• Translates high-level departmental strategy into team-level goals, milestones, and execution plans. • Takes responsibility for the performance, reliability, and culture of the team. • Anticipates resourcing needs, skill gaps, and operational risks; escalates appropriately. • Drives continuous improvement across workflows, processes, and operational practices. • Ensures team deliverables are scoped clearly, prioritized effectively, and completed on time. • Manages workload, planning, sprint cycles, and backlog health. • Implements processes that improve quality and predictability of output. • Supports cross-functional coordination, ensuring stakeholders understand timelines and dependencies. • Removes roadblocks that impede team progress and ensures issues are escalated appropriately.

• Build proactive security automation aimed at decreasing manual remediation work. • Research new and novel ways to accomplish security work and publish your findings on our blog. • Participate in a monthly security on-call rotation for critical escalations. • Build security capabilities utilizing the attacker mindset and other adversary research.

• Plan and conduct complex penetration tests (red team, adversary simulation, chained attacks), including hybrid environments (on-premises, cloud, and mobile), focusing on realistic, high-impact scenarios; • Structure and evolve attack methodologies, frameworks and playbooks, aligning offensive initiatives with business risks and the organization’s strategic priorities; • Lead Red Team and Purple Team exercises and simulations based on real TTPs (MITRE ATT&CK), assessing the effectiveness of defensive and response controls; • Develop advanced techniques, exploits, tools and automations, and research vulnerabilities (0-day, n-day, business logic) and new exploitation methods; • Support security investigations with an offensive perspective, helping reproduce attacks, validate hypotheses and identify compromise vectors; • Act as a mentor for junior, mid-level and senior staff, raising the team’s technical level and disseminating knowledge; • Work closely with security leadership, architecture and business stakeholders, translating technical risks into organizational impact and supporting strategic decisions; • Evaluate the effectiveness of controls (EDR, WAF, IAM, SIEM, etc.) through advanced offensive techniques; • Produce high-level reports with risk assessment, financial impact and strategic recommendations, as well as detailed technical documentation; • Propose structural improvements to security posture, tools, processes and offensive capabilities.

• Profissional experiente em segurança cloud, com sólido entendimento de processos de DevOps, change management e configuration management • Faz parte de uma equipe responsável pelo desenvolvimento, atualização e testes de políticas de segurança cloud • Criação e manutenção de pipelines para publicação dessas políticas nos ambientes adequados • Atua com controles preventivos e detectivos de segurança para mitigação de riscos cibernéticos em cloud • Traduz políticas de Segurança da Informação em controles técnicos aplicados ao ambiente Azure