR ***Our Benefits:*** Meal Voucher: BRL 31.00/day Transportation Voucher Career Development Program Multi-benefit Card Life Insurance SESC Membership University Partnerships Corporate University Birthday Day Off "Just dress no code" – be yourself! ***For Your Health:*** Dental Plan Gympass/Wellhub Psychological Support On-site Medical Doctor **\#VemSerBP** Job Type: Freelance / PJ Selection Question(s): * What is your salary expectation? * Are you interested in and available to work as a PJ? * Are you available to work downtown in Curitiba?