• Monitor and analyze log data, network traffic, and/or alerts generated by a variety of security technologies in real-time. • Respond, triage, and escalate security incidents using a SIEM platform following documented procedures. • Support the execution of vulnerability scans and assist in analyzing results for remediation recommendations. • Draft security incident reports detailing the threat, its characteristics, and required remediation activities for review by a senior analyst. • Research new threats and ensure appropriate detection capabilities are in place. • Review security incidents and other deliverables for adherence to established procedures and provide documentation updates as necessary. • Contribute to the quality and timeliness of the security incident detection and classification service. • Ensure standards and procedures are adhered to within defined SLA’s. • Articulate security issues to customers, both verbally and written. • Referring difficult or complex issues to more experienced staff. • Developing an understanding of current vulnerabilities, attacks, and countermeasures. • Identify opportunities for process improvement and suggest them to stakeholders. • Manage and track customer issues and requests within a ticketing system. • Work within a 24x7x365 team to further support the timely delivery of monitoring services. • This position may be assigned to a rotating shift schedule. • Support other teams as needed.

• Monitor security alerts and events using SIEM and other monitoring tools. • Analyze and respond to security incidents, including malware infections, phishing attempts, and unauthorized access. • Triage and prioritize alerts based on severity and potential impact. • Conduct initial investigations and document findings in incident tracking systems. • Collaborate with internal teams to contain and remediate security threats. • Perform root cause analysis and recommend improvements to prevent recurrence. • Create and maintain standard operating procedures (SOPs) and incident response playbooks. • Assist in threat intelligence gathering and correlation with internal events. • Participate in security audits, vulnerability assessments, and compliance efforts. • Stay up-to-date with the latest cybersecurity trends, vulnerabilities, and threat actor tactics.

• Atuar na operação e evolução do Google SecOps (SIEM / SOAR) • Monitorar, investigar e responder a incidentes de segurança • Criar e ajustar regras, alertas e playbooks de automação • Analisar logs, eventos e indicadores de segurança • Apoiar melhorias contínuas nos processos de SecOps • Trabalhar em parceria com times técnicos e clientes

• Improve AWS security configurations (IAM, GuardDuty, CloudTrail, Amazon Inspector, etc.). • Manage and maintain security tools: EDR, MDM, DLP, compliance agents, etc. • Coordinate with IT to ensure all laptops and endpoints follow security baselines. • Review and respond to SOC provider alerts, investigate incidents, and manage the final remediation phase. • Perform vulnerability management and coordinate patching with IT and DevOps. • Improve and maintain WAF rules, anti-bot protections, and other application-layer defenses. • Support access reviews, PCI-DSS reviews, and quarterly/monthly security tasks. • Document and implement security configurations for cloud and SaaS tools. • Contribute to Backup, DRP, and BCP testing in collaboration with Infra/IT teams. • Provide input to security roadmap planning with practical improvements from operations.