• Interact closely with other cyber security architects, privacy officer, general counsel, engineering, and product management teams to ensure adequate security capabilities and controls are in place within the technology stack to mitigate security risks and meet the highest security and compliance requirements. • Work closely with prospects and the proposal managers to provide detailed responses to security assessment questionnaires. • Continuously research, design, advocate and recommend new security technologies, architectures, and products that will ensure meeting all compliance requirements. • Function as the go-to individual with in-depth understanding of all security and compliance related nuances within the Headspace Health stack. • Develop the ability to effectively navigate a highly complex environment to independently retrieve technical evidence for gaining assurance over the effectiveness of controls. • Serve as the subject matter expert who will actively guide the broader risk and compliance team on all security-related technical components within the environment. • Conduct ad-hoc security architecture/application reviews to assess new risks, keep abreast of latest cyber security technical risks, and foster a culture of continuous service improvement and service excellence.

Role Description Provide technical support to internal users, identifying and resolving complex IT and security-related issues. - Manage and configure IT assets and ensure secure and compliant environments. - Oversee identity and access management, including user provisioning, de-provisioning, and enforcement of least privilege principles. - Administer and configure endpoint protection tools, antivirus, patch management systems, and Mobile Device Management (MDM) solutions. - Support the implementation and maintenance of internal IT and security procedures and documentation. - Collaborate with the security and compliance teams in conducting risk assessments, internal audits, and implementing GRC controls aligned with privacy and other applicable legislation and the CIS Critical Security Controls framework. - Ensure best practices are followed in day-to-day operations regarding systems, access, and incident response. - Keep up with industry trends and threats to advise on improvements and preventive measures. - Educate employees on security policies, awareness, and safe practices. - Administer AWS environments and apply best security practices, including provisioning access and permissions, implementing security features, monitoring, and investigating suspicious activities. - Collaborate with the engineering team to improve the security of CI/CD pipelines, assist in remediating vulnerabilities, and perform security reviews of changes involving Infrastructure as Code (IaC). - Assist clients in implementing and maintaining SSO integrations. - Collaborate on strategic planning for the department in alignment with business needs, utilizing OKRs, roadmaps, business plans, and budget planning. Qualifications - Proven experience with Windows and Unix-like operating systems. - Strong background in providing technical support to end users. - Experience with access management processes, including provisioning and revoking access securely. - Strong background with Google Workspace and Slack administration from a security perspective. - Hands-on experience configuring and managing antivirus software, patch management systems, and MDM tools. - Knowledge of cloud platforms, especially AWS, and how to secure workloads in these environments. - Understanding of information security best practices and security frameworks, in particular CIS Critical Security Controls and privacy legislation like LGPD and GDPR. - Proven experience with CI/CD pipelines, SAST/DAST tools, Git, and Infrastructure as Code (IaC). - Knowledge of authentication protocols such as SAML, OpenID, and OAuth2, with hands-on experience configuring SSO integrations. - Comfortable writing clear procedures, internal policies, and emails/documentation in English. - Spoken Portuguese and English fluency is mandatory and will be used daily to interact with team members, partners, and vendors in several countries.

• Design and build internal security tooling from scratch, including agent-based security tooling, code analysis tooling, dynamic scanning, and security assessment tools • Identify vulnerabilities across SentiLink's AWS-based stack, including application code, cloud service configurations, and integrations between the two • Develop AI-assisted and agent-based tooling to scale offensive security testing beyond what a small team can do manually • Build and maintain security automation that improves detection, response, and remediation across the organization • Conduct hands-on penetration testing and vulnerability research against SentiLink's infrastructure and applications • Partner with engineering teams to remediate findings and embed security into the development process without slowing them down • Participate in the security on-call rotation, including incident response and regular response testing • Contribute to threat modeling and security design reviews for new systems, with a focus on cloud integrations and identity flows • Stay current on offensive security techniques, AI-assisted security tooling, and emerging attack patterns relevant to fintech and identity verification

• Deliver expert-level EDR product support, serving as the primary technical resource for internal teams and external customers. • Provide deep technical expertise across EDR platforms, including deployment, configuration, tuning, optimization, and troubleshooting. • Act as an escalation point for complex EDR-related incidents, alerts, and investigations. • Partner directly with customers to provide tailored recommendations for improving security posture within their environments. • Understand customer business risk and recommend appropriate security controls to reduce exposure and strengthen overall cybersecurity maturity. • Communicate technical findings clearly and effectively to both technical and non-technical stakeholders. • Conduct routine EDR platform health checks to identify gaps, misconfigurations, coverage issues, and optimization opportunities. • Manage EDR platform versioning and ensure deployments remain current, supported, and operationally effective. • Monitor platform performance and proactively recommend improvements to enhance detection and operational efficiency. • Develop, maintain, and improve Standard Operating Procedures (SOPs) related to EDR operations and incident workflows.