Senior Incident Response Analyst

Description

Job Summary: We are seeking a professional to develop and maintain the Incident Response Plan, leading security trainings and investigations. Key Highlights: 1. Handling critical incidents and forensic investigations. 2. Leading the lessons-learned process and continuous improvements. 3. Autonomy and freedom to write your own journey. We are more than a machine—we are people who transform and **create infinite possibilities.** We work to **simplify and empower businesses for everyone**, offering intelligent financial solutions. Here, we invest in **technology**, foster **development**, and drive **innovation** to forge new possible paths and generate positive global impact. At Cielo, we work with **autonomy** to write our own journey, **freedom** to be our authentic selves, and the opportunity to **make things happen**. We are a team that **dreams collectively**, delivering a comprehensive experience while focusing on the physical and mental well-being of our 7,000+ employees and their families. We believe in **inclusion and embracing** all individuals, honoring their uniqueness and diverse life experiences. Let’s achieve your dreams together! **Responsibilities and Duties** ----------------------------------- **There’s a place for you in this purpose:** * Developing and maintaining the Incident Response Plan, including operational procedures for SOC/CSIRT; * Conducting technical trainings and guiding analysts on response processes; * Identifying gaps and proposing improvements to technologies, tools, and incident response processes; * Handling critical incidents, including investigation, containment, recovery, and communication with involved teams; * Collecting, preserving, and analyzing digital evidence, producing forensic reports aligned with best practices; * Coordinating technical war rooms and participating in crisis management and external communications; * Tuning SIEM correlation rules, developing use cases, and automating workflows via playbooks; * Performing proactive threat hunting and integrating emerging TTPs into the MITRE ATT&CK framework; * Supporting SOC management with metrics, effectiveness indicators (MTTR, containment time, avoided impact), and governance rituals; * Leading the lessons-learned process, proposing corrective actions and tracking improvements. **Requirements and Qualifications** ------------------------------ **What does the #CieloTeam expect from you?** * Knowledge of frameworks such as MITRE ATT&CK, Cyber Kill Chain, and NIST 800-61; * Experience with SIEM (e.g., Microsoft Sentinel), EDR, SOAR, and sandboxing tools; * Ability to triage and enrich IOCs (hashes, IPs, domains, URLs, certificates); * Knowledge of digital evidence collection and analysis (logs, memory dumps, artifacts, host analysis); * Proficiency in operating systems (Windows, Linux, macOS) and networking/protocols (TCP/IP, DNS, HTTP/S, SMTP); * Experience with basic forensic investigations and analysis of malicious campaigns (phishing, ransomware); * Programming/scripting skills (Python preferred; Bash, PowerShell) and API integrations; * Familiarity with response automation (SOAR, playbooks) and feed ingestion; * Experience modeling use cases and correlation rules in SIEM; * Knowledge of risk and impact models for response prioritization and business stakeholder communication; * Ability to translate technical data into actionable reports for both technical and executive audiences; * Risk- and business-context-based decision-making; * Advanced technical English (reading and writing) for communication with vendors and international partners. **What boosts your chances?** * Experience in large-scale Incident Response across the full incident lifecycle; * Experience handling incidents involving API exploitation, e-commerce systems, payment methods, data enumeration, card enumeration, etc. * Knowledge of SIEM (Sentinel) rule creation and correlation; * Experience applying AI/LLMs to triage and enrichment within the incident response process. **Additional Information** -------------------------- **Why live infinite possibilities alongside us?** * Medical and Dental Assistance; * Annual Variable Compensation (PPR); * Meal and Food Allowance; * Commuter Bus/Transportation Voucher or Parking; * Hybrid Work Model; * Remote Work Allowance; * Life Insurance; * Home and Auto Insurance; * Family Funeral Assistance; * Private Pension Plan; * Support Channel with Specialists (Nutrition, Psychology, Gynecology, etc.); * Vaccination Campaign; * Access to various courses on our Educa platform; * Wellhub; * Healthy Pregnancy Program; * Extended Maternity and Paternity Leave; * Childcare Assistance; * Birthday Day Off; * Flexible Dress Code; * Flexible Working Hours; * Short Fridays; * Extended Lunch Break (1h30).