Browse
···
Log in / Register
Job Summary: Technical focal point for CyberOps for security incident investigations and response, monitoring events and coordinating the Incident Response lifecycle. Key Highlights: 1. Technical focal point for CyberOps and Incident Response 2. Deep monitoring and investigation of security incidents 3. Operational experience in SOC environments with a focus on defensive security ### **Responsibilities and Duties** * Serve as the CyberOps team’s technical focal point for security incident investigations and response. * Monitor security events using SIEM, EDR/XDR, NDR, and SOAR tools. * Perform advanced triage, event correlation, and in-depth investigation of each incident. * Create, tune, and improve detection rules, alerts, dashboards, and use cases. * Conduct detailed log analysis (systems, networks, cloud, applications). * Serve as the focal point for the entire Incident Response lifecycle, including: identification, containment, eradication, recovery, and post-incident analysis (post-mortem). * Coordinate critical incidents with Infrastructure, DevOps, Engineering, and vendor teams. * Prepare technical and executive incident reports. * Conduct regular proactive threat hunting activities. * Formulate hypotheses, query telemetry, validate suspicious behaviors, and identify gaps. * Work with frameworks such as MITRE ATT&CK. * Develop and maintain incident response playbooks and runbooks. * Automate processes in SOAR to reduce mean time to respond (MTTR). * Identify improvements in controls and monitoring points. * Investigate incidents in AWS, Azure, or GCP environments. * Work with native cloud logs such as CloudTrail, GuardDuty, Security Hub, VPC Flow Logs, among others. * Define log, telemetry, and data source integrations. * Collaborate with internal teams to ensure adequate visibility and coverage. * Validate the effectiveness of controls and sensors (WAF, EDR, ZTNA, SASE, firewall, endpoint, cloud). **Requirements and Qualifications** * Proven experience in SOC environments, defensive security, or incident response. * Strong expertise in: SIEM (Splunk, QRadar, Elastic, Sentinel, LogRhythm, etc.), EDR/XDR (CrowdStrike, SentinelOne, Defender, Cybereason, etc.), NDR / IDS/IPS, and SOAR (Cortex XSOAR, Splunk SOAR, Sentinel, Shuffle). * Demonstrated hands-on experience in incident investigation and response. * Advanced knowledge of networking: TCP/IP, DNS, proxies, SSL/TLS, VPN, and routing. * Experience with cloud logs (AWS, Azure, or GCP). * Ability to analyze behavioral malware (without requiring advanced reverse engineering). * Familiarity with frameworks: MITRE ATT&CK, NIST CSF / NIST 800-61 (IR), and CIS Controls **Preferred Qualifications** * Experience with Kubernetes, containers, and cloud-native architectures. * Practical knowledge of Threat Intelligence. * Experience with DLP, CASB, and Zero Trust tools. * Experience in regulated environments (BACEN, LGPD, PCI DSS). * Automation using Python, Bash, PowerShell, or APIs. ### **Our Benefits** * Remote work model. * Caju benefits card: VR/VA. * Health insurance plan with no co-payment. * Dental insurance plan with no co-payment. * Childcare allowance. * Extended maternity and paternity leave. * Wellhub.
