Role Description Provide technical support to internal users, identifying and resolving complex IT and security-related issues. - Manage and configure IT assets and ensure secure and compliant environments. - Oversee identity and access management, including user provisioning, de-provisioning, and enforcement of least privilege principles. - Administer and configure endpoint protection tools, antivirus, patch management systems, and Mobile Device Management (MDM) solutions. - Support the implementation and maintenance of internal IT and security procedures and documentation. - Collaborate with the security and compliance teams in conducting risk assessments, internal audits, and implementing GRC controls aligned with privacy and other applicable legislation and the CIS Critical Security Controls framework. - Ensure best practices are followed in day-to-day operations regarding systems, access, and incident response. - Keep up with industry trends and threats to advise on improvements and preventive measures. - Educate employees on security policies, awareness, and safe practices. - Administer AWS environments and apply best security practices, including provisioning access and permissions, implementing security features, monitoring, and investigating suspicious activities. - Collaborate with the engineering team to improve the security of CI/CD pipelines, assist in remediating vulnerabilities, and perform security reviews of changes involving Infrastructure as Code (IaC). - Assist clients in implementing and maintaining SSO integrations. - Collaborate on strategic planning for the department in alignment with business needs, utilizing OKRs, roadmaps, business plans, and budget planning. Qualifications - Proven experience with Windows and Unix-like operating systems. - Strong background in providing technical support to end users. - Experience with access management processes, including provisioning and revoking access securely. - Strong background with Google Workspace and Slack administration from a security perspective. - Hands-on experience configuring and managing antivirus software, patch management systems, and MDM tools. - Knowledge of cloud platforms, especially AWS, and how to secure workloads in these environments. - Understanding of information security best practices and security frameworks, in particular CIS Critical Security Controls and privacy legislation like LGPD and GDPR. - Proven experience with CI/CD pipelines, SAST/DAST tools, Git, and Infrastructure as Code (IaC). - Knowledge of authentication protocols such as SAML, OpenID, and OAuth2, with hands-on experience configuring SSO integrations. - Comfortable writing clear procedures, internal policies, and emails/documentation in English. - Spoken Portuguese and English fluency is mandatory and will be used daily to interact with team members, partners, and vendors in several countries.

• Design and build internal security tooling from scratch, including agent-based security tooling, code analysis tooling, dynamic scanning, and security assessment tools • Identify vulnerabilities across SentiLink's AWS-based stack, including application code, cloud service configurations, and integrations between the two • Develop AI-assisted and agent-based tooling to scale offensive security testing beyond what a small team can do manually • Build and maintain security automation that improves detection, response, and remediation across the organization • Conduct hands-on penetration testing and vulnerability research against SentiLink's infrastructure and applications • Partner with engineering teams to remediate findings and embed security into the development process without slowing them down • Participate in the security on-call rotation, including incident response and regular response testing • Contribute to threat modeling and security design reviews for new systems, with a focus on cloud integrations and identity flows • Stay current on offensive security techniques, AI-assisted security tooling, and emerging attack patterns relevant to fintech and identity verification

• Deliver expert-level EDR product support, serving as the primary technical resource for internal teams and external customers. • Provide deep technical expertise across EDR platforms, including deployment, configuration, tuning, optimization, and troubleshooting. • Act as an escalation point for complex EDR-related incidents, alerts, and investigations. • Partner directly with customers to provide tailored recommendations for improving security posture within their environments. • Understand customer business risk and recommend appropriate security controls to reduce exposure and strengthen overall cybersecurity maturity. • Communicate technical findings clearly and effectively to both technical and non-technical stakeholders. • Conduct routine EDR platform health checks to identify gaps, misconfigurations, coverage issues, and optimization opportunities. • Manage EDR platform versioning and ensure deployments remain current, supported, and operationally effective. • Monitor platform performance and proactively recommend improvements to enhance detection and operational efficiency. • Develop, maintain, and improve Standard Operating Procedures (SOPs) related to EDR operations and incident workflows.

• Own the architecture, implementation, and continuous improvement of Lumin’s network security program across cloud, SD-WAN, and ZTNA layers—designing identity-aware, policy-driven controls that secure both human and machine (agent) identities. • Design and deliver fully automated, end-to-end network security change management pipelines that eliminate manual toil, accelerate change velocity, and maintain audit-ready evidence at every step. • Build and operate real-time network telemetry, monitoring, and alerting systems that provide deep visibility into network activity — integrating threat intelligence feeds, cloud connectivity data, and asset inventories into a unified, automated network defense posture. • Engineer production-grade tooling and services—including firewall rule lifecycle management, policy drift detection, configuration compliance validation, and telemetry enrichment—using modern backend languages (Python strongly preferred) and infrastructure-as-code. • Manage and tune network-layer detection capabilities — including IDS/IPS signatures, firewall rules, and WAF configuration — to ensure high-fidelity signals for SOC consumption. • Operate at the leading edge of AI-assisted development: write precise engineering specifications, direct AI coding agents (e.g., Claude Code, Cursor), and review/validate generated output to build secure, lights-off agentic pipelines that the broader team can learn from. • Build and maintain API integrations across the network security technology stack (e.g., Cloudflare, Zscaler, cloud-native controls) with reliability, observability, and audit-readiness designed in from day one. • Support compliance audit and assessment activities — including evidence collection, control testing, and auditor walkthroughs for network security domains; maintain an accurate network diagram inventory documenting topology, segmentation boundaries, and data flows. • Partner with the Security Operations Center, SRE, and IT to ensure network security controls integrate cleanly with existing infrastructure pipelines, CI/CD workflows, and incident response processes; participate in security architecture reviews and contribute to runbook development and operational documentation—raising the network security bar across the engineering organization. • Perform other duties as assigned.