• Design, develop, and maintain detection rules, alerts, and analytics to identify cybersecurity threats across endpoints, network, identity, cloud, and application platforms. • Collaborate with threat intelligence, threat hunting, and security operations teams to understand emerging threats and translate TTPs into actionable detections. • Continuously monitor the threat landscape and proactively recommend improvements to detection coverage and methodology. • Validate, test, and tune detection content to reduce false positives and improve accuracy, performance, and signal-to-noise ratio. • Partner with incident response teams to provide detection insights, improve alert fidelity, and support investigation workflows. • Maintain and enhance the organization’s detection repository within SIEM and detection platforms, ensuring content stays current with evolving attack techniques. • Develop and refine Data Loss Prevention (DLP) detection policies and monitoring use cases to protect sensitive data and support compliance requirements. • Identify detection gaps and raise risks, working with engineering and security stakeholders to prioritize remediation and improvements.

• Configure and manage security policies on the firewall, including access rules, traffic filtering, and application control; • Implement and fine-tune firewall rules, defining granular policies aligned with security guidelines and periodically reviewing them to eliminate redundancies or inconsistencies; • Continuously analyze implemented rules to identify obsolete or misconfigured entries, record justifications, and document all changes made to the environment; • Evaluate the impact of rules on critical applications, adjusting them to avoid unintended blocks or network bottlenecks while monitoring the performance of protected services; • Configure specific rules for application and service filtering based on the firewall App-ID, allowing authorized traffic and mitigating risks associated with untrusted applications; • Monitor firewall logs and events to identify suspicious or anomalous activity; • Apply firmware updates and threat signature updates to the firewall according to established guidelines; • Implement hardening practices on the firewall in line with the organization’s security standards; • Perform periodic audits of firewall configurations to verify compliance with internal and regulatory security policies; • Evaluate and adjust NAT (Network Address Translation) and routing configurations on the firewall to ensure correct network operation; • Document security incidents related to the firewall and propose technical recommendations for mitigation; • Collaborate with internal teams in the investigation of incidents involving the firewall; • Prepare technical reports on the firewall security status and performance metrics of implemented policies; • Configure and maintain advanced firewall features such as IPS (Intrusion Prevention System), Threat Prevention, and WildFire; • Conduct periodic scans to detect vulnerabilities in firewall configurations using dedicated tools; • Perform integrity audits of firewall rules and logging systems (logs) within the firewall environment; • Assess the use of privileged accounts and segregation of duties in firewall management during audits; • Implement and manage multifactor authentication (MFA) solutions for firewall access; • Evaluate and configure SSL/TLS traffic control policies on the firewall to prevent encryption-based attacks; • Monitor and respond to security alerts generated by the firewall and integrated with SIEM (Security Information and Event Management) tools; • Configure and manage site-to-site and remote access VPN policies using the firewall’s VPN tools, defining granular rules for authentication and access control based on the environment’s needs (Host Information Profile, split-tunnel traffic, etc.); • Configure segmentation rules for VPN traffic on the firewall, isolating critical networks and limiting lateral access to reduce the spread of threats from remote connections; • Implement SSL/TLS inspection policies for VPN traffic, enabling analysis of encrypted packets without compromising VPN security or performance; • Implement and monitor security policies to protect critical services such as site-to-site and remote access VPNs on the firewall; • Configure and manage access policies based on the Zero Trust Network Access (ZTNA) model; • Monitor and audit access performed via ZTNA; • Perform other information security and firewall-related activities as required by operations.

• Configure and manage security policies on Windows operating systems, including GPOs (Group Policy Objects) and access controls; • Monitor event logs on Windows servers and workstations to identify suspicious or anomalous activity; • Apply patches and security updates to Windows systems according to established guidelines; • Configure and monitor multi-factor authentication (MFA) systems in Windows environments; • Implement hardening practices on Windows servers and workstations aligned with the organization's security standards; • Document security incidents related to the Windows environment and provide technical recommendations for mitigation; • Collaborate with internal teams to investigate incidents involving Windows systems; • Prepare technical reports on the security status of Windows systems and performance metrics for tools used; • Configure and maintain local firewalls and other protective tools on Windows systems; • Perform regular scans to detect vulnerabilities on Windows servers and workstations; • Evaluate new security tools and technologies specific to Windows environments and recommend adoption to the responsible team; • Perform integrity audits of critical files and registry systems in Windows environments; • Review the use of privileged accounts and segregation of duties in Windows systems during audits; • Implement and manage data encryption solutions in Windows systems, such as BitLocker, to protect sensitive information; • Evaluate and configure application control policies (application whitelisting/blacklisting) to prevent execution of unauthorized software; • Monitor and respond to security alerts generated by SIEM (Security Information and Event Management) tools specific to Windows environments; • Implement and monitor security policies to protect Active Directory, including analysis of delegated permissions and mitigation of attacks such as Kerberoasting and Pass-the-Hash; • Conduct forensic analysis on compromised Windows systems to identify attack vectors and impacts; • Design resilient and secure architectures for Active Directory infrastructures, including domain segregation, creation of isolated forests, and implementation of granular controls to minimize attack surfaces; • Create and maintain custom scripts (in PowerShell, Python or other languages) to automate tasks such as containment of compromised endpoints, disabling suspicious accounts, malware removal, among others; • Perform other activities related to information security and Windows environments as required by operations.

• Develop and apply hardening policies for operating systems, servers, and network devices; • Configure and manage endpoint protection solutions, including antivirus, EDR (Endpoint Detection and Response), XDR (Extended Detection and Response), and device control tools; • Apply security patches and updates to operating systems and applications installed on endpoints; • Perform regular scans on devices to detect vulnerabilities and threats; • Monitor security events on endpoints to identify suspicious or anomalous activity; • Conduct detailed analysis of logs and events to detect anomalous behavior on endpoints; • Document endpoint-related security incidents and propose technical mitigation recommendations; • Support forensic investigations of incidents on devices, documenting attack vectors and recommendations; • Develop and maintain incident response playbooks for scenarios such as ransomware, APTs, and other advanced threats; • Execute incident simulation tests to validate and improve response processes; • Prepare detailed technical reports on incidents, including attack vectors, impacts, and prevention recommendations; • Monitor sources such as NVD, vendor alerts, and CVEs to identify new critical vulnerabilities; • Validate the effectiveness of fixes in controlled environments before applying them to production; • Assess the impact of vulnerabilities from the perspective of regulations such as LGPD (Brazilian General Data Protection Law), ISO/IEC 27001, and other applicable regulations; • Configure and manage network segmentation policies (VLANs, security zones, DMZs) to minimize attack surface; • Implement and optimize Network Detection and Response (NDR) solutions to detect anomalies in internal and external traffic; • Configure and manage Identity and Access Management (IAM) solutions with role-based (RBAC) and attribute-based (ABAC) policies; • Implement and optimize Privileged Access Management (PAM) systems, including automatic password rotation and secure vaults; • Design and implement multi-factor authentication (MFA) flows integrated with critical systems; • Manage user lifecycle (provisioning and deprovisioning), ensuring adherence to policies; • Perform periodic audits of permissions, identifying excess privileges and adjusting policies in PAM; • Monitor privileged account logs to detect anomalous behavior.