Senior Information Security Analyst

Description

Job Summary: Senior Information Security Analyst to work in governance, risk, and compliance; coordinate incident response; and mentor junior professionals. Key Highlights: 1. Cross-functional expertise in governance, risk, and compliance 2. Focus on continuous improvement and innovation 3. An environment that values diversity and professional development ***Who We Are?*** Bellinati Perez*,* specializes in credit recovery—both secured and unsecured—through amicable and judicial means, employing human, digital, and hybrid negotiation models. Over 25 years of experience and tradition strengthen our efficiency and reputation, enabling\-us to serve the largest credit-originating institutions in Brazil. We are recognized as one of the top 20 best companies to work for in the state of Paraná and among the best in Brazil by GPTW (Great Place To Work). Additionally, we foster a diverse, inclusive environment that values competence, integrity, and innovation. ***Cultural Fit*** **Innovation**: Innovation is part of our DNA—we continuously seek new technologies to enhance the experience of our clients and employees. **Diversity**: We value diversity. Here, everyone can shine as their authentic self! **Development**: You shape your own career path. Seize opportunities along your journey and grow alongside us! **Team Play**: When we exchange ideas and solutions, there’s no limit to where we can go! **Flexibility**: We adapt, have fun, and always find the best path forward—all within a flexible work schedule. Responsibilities and Duties: ***Your Routine on the BP Team as a Senior Information Security Analyst?*** * Serve as the subject-matter expert on critical governance, risk, and compliance topics, with cross-functional involvement across the Plan, Attack, and Defend pillars; * Handle sensitive projects, critical data, and demanding audits. **Strategic and Analytical Responsibilities:** * Conduct risk analyses for new projects and systems; * Develop and review security policies and procedures; * Coordinate responses to critical incidents (technical and strategic perspective); * Apply threat intelligence and propose countermeasures; * Participate in implementing security within DevSecOps pipelines. **Operational Responsibilities:** * Perform configuration adjustments and improvements on tools such as SIEM, DLP, and XDR; * Conduct security testing and forensic analyses; * Monitor critical vulnerabilities from identification through remediation; * Monitor critical vulnerabilities from detection through remediation; * Act as the technical point of contact during audits and internal threat investigations. **Leadership and Development Responsibilities:** * Mentor junior professionals in both technical and strategic competencies; * Contribute to continuous improvement initiatives within the security area; * Deliver security awareness training and related activities; * Represent the security team in forums, committees, and technical meetings. Requirements and Qualifications: ***What Do You Need to Join Us?*** * Completed bachelor’s degree in Technology fields such as Information Security, Computer Science, Information Systems, or related disciplines; * 3–5 years of professional experience in Information Security; * Strong communication and interpersonal skills, with ability to collaborate across departments and present results effectively; * Technical writing proficiency for developing advanced documentation and corporate policies; * Autonomy in making technical decisions and leading projects; * Analytical mindset, with mentoring capability, strategic collaboration aptitude, and business-oriented vision; * Focus on continuous improvement and innovation. **Hard Skills:** ***Cloud, Containers, and DevSecOps*** * Experience in on\-premises environments and cloud platforms (AWS, Azure, or GCP); * Experience with Docker, Kubernetes, and CI/CD security (GitLab, Jenkins, SonarQube); * Knowledge of automation using Python, PowerShell, or Bash; * Familiarity with security practices for REST/GraphQL APIs and infrastructure-as-code. ***Monitoring and Incident Response*** * Use of SIEM tools (e.g., Splunk, QRadar), SOAR platforms (e.g., Cortex, Splunk SOAR), and XDR solutions (e.g., CrowdStrike, Defender); * Experience in forensic analysis (e.g., FTK, Volatility) and vulnerability management (e.g., Nessus, Qualys); * Familiarity with DLP, UEBA, NGFW firewalls, email security, CASB, and SSPM solutions. **Threats and Testing** * Knowledge of Threat Intelligence frameworks (e.g., MITRE ATT\&CK, Mandiant); * Execution or support of penetration tests (Pentest) and Red Team simulations; * Basic understanding of reverse engineering and malware analysis (a plus). ***What Increases Your Chances?*** * Postgraduate degree or MBA in Information Security, Risk Management, or related fields; * Industry certifications and specialized credentials are considered advantageous. Additional Information: ***Work Schedule:*** * 8 hours and 48 minutes per day; * Monday to Friday, 8:00 AM to 5:48 PM\. ***Work Model/Location:*** * Hybrid \| Downtown \- Curitiba / PR ***Our Benefits:*** Meal Voucher: BRL 31.00/day Transportation Voucher Career Development Program Multi-benefit Card Life Insurance SESC Membership University Partnerships Corporate University Birthday Day Off "Just dress no code" – be yourself! ***For Your Health:*** Dental Plan Gympass/Wellhub Psychological Support On-site Medical Doctor **\#VemSerBP** Job Type: Freelance / PJ Selection Question(s): * What is your salary expectation? * Are you interested in and available to work as a PJ? * Are you available to work downtown in Curitiba?