ISH Tecnologia

• Realizar novas implementações disponíveis na solução OneTrust; • Aplicar melhorias; • Atendimento a demandas do cliente; • Monitoramento da aplicação OneTrust; • Suporte em mudanças e novas configurações; • Apoio em auditorias; • Apoio na resposta aos titulares na ferramenta OneTrust; • Elaborar relatórios e indicadores.

• Prevent and mitigate malicious cyber actions, whether intentional or accidental; • Analyze and evaluate network events and system anomalies in a SOC environment; • Analyze, create, and tune alerts generated by security appliances such as SIEM, IPS, FW, etc.; • Create and follow security playbooks for triage and escalation of security alerts; • Collaborate with Level 2+ analysts to research and investigate cybersecurity threats; • Maintain an investigative and curious mindset when approaching security events; • Knowledge of security tools to detect, prevent, and mitigate intrusions; • Handle incidents, requests, problems, and changes related to managed solutions; • Prepare analytical reports; • Support the development and maintenance of KPIs.

• Conduct intrusion tests (internal and external) in corporate environments, web applications, APIs, networks, operating systems and cloud infrastructure. • Plan, execute and document simulated offensive campaigns (Red Team operations), focusing on defense evasion, lateral movement, persistence and data exfiltration. • Develop and apply adversary simulation techniques, based on frameworks such as MITRE ATT&CK, APT TTPs and other threat intelligence sources. • Use and customize offensive tools such as Cobalt Strike, Metasploit, Empire, Sliver, BloodHound, Burp Suite, among others. • Identify vulnerabilities, misconfigurations and potential attack vectors that could be exploited by malicious actors. • Prepare technical and executive reports with findings, evidence and recommendations for mitigation. • Work closely with Blue Team, SOC and Vulnerability Management teams, supporting Purple Team exercises and improving the organization's defenses. • Continuously update knowledge on new attack techniques, tools, exploits and threat landscape trends.

• Monitor and manage requests that align with clients' needs and objectives based on the contracted scope; • Provide guided follow-up, developing effective mitigation plans together with customer-facing teams; • Serve as the focal point for security-related issues and client consultancy, providing targeted guidance.

• Prevent and mitigate malicious cyber activity, whether intentional or accidental; • Analyze and assess network events and system anomalies within a SOC environment; • Analyze, create, and tune alerts generated by security devices such as SIEM, IPS, FW, etc.; • Create and follow security playbooks for triage and escalation of security alerts; • Collaborate with Level 2+ analysts to research and investigate cybersecurity threats; • Maintain an investigative and curious mindset when addressing security events; • Knowledge of security tools to detect, prevent, and mitigate intrusions; • Handle incidents, requests, problems, and changes related to managed solutions; • Produce analytical reports; • Support the development and maintenance of KPIs.

• Monitor security events using SIEM solutions, with a focus on Splunk. • Analyze alerts, identify false positives, and conduct initial investigations. • Support and perform security incident response activities. • Participate in crisis rooms (incident war rooms), providing technical analysis and decision-support. • Serve as the local point of contact for the global Information Security team. • Participate in technical and operational meetings conducted in English. • Ensure adherence to global processes, policies, and standards. • Support the rollout and implementation of corporate security tools and controls. • Support the operation and analysis of the following security solutions: • Firewall (FW) • Web Application Firewall (WAF) • Endpoint Detection and Response (EDR) • Data Loss Prevention (DLP) • Work closely with infrastructure, networking, and cloud teams. • Support vulnerability lifecycle management, including: • Identification • Risk analysis • Tracking remediation plans • Collaborate with project teams to ensure the adoption of Security by Design practices from the early stages.

• Administer and monitor Identity and Access Management (IAM) systems in cloud environments, ensuring compliance with security and privacy policies; • Configure, maintain and improve access policies, roles, groups and permissions on cloud platforms such as AAD, AWS and GCP; • Collaborate with development and infrastructure teams to implement secure access control solutions; • Conduct periodic security audits and analyses, identifying and mitigating potential access management vulnerabilities; • Actively participate in the resolution of cloud-related IAM security incidents; • Provide specialized technical support to internal teams, addressing questions and assisting with access management issues in the cloud.

• Define investigation paths during incidents and assist clients with containment, remediation, and recovery strategies for compromised environments; • Advanced operation and support of EPP, EDR, XDR, and encryption tools; • Control and maintenance of asset inventory (hardware, software, systems); • Creation of rules and playbooks in endpoint security tools; • Assess and monitor the maturity of cybersecurity processes; • Develop and review organizational controls, policies, standards, and procedures with a focus on Information Security; • Collaborate with development teams to evolve products, processes, and automations; • Handle incoming requests; • Support the incident response process; • Prepare analysis reports and root cause analyses (RCA).

• Estruturar exercícios baseados em técnicas do MITRE ATT&CK. • Mapear cenários de ataque vs. defesas existentes. • Trabalhar com Red e Blue para definir objetivos, regras e expectativas do exercício. • Executar ataques controlados, como phishing, movimentação lateral, execução remota, coleta de credenciais, etc. • Replicar táticas, técnicas e procedimentos (TTPs) de grupos APT reais. • Criar automações ou scripts para reproduzir ataques complexos. • Identificar gaps e coletar evidências de falhas de detecção e prevenção. • Trabalhar com equipes especialistas para ajustes finos ou criação de novas políticas. • Avaliar a qualidade das detecções (alertas, regras, correlações). • Criar ou atualizar regras de detecção (KQL, Sigma, YARA, etc.). • Ajudar a melhorar processos de resposta e contenção. • Ajudar na construção de cadeias de ataque realistas. • Garantir que o Red Team utilize técnicas alinhadas ao ambiente e aos objetivos do exercício. • Documentar: • Técnicas detectadas • Lacunas de detecção • Cobertura atual vs. cobertura esperada • Criar matrizes de cobertura (heatmaps) para a organização. • Criar playbooks de resposta para os casos de uso desenvolvidos durante as pesquisas e exercícios de Purple. • Mapear como o Blue Team deve agir diante de novas técnicas detectadas. • Documentar cenários completos de ataque e defesa. • Consumir e aplicar informações de inteligência para: • Atualizar TTPs dos exercícios • Modelar ameaças relevantes ao setor • Identificar novas superfícies e vetores de ataque • Fazer o link entre inteligência estratégica e operacional. • Criar Relatórios Técnicos e Executivos • Criar pesquisas relacionadas as técnicas utilizadas por grupos ofensores por segmento de atuação. • Comunicar resultados tanto para áreas técnicas quanto para gestão. • Criar um ciclo permanente de: Simulação de ataque / Avaliação de detecção / Correção das defesas Novo teste • Promover integração entre equipes de segurança.