Senior Information Security Analyst

Description

Job Summary: Senior Information Security Analyst to work in governance, risk, and compliance, handling sensitive projects, critical data, and demanding audits. Key Highlights: 1. Over 25 years of experience and tradition in credit recovery 2. Recognized as one of the best companies to work for by GPTW 3. A diverse, inclusive environment focused on competence, professionalism, and innovation ***Who We Are?*** Bellinati Perez*,* specializes in secured and unsecured credit recovery, both amicable and judicial, operating through human, digital, and hybrid negotiation models. Our over 25 years of experience and tradition strengthen our efficiency and reputation, enabling\-us to partner with the country's largest credit originators. We are recognized as one of the top 20 best companies to work for in the state of Paraná and among the best in Brazil by GPTW (Great Place To Work). Additionally, we foster a diverse, inclusive environment that values competence, professionalism, and innovation. ***Cultural Fit*** **Innovation**: Innovation is part of our DNA—we constantly seek new technologies to enhance the experience of our customers and employees. **Diversity**: We value diversity. Here, everyone can shine as their authentic self! **Development**: You build your career here. Seize opportunities along your journey and grow alongside us! **Team Play**: When we exchange ideas and solutions, there are no limits to where we can go! **Flexibility**: We adapt, have fun, and always find the best path—within a flexible work schedule. Responsibilities and Duties: ***Your Daily Routine at BP as a Senior Information Security Analyst?*** * Serve as the subject-matter expert on critical governance, risk, and compliance topics, operating cross-functionally across the Plan, Attack, and Defend pillars; * Handle sensitive projects, critical data, and demanding audits. **Strategic and Analytical:** * Conduct risk analyses for new projects and systems; * Develop and review security policies and procedures; * Coordinate responses to critical incidents (technical and strategic perspective); * Apply threat intelligence and propose countermeasures; * Participate in implementing security within DevSecOps pipelines. **Operational:** * Perform adjustments and improvements on tools such as SIEM, DLP, and XDR; * Conduct security testing and forensic analyses; * Monitor critical vulnerabilities from identification through remediation; * Monitor critical vulnerabilities from detection through remediation; * Act as the technical point of contact during audits and internal threat investigations. **Leadership and Development:** * Mentor junior professionals in technical and strategic competencies; * Contribute to continuous improvement initiatives within the security area; * Deliver security awareness training and activities; * Represent the security area in forums, committees, and technical meetings. Requirements and Qualifications: ***What Do You Need to Join Us?*** * Completed bachelor’s degree in Technology fields such as Information Security, Computer Science, Information Systems, or related disciplines; * 3–5 years of experience in Information Security; * Strong communication and interpersonal skills, with ability to collaborate across departments and present results effectively; * Technical writing proficiency for developing advanced documentation and corporate policies; * Autonomy in making technical decisions and leading projects; * Analytical mindset, mentoring capability, strategic collaboration aptitude, and business-oriented vision; * Focus on continuous improvement and innovation. **Hard Skills:** ***Cloud, Containers, and DevSecOps*** * Hands-on experience in on\-premises, AWS, Azure, or GCP environments; * Experience with Docker, Kubernetes, and CI/CD security (GitLab, Jenkins, SonarQube); * Knowledge of automation using Python, PowerShell, or Bash; * Familiarity with REST/GraphQL API security practices and infrastructure-as-code. ***Monitoring and Incident Response*** * Use of SIEM tools (e.g., Splunk, QRadar), SOAR platforms (e.g., Cortex, Splunk SOAR), and XDR solutions (e.g., CrowdStrike, Defender); * Experience in forensic analysis (e.g., FTK, Volatility) and vulnerability management (e.g., Nessus, Qualys); * Familiarity with DLP, UEBA, NGFW firewalls, email security, CASB, and SSPM solutions. **Threats and Testing** * Knowledge of Threat Intelligence (e.g., MITRE ATT\&CK, Mandiant); * Experience executing or supporting penetration tests (Pentest) and Red Team simulations; * Basic understanding of reverse engineering and malware analysis (a plus). ***What Increases Your Chances?*** * Postgraduate degree or MBA in Information Security, Risk Management, or related fields; * Industry certifications and specializations are considered advantageous. Additional Information: ***Work Schedule:*** * 8h48 daily; * Monday to Friday, 08:00–17:48\. ***Work Model/Location:*** * Hybrid \| Downtown \- Curitiba / PR ***Our Benefits:*** Meal Voucher: BRL 31.00/day Transportation Voucher Career Development Program Multi-benefit Card Life Insurance SESC Membership University Partnerships Corporate University Birthday Day Off "Just dress no code" – be yourself! ***For Your Health:*** Dental Plan Gympass/Wellhub Psychological Support On-site Medical Doctor **\#VemSerBP** Job Type: Freelance / PJ Selection Question(s): * What is your salary expectation? * Are you interested and available to work as a PJ? * Are you available to work downtown in Curitiba?