Analista de Segurança da Informação Pleno – Detecção, SIEM, Perímetro, NGFW
Location
Brazil
Posted
6 days ago
Salary
0
Seniority
Senior
Job Description
Analista de Segurança da Informação Pleno – Detecção, SIEM, Perímetro, NGFW
Portobello Shop
• Operar e apoiar a sustentação da plataforma SIEM, garantindo a correta coleta das fontes de logs, integridade e qualidade dos dados recebidos. • Apoiar a criação, revisão e ajuste fino (tuning) de regras e casos de uso de detecção, visando a redução de falsos positivos e otimização dos alertas. • Operar e administrar Firewalls de Próxima Geração (NGFW): implementação controlada de regras de acesso, NAT, VPNs, documentação de justificativas e revisão periódica de regras órfãs. • Apoiar ativamente as atividades de segmentação de rede, regras de tráfego e hardening de perímetro. • Monitorar, classificar e investigar alertas de segurança gerados pelo SIEM, firewalls e demais ferramentas perimetrais. • Realizar a triagem e análise inicial de incidentes de segurança perimetral, efetuando o escalonamento estruturado para o Especialista quando necessário. • Produzir relatórios operacionais, mapas de tráfego e indicadores de incidentes/bloqueios de segurança. • Elaborar e manter atualizada a documentação técnica de topologias, fluxos de redes e procedimentos operacionais (POPs).
Job Requirements
- Experiência profissional em Segurança da Informação, Redes, Infraestrutura de TI ou áreas correlatas com foco em segurança.
- Experiência prática em monitoramento, triagem de logs e operação rotineira de plataformas SIEM.
- Conhecimento em operação e administração de Firewalls de Próxima Geração (Check Point, Palo Alto, Fortinet ou equivalentes).
- Conhecimentos sólidos e práticos de redes TCP/IP, roteamento, segmentação de redes (VLANs, DMZs) e protocolos de comunicação.
- Conhecimento de regras de detecção, correlação de eventos e análise de cabeçalhos de logs.
- Conhecimento de ambientes Windows e Linux.
- Capacidade comprovada de análise técnica e zelo por documentação de atividades.
- Elevada capacidade analítica, atenção aos detalhes e perfil investigativo.
- Organização e disciplina para seguir processos de controle de mudanças (Change Management).
- Boa comunicação para interação com equipes de infraestrutura, telecom e parceiros externos.
- Proatividade e interesse em evolução técnica contínua na área de SecOps.
Benefits
- Assistência médica e odontológica;
- Seguro de vida;
- Vale refeição;
- Vale-transporte;
- Abono Férias;
- Auxilio farmácia;
- Assistência a dependentes com deficiência;
- Wellhub (plataforma bem-estar);
- Day off no mês do aniversário;
- Desconto na compra de produtos Portobello;
- Rede de descontos - parcerias com diversas instituições;
- Programa de Participação nos Lucros e Resultados;
- Aprende Shop (plataforma de conteúdos online);
- Programas de Capacitação e Desenvolvimento Profissional.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Senior Cyber Security Analyst
SS&C TechnologiesEstablished in 1986, SS&C Technologies is a leading global provider of services and software for the global financial services industry. Committed to helping cl
Title: Sr. Cyber Security Analyst Location: Waltham, MA / Boston, MA - Hybrid / New York / Florida / Texas / Virginia / Washington - Remote Full time Job Description: As a leading financial services and healthcare technology company based on revenue, SS&C is headquartered in Windsor, Connecticut, and has 27,000+ employees in 35 countries. Some 20,000 financial services and healthcare organizations, from the world's largest companies to small and mid-market firms, rely on SS&C for expertise, scale, and technology. Job Description Sr. Cyber Security Analyst Locations: Waltham, MA / Boston, MA - Hybrid / New York / Florida / Texas / Virginia / Washington - Remote About the Role We are seeking a Sr. Cybersecurity Analyst to join our growing team, report to the Director of Information Security and Privacy. In this role, you will help protect client data and ensure trust in our products by identifying risks, coordinating remediation, and supporting daily security operations. You will leverage your expertise to assess, implement, and continuously improve controls aligned with security standards. Collaborating with cross-functional teams, you will drive risk-informed decision-making, support audit readiness, and help enhance our security culture. Why Join SS&C SS&C combines proprietary technology with deep industry expertise to support complex financial and health care operations. Our teams design, implement, and operate solutions that help clients manage data, automate processes, and scale their businesses with confidence. You will work with industry experts, modern platforms, and evolving technologies, gaining exposure to real-world operational challenges and large-scale enterprise environments. How You Will Make an Impact - Support the development, implementation, and monitoring of security policies and controls, and collaborate with Global Security to ensure alignment with enterprise security standards and frameworks. - Investigate security incidents and collaborate with internal teams for effective resolution. Coordinate post-incident reporting and remediation. - Partner with the Vulnerability Management team to drive vulnerability remediation, recommend controls, create playbooks, and ensure fixes are completed by application and system owners within SLAs. - Conduct periodic access reviews and report security access violations. - Create and deliver high-quality written communications on security, compliance, and audit issues. - Support internal security projects, automation efforts, and process improvements. - Adopt and extend AI-assisted security tooling to reduce toil, accelerate investigations, augment, and simplify recurring security workflows. - Collaborate with engineering teams to embed security best practices into the software development lifecycle (SDLC) and cloud environments. - Perform security assessments of new products and services to ensure the adequacy of security and privacy. Required Experience - Bachelor's degree in Information Security, Computer Science, or a related field. - 5+ years of experience in cybersecurity, risk management, or related roles. - Strong knowledge of security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls), privacy principles, and risk management methodologies. - Hands-on experience with security tools, including network firewalls, IDS/IPS, WAF, vulnerability management, XDR/EDR, and DLP solutions. - Experience with evaluating and testing the security of Public Cloud (AWS, Azure). - Strong understanding of application security, cloud security, network security, identity and access management, and cryptography. - Excellent written and oral communication skills, with experience in drafting technical documentation and client communications. - Hands-on experience with scripting, automation (Python, PowerShell, Bash, AI), and infrastructure-as-code security (Terraform, CloudFormation) to scale security outcomes and reduce manual work. - Experience executing threat modeling and design reviews. In-depth knowledge of identifying and protecting against web application and API security threats. - Industry certifications such as CISSP, CISM, CCSP, GSEC, or equivalent. What Sets You Apart (preferred qualifications) - Detail oriented and organized, with an ability to track multiple efforts to completion. - Strong analytical, process and problem-solving skills. - The desire, commitment, and ability to be a team player. Ability to manage expectations, align different points of view and gain consensus. - Excellent time management skills to effectively manage multiple and sometimes competing priorities. Ability to develop structured plans for short-term work activities and manage own time to consistently meet agreed targets across multiple concurrent security efforts. - Capable of working with limited direct supervision. Join SS&C, where innovation meets global opportunities. #LI-PE1 #LI-HYBRID Unless explicitly requested or approached by SS&C Technologies, Inc. or any of its affiliated companies, the company will not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. SS&C Technologies offers a comprehensive total rewards package designed to support your wellbeing, growth, and future. Our benefits include medical, dental, and vision coverage; a 401(k) plan with company match; paid time off, holidays, and parental leave; and professional development reimbursement opportunity. Actual base salary will vary based on several factors, including but not limited to relevant skills, prior experience, education, demonstrated performance, and geographic location. New York: The expected base salary for the position is between 110,000 USD to 145,000 USD. Washington: The expected base salary for the position is between 110,000 USD to 145,000 USD. Massachusetts: The expected base salary for the position is between 110,000 USD to 145,000 USD. In addition, employees in this role may be eligible for consideration on an annual basis for a discretionary bonus and/or equity awards, such as restricted stock units or stock options, based upon individual and business performance at the company's discretion. Applications will be accepted on an ongoing basis until the position is filled. SS&C Technologies is an Equal Employment Opportunity employer and does not discriminate against any applicant for employment or employee on the basis of race, color, religious creed, gender, age, marital status, sexual orientation, national origin, disability, veteran status or any other classification protected by applicable discrimination laws.
Role Description At Centorrino Technologies (CT), we’re more than just tech—we’re a community that goes beyond expectations. We’ve been recognised as a Great Place to Work in 2024 and one of the Best Places to Work Medium Size in Australia for 2024, with an outstanding eNPS score of 68. And we’re not stopping there. We're on a mission to redefine the customer experience, and we need a passionate Cyber Analyst to join our team in Melbourne and/or Perth. This role requires NV1 security clearance. - Conduct real-time monitoring of security alerts and incidents utilising our SIEM tools (FortiSIEM and MS Sentinel) to ensure swift identification and resolution of potential threats. - Utilise vulnerability management tools such as Tenable and MS Defender to report on vulnerabilities within customer environments and propose appropriate remediation plans. - Conduct security awareness training sessions for customers to foster a security-conscious culture. - Conduct regular security meetings with CT customers by generating reports and presenting findings. - Collaborate with all stakeholders to configure and fine-tune security tools, including EDR solutions, application control, firewalls, intrusion detection systems, and anti-malware software. - Develop and maintain comprehensive documentation on security procedures and guidelines. - Stay up-to-date with the latest cyber security trends, technologies, and best practices to continuously enhance our security posture. Qualifications - An NV1 Security Clearance is required to be eligible for this role. - Experience with any SIEM products, ideally FortiSIEM and/or Microsoft Sentinel. - Familiarity with IDS/IPS, EDR Solutions, cloud technologies and endpoint protection. - Knowledge of network protocols, security architectures, and information security frameworks. - Ideally experience in conducting vulnerability assessments and remediation. - Excellent analytical and problem-solving skills, with the ability to think critically and respond quickly to security incidents. - Effective communication and teamwork skills, with the ability to convey complex technical concepts to non-technical stakeholders. - Ideally experience in conducting vulnerability assessments and remediation using products such as Tenable and Microsoft Defender. - Working with user Cybersecurity Awareness training software such as uSecure or Microsoft based training modules. - Relevant certifications are beneficial (e.g., Tenable Vulnerability Management Specialist Course, SC-900, SC-200, SC-100). Benefits - Extensive training and development opportunities that enable continual growth as part of your career planning. - Extensive discounts and benefits to maximise your money. - A choice of your IT equipment to maximise your success and access to cost-price tech for your personal needs. - Fun team events to celebrate achievements and connect with colleagues outside work as part of our engaging culture. - CT celebrates diversity and enables every voice to be heard as we drive to create the world we want. Note: A valid Vulnerable People / Working with Children Check (WWCC) and Police Check are required.
Role Description Develop and maintain a forward-looking cybersecurity strategy while integrating emerging technologies into the AIOps roadmap. Ensure security designs align with overarching business and IT objectives by collaborating with Security Architects and IT teams. - Provide technical direction for implementing security solutions and maintaining consistency across platforms. - Lead innovation initiatives by researching new security technologies and enhancing existing systems and processes. - Design data integration solutions that support AI training while ensuring compliance with regulatory requirements. - Assess technical security risks, implement mitigation strategies, and conduct vulnerability management activities. - Act as a technical leader, collaborating with cross-functional teams and supporting security incident investigations. - Promote security best practices, monitor performance metrics, and design scalable AIOps solutions that align with business goals. 100% telecommuting allowed from any location in the U.S. Qualifications - Master’s Degree in Information Systems, Cybersecurity, Information Technology, or a related field. - Two (2) years of experience in the job offered or related field. - Employer is willing to accept Bachelor’s degree and Five (5) years of experience in the job offered or related field in lieu of the Master’s Degree and Two (2) years of experience. Requirements - Two (2) years demonstrated experience in working with cybersecurity principles, practices, and technologies. - Two (2) years demonstrated experience in working with machine learning and data analysis techniques. - Two (2) years demonstrated experience in developing and implementing technical security and AIOps strategies. - Experience working with the following security technologies, platforms, and AIOps tools: - Firewalls - Intrusion Detection & Response (EDR) - Security Information & Event Management (SIEM) - Identity & Access Management (IAM) - Data Loss Prevention (DLP) - Cloud Security Solutions - Zero Trust Security Frameworks - Threat Intelligence Platforms - Vulnerability Management Platforms - Application Security Platforms - Security Orchestration, Automation, and Response (SOAR) - App Dynamics - Datadog - Dynatrace - Splunk IT Service Intelligence (ITSI) - LogicMonitor - BigPanda - AI & Machine Learning Fundamentals: working with supervised/unsupervised learning, neural networks, and model training. - Data Engineering: working with data ingestion, transformation, and pipeline management. - Cloud Platforms: working with Azure and Databricks for implementing AIOps. - Scripting & Automation: working with Python, Bash, or PowerShell for automating tasks and workflows. - Monitoring & Observability Tools: working with tools like Splunk, Evidently, Azure monitoring. - DevOps & CI/CD: working with Jenkins, Github Actions. - MLOps: Managing ML models in production, including versioning, monitoring, and retraining. Benefits - Competitive compensation package. - Base pay determined by performance, experience, skills, equity, regular job market evaluations, and geographical markets. - Other compensation, such as an annual bonus or long-term incentive opportunities may be offered. Contact To apply, please send resumes to JobPostings@McKesson.com . Reference #: 002251.
Cybersecurity Analyst (SOC) N2
OnePointWepoint is the architect of major transformations for businesses and public sector organizations. We support our clients from strategy through technological implementation, always striving to think beyond the obvious and to act within the framework of Economic, Social, Environmental, and Technological Responsibility (RESET). Our goal is to create new ways of working, new economic models, and smarter environments. In nearly 20 years, we have become one of the key players in digital transformation, employing 3,500 people across Europe, Tunisia, North America, and the Asia-Pacific region.
Role Description L'Analyste SOC assure la surveillance des événements de sécurité au sein du Centre d’opérations de sécurité (SOC) 24×7. Le but principal de cette position est de fournir une analyse et une réponse rapide aux menaces détectées. En tant qu’Analyste de Cyber Sécurité, vous êtes non seulement responsable de la surveillance, de l’analyse et de la résolution en temps réel des incidents de sécurité identifiés, mais vous serez également responsable du développement continu et de l’amélioration des capacités 24×7 du Centre d’Opérations Sécurité (SOC). Responsabilités - Fournir une analyse des tendances des données des journaux de sécurité à partir d'un grand nombre de dispositifs de sécurité hétérogènes; - Analyser les journaux de sécurité de différentes sources (proxy, pare-feu, réseau, serveurs Web et appareils Linux/Windows) pour comprendre la source/l'impact des enquêtes/incidents de sécurité; - Fournir une enquête approfondie, une analyse et une réponse experte aux incidents pour les alertes de sécurité; - Assurer la liaison avec les équipes informatiques et les autres équipes cybersécurité pour effectuer une analyse sur les systèmes compromis afin d'identifier l'étendue et la nature de la compromission et fournir des recommandations sur les mesures correctives; - Assurer la liaison avec les équipes informatiques lors des investigations incident et post incident pour contenir, éradiquer les intrusions et mettre en œuvre des mesures de remédiation; - Développer des capacités de chasse aux menaces et aider au développement et à la validation des cas d'utilisation; - Fournir de l'aide et des conseils aux analystes de niveau I; - Faire remonter les incidents de sécurité potentiels aux analystes de niveau 3; - Travailler à l'optimisation des processus de résolution d'incident, y compris, mais sans s'y limiter, l'automatisation des processus et le développement de tableaux de bord; - Assurer la liaison avec les équipes informatiques et les autres équipes cybersécurité pour mettre en œuvre les meilleures pratiques de sécurité et faire mûrir l'incident de sécurité; - Collaborer avec d'autres équipes TI et cybersécurité régionales et mondiales dans les enquêtes/incidents de sécurité; - Suivre et suivre la documentation liée aux incidents, y compris les analyses des causes profondes et les leçons apprises, et mettre à jour les plans de résolution des incidents en conséquence; - Fournir les métriques de réponse aux incidents et les KPI; - Capacité à hiérarchiser et à équilibrer plusieurs enquêtes et incidents; - Aider à développer et à maintenir des procédures d'exploitation standard, un plan de réponse aux incidents et des playbooks; - Participer aux audits internes et externes. Qualifications - Baccalauréat ou supérieur en informatique, ingénierie, informatique ou discipline connexe; - Plus de 5 ans d'expérience professionnelle dans le domaine de la technologie, dont un minimum de 3 ans et plus en SOC; - Expérience minimum de 2 ans avec les plateformes SIEM telles que Kibana : rédaction de recherches, création de tableaux de bord et réalisation d'enquêtes; - Expérience avec EDR, NDR et autres systèmes similaires : effectuer des analyses et collecter des preuves; - Excellente connaissance des frameworks standard de l'industrie (tels que MITRE ATT&CK); - Solide expérience technique et familiarité avec divers types et techniques de cyberattaques avec le cycles de vie de réponse et de chasse aux menaces et incidents; - Excellente communication en français et en anglais. L'anglais est requis, le poste demandant de communiquer avec des partenaires et des clients situés à l'extérieur du Québec; - Seuls les candidats légalement autorisés à travailler pour tout employeur au Canada seront considérés. Benefits - Minimum of 3 weeks of vacation starting from the first year; - Comprehensive group insurance with a generous employer contribution; - Employer contribution to a group RRSP; - Full remote work flexibility: Hybrid, Remote, or On-site; - A warm, bright, and welcoming office offering fresh fruit, coffee, beverages, occasional meals, etc.; - Annual IT equipment budget; - A balanced work environment with flexible working hours; - Career development: training and certifications, online or in-person learning, Wepoint Academy, etc.; - An international community of experts ready to share their knowledge; - A company culture focused on individuals’ needs and their belonging to a strong community.



