• Lead the development, rollout, and operations of security operations tools and services such as SIEM, EDR, NDR, email, cloud; building detection rules, automated playbooks, and integrations • Serve as a technical resource for security operations analysts; conduct design reviews and provide engineering guidance on detection and response workflows • Apply a detections-as-code approach; version-controlled, peer-reviewed, and tuned against alert quality metrics • Architect and implement security engineering capabilities, including endpoint security, data loss prevention, email security, network security, SIEM enhancements, detection engineering, and security automation. • Partner with cross-functional teams to perform threat modeling and embed security requirements in the development lifecycle. • Research, evaluate, and operationalize security products and services (including AI enabled platforms), building proof-of-concept integrations, provide recommendations or deferrals on adoption, and driving adoption across the security stack.

Role Description Unit4 Global Cloud Operations Team is seeking a skilled Security Operations Engineer to join our international team. As part of this dynamic team, you will play a key role in maintaining the security and integrity of our cloud infrastructure and environments. You will monitor security systems, analyze threats, and manage security incidents from detection through resolution, ensuring a robust defense against emerging threats. Key Responsibilities - Continuous Monitoring: Continuously monitor cloud environments for potential security threats. - Threat Analysis: Analyze security alerts and logs to identify suspicious activities. - Incident Response: Lead response efforts during security incidents, including containment, eradication, and recovery. - Investigation: Investigate security breaches and identify root causes. - Post-Incident Review: Conduct post-incident analysis to suggest improvements. - Documentation: Document security incidents and maintain detailed records. - Customer Incident Handling: Act on security incidents reported by customers or identified proactively. - Policy Adherence: Follow established security policies and procedures. - System Maintenance: Monitor and maintain security systems such as firewalls, intrusion detection and prevention systems, and SIEM systems. - Preventative Measures: Implement security measures to prevent future incidents. - Staying Current: Stay up-to-date with the latest security trends and technologies. Qualifications - 3+ years of relevant experience in security monitoring, analysis, and incident response. - Knowledge and experience in hardening OS and other environments/systems. - Knowledge and experience with security-related group policies and their implementation. - Knowledge of forensic analysis and incident management tools. - Familiarity with SIEM tools and security incident management. - Strong analytical and problem-solving skills. - Excellent communication skills, both written and verbal. - Ability to work under pressure and manage multiple incidents simultaneously. - Understanding of security policies and procedures. - Experience with firewalls, intrusion detection/prevention systems, and SIEM systems. Requirements - Familiarity with Microsoft Azure & Microsoft certifications. - Experience with AWS. - Experience with scripting languages (e.g. PowerShell) for automation. - Knowledge of networking, and PKI infrastructure. - Basic Linux skills. Benefits - A culture built on trust and accountability - giving you the freedom and autonomy to be successful and make an impact. - Balance - with our Flexible Leave Paid Time Off policy, remote working opportunities, Global Wellbeing Days, and other great benefits. - Growth opportunities - we provide the tools and guidance required so that you can focus on what really matters to you and so, ultimately, you can achieve your best work. - Talented colleagues, role models and mentors - work, learn and be inspired by some of the best talent in the software industry. - A commitment to sustainability - with initiatives such as our Environmental, Social, and Governance strategy and Act4Good programme. - A safe and inclusive working environment – supported by our Employee Resource Groups, which are open to all.

Role Description Information Security Consultant – Security Operations and Vulnerability Management Analyst PAHO is searching for an independent consultant to work at the Department of Information Technology Services (ITS), who will support the operational cybersecurity capabilities of PAHO’s Information Security Program, with focus on security monitoring, incident response, threat hunting, and vulnerability management support. Qualifications - University degree in Information Technology, Information Security, Cybersecurity, Computer Science, Engineering, or other related disciplines from an accredited institution. - Desirable: Specialized training in security operations, incident response, vulnerability management, cloud security, threat hunting, or Microsoft security technologies. - Microsoft Certified: Security Operations Analyst Associate, or equivalent. - GIAC Certified Incident Handler (GCIH) or equivalent. - CompTIA Security+, or equivalent cybersecurity certifications. - ITIL Foundation or equivalent service management certification. - At least seven years of combined relevant professional experience in information security, security operations, incident response, vulnerability management, and/or related areas. - Proven experience performing security monitoring, alert triage, incident analysis, and operational response activities in enterprise environments. - Experience using SIEM, EDR/XDR, vulnerability management, and data security monitoring tools to analyze security events, investigate incidents, and support remediation activities. - Experience supporting vulnerability management processes, including vulnerability analysis, risk-based prioritization, remediation coordination, and validation. - Experience with Microsoft Azure security services and the Microsoft security ecosystem, including Microsoft Sentinel, Defender, Entra ID, Intune, and related security capabilities. - Working knowledge of scripting, query, and automation languages such as PowerShell, Python, KQL, JavaScript, and/or shell scripting. - Ability to work collaboratively with cross-functional teams. - Ability to communicate security incidents, technical findings, vulnerability risks, and remediation recommendations clearly to technical and non-technical stakeholders. - Strong analytical, problem-solving, documentation, coordination, and follow-up skills. - Ability to work under pressure during security incidents and maintain clear documentation of actions taken. - Ability to translate operational security findings into actionable recommendations for detection improvement, incident response, and vulnerability management. - Very good knowledge of English and Spanish. Requirements - Monitor and analyze security alerts and events from Microsoft Sentinel, Microsoft Defender suite, Varonis, and other relevant security tools. - Validate, classify, and prioritize alerts based on severity, affected assets, business impact, exposure, and potential risk to the Organization. - Identify suspicious activity across endpoints, identities, cloud services, data repositories, applications, and infrastructure components. - Provide operational feedback to improve alert quality, reduce false positives, strengthen detection coverage, and optimize monitoring practices. - Support the execution and coordination of incident response activities. - Coordinate incident handling with IT Operations, Service Desk, infrastructure teams, application owners, system custodians, external service providers, vendors, and existing Service Management, Incident Response, and Disaster Recovery processes. - Prepare incident summaries and post-incident notes. - Conduct proactive threat hunting activities across endpoint, identity, cloud, data, and application environments. - Identify indicators of compromise, anomalous behavior, suspicious access patterns, unusual data activity, and potential misuse of organizational resources. - Analyze vulnerability findings from Microsoft Defender, Qualys, and other relevant sources. - Provide security analysis, risk-based prioritization and coordination support for remediation actions. - Prepare periodic summaries of security monitoring activities, notable alerts and incidents, threat hunting findings, vulnerability exposure, and operational risks. - Recommend improvements to detection quality, alert triage, incident handling, vulnerability management workflows, and coordination with external providers. Benefits - Band B - Daily rate $258-$314. - Duration: Until 31 December 2026, possibility of extension subject to performance and availability of funds.

• Monitor, triage and enrich low-, medium- and high-complexity security alerts generated by the SIEM • Analyze logs from multiple sources: ZTNA, EDR/XDR, Cloud, Databases, DLP, WAF and CSPM • Conduct detailed analyses of alerts and security events, correlating multiple indicators before concluding an investigation • Investigate and respond to cyber incidents, proposing corrective and preventive actions • Manage ticket workflow, ensuring proper logging, follow-up and escalation when necessary • Develop, review and improve playbooks, runbooks and Standard Operating Procedures (SOPs) • Provide structured feedback to Detection Engineering regarding required use cases and rule tuning • Identify monitoring gaps and proactively propose new SIEM use cases based on the MITRE ATT&CK framework, business-relevant TTPs, critical assets and emerging industry threats • Actively contribute to Cyber Threat Intelligence (CTI) and threat hunting activities • Drive continuous SOC improvement through automation and process optimization • Produce technical and management reports on security status and handled incidents • Support compliance with standards and regulations: PCI-DSS, ISO 27001, LGPD and BACEN regulations • Support internal audits by providing evidence and technical documentation