Role Description Information Security Consultant – Security Operations and Vulnerability Management Analyst PAHO is searching for an independent consultant to work at the Department of Information Technology Services (ITS), who will support the operational cybersecurity capabilities of PAHO’s Information Security Program, with focus on security monitoring, incident response, threat hunting, and vulnerability management support. Qualifications - University degree in Information Technology, Information Security, Cybersecurity, Computer Science, Engineering, or other related disciplines from an accredited institution. - Desirable: Specialized training in security operations, incident response, vulnerability management, cloud security, threat hunting, or Microsoft security technologies. - Microsoft Certified: Security Operations Analyst Associate, or equivalent. - GIAC Certified Incident Handler (GCIH) or equivalent. - CompTIA Security+, or equivalent cybersecurity certifications. - ITIL Foundation or equivalent service management certification. - At least seven years of combined relevant professional experience in information security, security operations, incident response, vulnerability management, and/or related areas. - Proven experience performing security monitoring, alert triage, incident analysis, and operational response activities in enterprise environments. - Experience using SIEM, EDR/XDR, vulnerability management, and data security monitoring tools to analyze security events, investigate incidents, and support remediation activities. - Experience supporting vulnerability management processes, including vulnerability analysis, risk-based prioritization, remediation coordination, and validation. - Experience with Microsoft Azure security services and the Microsoft security ecosystem, including Microsoft Sentinel, Defender, Entra ID, Intune, and related security capabilities. - Working knowledge of scripting, query, and automation languages such as PowerShell, Python, KQL, JavaScript, and/or shell scripting. - Ability to work collaboratively with cross-functional teams. - Ability to communicate security incidents, technical findings, vulnerability risks, and remediation recommendations clearly to technical and non-technical stakeholders. - Strong analytical, problem-solving, documentation, coordination, and follow-up skills. - Ability to work under pressure during security incidents and maintain clear documentation of actions taken. - Ability to translate operational security findings into actionable recommendations for detection improvement, incident response, and vulnerability management. - Very good knowledge of English and Spanish. Requirements - Monitor and analyze security alerts and events from Microsoft Sentinel, Microsoft Defender suite, Varonis, and other relevant security tools. - Validate, classify, and prioritize alerts based on severity, affected assets, business impact, exposure, and potential risk to the Organization. - Identify suspicious activity across endpoints, identities, cloud services, data repositories, applications, and infrastructure components. - Provide operational feedback to improve alert quality, reduce false positives, strengthen detection coverage, and optimize monitoring practices. - Support the execution and coordination of incident response activities. - Coordinate incident handling with IT Operations, Service Desk, infrastructure teams, application owners, system custodians, external service providers, vendors, and existing Service Management, Incident Response, and Disaster Recovery processes. - Prepare incident summaries and post-incident notes. - Conduct proactive threat hunting activities across endpoint, identity, cloud, data, and application environments. - Identify indicators of compromise, anomalous behavior, suspicious access patterns, unusual data activity, and potential misuse of organizational resources. - Analyze vulnerability findings from Microsoft Defender, Qualys, and other relevant sources. - Provide security analysis, risk-based prioritization and coordination support for remediation actions. - Prepare periodic summaries of security monitoring activities, notable alerts and incidents, threat hunting findings, vulnerability exposure, and operational risks. - Recommend improvements to detection quality, alert triage, incident handling, vulnerability management workflows, and coordination with external providers. Benefits - Band B - Daily rate $258-$314. - Duration: Until 31 December 2026, possibility of extension subject to performance and availability of funds.

• Monitor, triage and enrich low-, medium- and high-complexity security alerts generated by the SIEM • Analyze logs from multiple sources: ZTNA, EDR/XDR, Cloud, Databases, DLP, WAF and CSPM • Conduct detailed analyses of alerts and security events, correlating multiple indicators before concluding an investigation • Investigate and respond to cyber incidents, proposing corrective and preventive actions • Manage ticket workflow, ensuring proper logging, follow-up and escalation when necessary • Develop, review and improve playbooks, runbooks and Standard Operating Procedures (SOPs) • Provide structured feedback to Detection Engineering regarding required use cases and rule tuning • Identify monitoring gaps and proactively propose new SIEM use cases based on the MITRE ATT&CK framework, business-relevant TTPs, critical assets and emerging industry threats • Actively contribute to Cyber Threat Intelligence (CTI) and threat hunting activities • Drive continuous SOC improvement through automation and process optimization • Produce technical and management reports on security status and handled incidents • Support compliance with standards and regulations: PCI-DSS, ISO 27001, LGPD and BACEN regulations • Support internal audits by providing evidence and technical documentation

Role Description We are looking for a Security Operations Analyst (SOC Analyst) responsible for continuously monitoring the security of the company’s devices and systems, investigating security incidents, and generating periodic reports to support our compliance and operational security initiatives. The person will primarily work with tools from the Microsoft ecosystem, including Microsoft Defender, Intune, and Entra ID, ensuring compliance with internal policies and contributing to compliance initiatives such as SOC 2 Type II. - Monitor security alerts and events on a daily basis using Microsoft Defender and other security tools. - Investigate suspicious activities, incidents, and anomalies on endpoints and corporate accounts. - Document security incidents and follow up on corrective actions. - Generate biweekly and monthly reports on: - Detected incidents - Relevant alerts - Policy compliance - Corporate device status - Security metrics - Verify compliance with corporate policies on laptops and assigned devices. - Monitor access controls, MFA, and user activity. - Collaborate with internal audits and compliance processes. - Maintain evidence and documentation required for SOC 2 audits. - Participate in periodic reviews of access permissions and corporate assets. - Escalate critical incidents according to established procedures. - Propose continuous improvements in security controls and monitoring. Qualifications - Experience in security monitoring or cybersecurity operations. - Knowledge of: - Microsoft Defender for Endpoint - Microsoft 365 Security - Microsoft Entra ID - Microsoft Intune - Basic to intermediate knowledge of: - SIEM - Incident management - Endpoint security - Access control - MFA - Endpoint hardening - Experience documenting incidents and generating executive reports. - Familiarity with security standards or frameworks such as: - SOC 2 - ISO 27001 - NIST, preferred - Intermediate English required. - Ability to: - Read technical documentation - Participate in basic meetings in English - Write simple reports - Communicate with international clients or vendors Requirements - 2+ years in roles related to: - SOC - Cybersecurity - IT security - Security operations - Microsoft security administration Preferred Certifications - Microsoft SC-200 - Microsoft SC-300 - Security+ - AZ-500 - SOC Analyst certifications Benefits - Remote and flexible work environment. - Participation in real compliance and security initiatives. - Professional growth opportunities in cybersecurity. - Work with modern technologies from the Microsoft ecosystem. - Exposure to international audit and compliance processes.

• Work cross-functionally with Information Security Operations and Infrastructure/DevOps teams, to administer and optimize security posture across multi-cloud (GCP/AWS) infrastructure, including native security services, IAM, logging, and threat detection • Triage and respond to cloud security alerts and vulnerabilities; implement timely mitigations, configuration changes, and patches • Own configuration and hygiene for cloud security consoles (examples: GCP Security Command Center, Cloud Logging, Cloud Armor, KMS, IAM , etc.) • Partner with DevOps to implement secure baseline configurations and guardrails (network segmentation, least privilege, encryption, key management, secrets handling, egress controls), in alignment with industry standard frameworks such as CIS, NIST 800-53, OWASP Top 10, etc. • Run day-to-day vulnerability workflows: detection, prioritization, remediation, and validation across cloud services, hosts, containers, and third-party dependencies • Manage and harden security configurations for Kubernetes Engine environments, including: Cluster and node security settings, RBAC, pod security controls, network policies, admission controls, and runtime security, Image vulnerability scanning, container supply-chain controls, patch cadence and version lifecycle management for clusters/nodes and supporting components • Support secure implementations/integrations of AI within cloud infrastructure, including: Data protection controls (PII/PHI handling, encryption, retention, audit logging) • Network controls (private connectivity where feasible, egress restrictions, proxying, allowlists) • Usage monitoring, abuse prevention, and security reviews for AI-driven features/workflows • Contributing to internal AI security standards (prompt/data handling guidance, logging strategy, third-party risk considerations) • Work cross-functionally with IS Risk and Compliance team to produce evidence and reporting to support internal security requirements and external compliance obligations (e.g., SOC 2 / ISO-aligned controls, healthcare and privacy expectations) • Participate in security incident response for cloud-related events, including containment and recovery actions • Other duties as assigned