Browse
···
Log in / Register
Job Summary: We are seeking professionals to work in Privacy, Information Security, and GRC, with a strong focus on customer satisfaction, within an environment of visionary leadership and a collaborative team. Key Highlights: 1. Focus on Privacy, Information Security, and GRC 2. Visionary Leadership and Collaborative Team 3. Excellent Organizational Climate We are looking for professionals eager to innovate and grow alongside Every Cybersecurity! We are a solid company operating in **Privacy, Information Security, and Governance, Risk, and Compliance (GRC)**, with full commitment to **customer satisfaction**. We have **visionary leadership**, a **collaborative team**, and an **excellent organizational climate**. **On-site position – Rio de Janeiro** Join us and **\#BeHappy at Every Cybersecurity!** **Responsibilities and Duties:** **RED TEAM PROFILE:** * Identify and dissect vulnerabilities with or without tools; * Demonstrate the business impact resulting from identified vulnerabilities; * Validate exploitation and post-exploitation points, assessing both potential perimeter breaches and assuming the perimeter has already been breached; * Conduct application testing, validate new features and new projects; * Apply privilege escalation and lateral movement techniques in internal infrastructure and cloud environments; * Collaborate with the rest of the team to develop threat modeling processes and defense strategies. **BLUE TEAM PROFILE:** * Develop a methodology for managing processes comprising an Information Security Management System, such as incident management, vulnerability management, and information security risk management; * Perform the information security risk management cycle with clients; * Create/Review Information Security policies, as well as all regulatory documents forming the Information Security documentation framework; * Conduct gap analysis using major industry frameworks as normative references; * Develop an Information Security/Cybersecurity Master Plan; * Develop Business Continuity Plans, Operational Continuity Plans, Business Impact Analyses (BIA), and other documents supporting Business Continuity Management; * Design and implement controls required for an Information Security Management System; * Support/Perform business process/operational flow modeling through interviews with responsible stakeholders; * Detect threats and vulnerabilities compromising corporate information; * Support/Validate and document all agreed-upon events with the client via meeting minutes or action logs; * Provide necessary means for technical training and skill development of security team members; * Lead a security requirements assessment process based on ISO 27001 and 27701 requirements; * Generate reports on information security compliance and/or maturity based on the security requirements assessment process, and develop action plans for alignment, recommending adoption of security controls, processes, and tools for clients; * Deliver training on current information security topics to raise awareness and foster a security-oriented culture; * Ensure the efficiency and sustainability of organizational activities fulfilling mandatory requirements defined by the Information Security area’s strategy. **Requirements and Qualifications:** **RED TEAM PROFILE:** * Knowledge of cyber threats and vulnerabilities; * Solid networking knowledge; * Solid knowledge of operating systems (Windows, Linux); * Knowledge of cloud architecture, including evaluation of internal and cloud infrastructure; * Familiarity with security frameworks and standards (NIST CSF, PCI, ISO 27000\); * Knowledge of malware analysis; * Experience using the MITRE ATT&CK framework; * Experience with tools such as Burp Suite for web application testing; * Proven experience in penetration testing; * Experience with offensive security tools; * Ability to read, modify, interpret, and write scripts for Linux/Windows; * Completed undergraduate degree in one of the following fields: Systems Analysis, Computer Science, Data Processing, Information Systems, Informatics, Computer Engineering, or Information Security; * At least one of the following certifications—or equivalent market-recognized certifications covering the Penetration Testing domain: CompTIA Security\+; CompTIA PenTest\+; Certified Ethical Hacker (CEH); OSCP (Offensive Security Certified Professional); eJPT (eLearnSecurity Junior Penetration Tester). **BLUE TEAM PROFILE:** * Experience creating and reviewing security policies, standards, processes, and procedures; * Knowledge of Brazilian and international legislation, as well as best practices in Information Security; * Experience conducting internal audits and preparing audit reports and documentation; * Knowledge of computer network infrastructure; * Analytical thinking, business acumen, strong interpersonal communication skills, and ability to handle complex tasks; * Familiarity with security and technology frameworks and regulations, including ISO 27001, ISO 27701, NIST CSF, CIS Controls, MITRE ATT&CK®; * Experience performing Gap Analysis using security frameworks; * Experience in information security risk management. * ISO 27001 certification; * ISO 27005\ certification.
