Junior Information Security Analyst

Description

Job Summary: We are hiring a Junior Information Security Analyst to support security operations, with a focus on IAM, compliance, monitoring, and incident response, and with strong willingness to learn and grow. Key Highlights: 1. Focus on Identity and Access Management (IAM) and the Microsoft ecosystem 2. Opportunity for learning and technical growth in the security field 3. Support in compliance, monitoring, and initial incident response We are hiring a Junior Information Security Analyst to support Sipal's Information Security operations, emphasizing process execution and discipline, primarily working on Identity and Access Management (IAM) within the Microsoft ecosystem (AD/M365/Entra/ERPs), as well as compliance, monitoring, and initial incident response routines. We seek a professional with strong motivation to learn, develop technical expertise, and advance in the security field. **Responsibilities:** Operate access creation, modification, and revocation processes (joiner/mover/leaver), maintaining complete records and evidence. Support group and permission governance (AD/Entra/M365\), ensuring adherence to standards and appropriate approvals. Support periodic access and privilege recertification, consolidating lists, requesting approvals, and recording evidence. **Support privilege controls:** review of administrative access, basic segregation of duties (SoD), and audit trails. Maintain organization and updating of documentation (access matrix, standards, checklists, and knowledge base). Monitor and triage security alerts/events (M365 Security/Defender, logs, Zabbix/Grafana, firewall), applying playbooks and escalating when necessary. **Support hardening and baselines:** GPOs, endpoint/server configurations, compliance review, and remediation tracking. **Support vulnerability management:** inventory, prioritization by criticality, patch/correction tracking, and evidence collection. **Support LGPD/audit processes:** evidence organization, control checklists, policy and procedure updates. Support change management (GMUD) with risk assessment, validations, and impact documentation. Support security awareness initiatives and internal communication (best practices, campaigns, guidance). **Requirements:** **Security fundamentals:** identity, authentication/MFA, privileges, logging, vulnerabilities, and the principle of least privilege. **Experience (even entry-level) with Microsoft environments:** AD and/or M365/Entra. Strong organizational skills for ITSM logging and evidence control (traceability and auditing). Basic understanding of networking (TCP/IP, DNS, VPN concepts) and ability to perform basic troubleshooting. **Desirable Requirements:** Practical experience with IAM (groups, permissions, recertification, RBAC) and/or joiner/mover/leaver processes. Familiarity with Microsoft Defender (concepts), Fortinet (policies/VPN/logs fundamentals), and SIEM (fundamentals). ITIL v4 (Incident/Problem/Change) and experience with ITSM tools (e.g., GLPI). **Certifications or Microsoft/Security learning paths (e.g.,** SC\-900\) are not mandatory but valued. **Work Location:** Curitiba/PR **Working Hours:** Mon–Fri \- 08:00–18:00\. **Additional Information:** This position is also open to Persons with Disabilities (PwD).