blueAPACHE is an Australian owned award-winning Managed Service Provider, recognised for the 5th year running, as Mid-Market Partner of the Year at the ARN Innovation Awards. We pride ourselves on being a genuinely great place to work, with a vibrant culture, clear vision, and strong leadership. When joining blueAPACHE, you are joining an organisation that is driven by our core values of employee and customer experience. We are proud to be an equal opportunity employer and are committed to building a diverse and inclusive workplace where we embrace our individual talents, and our differences. Job Summary: The Security Analyst Level 1 is responsible for monitoring, analyzing, and responding to security incidents and events to protect MSP customer assets. This entry-level position involves working closely with the security team to ensure compliance with security policies and procedures, assist in risk assessments, and contribute to the implementation of security measures.

• Develop and maintain security policies, standards, and control frameworks aligned with industry best practices (ISO, NIST, CIS) • Design and promote secure architecture patterns across cloud, applications, networks, and data platforms • Conduct security risk assessments and control reviews for systems, projects, and business processes • Provide security architecture and design guidance for new solutions and major changes • Support supplier and third-party security assessments and due diligence • Contribute to governance, risk management, and compliance activities, including audits and certifications • Monitor control effectiveness and support security reporting and governance forums • Collaborate with IT and business teams to ensure secure implementation of solutions • Support Security Operations with expertise on incidents and control improvements • Contribute to continuous improvement by addressing emerging threats and evolving technologies

• Implement, administer and enhance PAM solutions (CyberArk), ensuring privileged access control and protection of critical credentials. • Manage privileged accounts, password vaults and access policies, with integration to Active Directory (AD) and other corporate systems. • Administer and optimize Fortinet Firewalls (FortiGate), including rule creation, review and troubleshooting. • Operate and advance XDR and SIEM solutions (Palo Alto – Cortex XDR / Data Lake), including alert tuning and development of use cases. • Investigate and respond to security incidents, perform root cause analysis and propose continuous improvements. • Structure and execute vulnerability assessment and management processes, prioritizing based on risk (CVSS) and tracking remediations. • Perform hardening of Windows and Linux servers, ensuring compliance with security best practices. • Monitor and analyze security logs and events in on-premises and cloud environments. • Work with Brand Protection solutions (Rainforest or similar), identifying and mitigating threats such as phishing and brand abuse. • Define, implement and evolve information security policies, standards and procedures. • Support audits and compliance initiatives (ISO 27001, LGPD, among others). • Act as a consultant to business and technology teams, promoting a security culture and risk management.

• The AI Security Analyst is responsible for evaluating, governing, and securing the organization’s adoption and use of artificial intelligence tools, platforms, and integrations. • Working under the direction of the Information Security Manager, this role ensures that AI technologies are deployed with appropriate security controls, data protection standards, and risk oversight across ai2io’s multi-tenant managed services environment. • Evaluates AI tools, SaaS integrations, and platform capabilities for security risk, data exposure, and compliance alignment before and during organizational adoption. • Develops and maintains the organization’s AI governance framework, including usage policies, application approval workflows, and data classification standards for AI contexts. • Coordinates with AI platform engineering teams to ensure sensitivity labels, access controls, and data boundaries are consistently governed under a centralized security standard. • Monitors AI usage across the organization using Microsoft Defender for Cloud Apps and other telemetry sources to identify shadow AI, unauthorized integrations, and data leakage risks. • Supports GRC and identity security functions as a secondary focus, including compliance evidence collection, access reviews, and framework alignment.