Information Security Analyst (Mid-level) – Vulnerability and Identity Management
Location
Brazil
Posted
6 days ago
Salary
0
Seniority
Senior
Job Description
Information Security Analyst (Mid-level) – Vulnerability and Identity Management
Portobello Shop
• Operate Information Security controls focused on the Vulnerability Management lifecycle and the operation of Identity and Access Management (IAM), working collaboratively on monitoring, triage, and initial incident response across the company. • Execute the Vulnerability Management lifecycle: analyze scan results, perform risk-based prioritization, and coordinate and follow up on remediation with the responsible teams (Infrastructure, Systems, etc.). • Maintain, update, and improve operational metrics and remediation workbooks (agent coverage, severity, SLA tracking for fixes). • Operate Identity and Access Management (IAM) processes: provisioning, deprovisioning, privilege granting, periodic access reviews, and support for MFA mechanisms. • Actively support corporate access review campaigns and validation of segregation of duties (SoD). • Monitor, classify, and investigate alerts generated by security tools within your scope. • Perform triage and initial analysis of security incidents, executing structured escalation to a Specialist when necessary. • Produce periodic operational reports and security indicators for your area of responsibility. • Create and keep technical documentation and standard operating procedures (SOPs) up to date.
Job Requirements
- Professional experience in Information Security, Infrastructure, Systems Administration, or related areas with a security focus.
- Hands-on experience in Vulnerability Management processes and with commercial scanning tools (Qualys, Tenable, Rapid7, or equivalents).
- Solid knowledge of Active Directory, IAM, SSO, and MFA solutions.
- Practical experience monitoring and triaging alerts in SIEM platforms.
- Knowledge of TCP/IP networking, segmentation, and communication protocols.
- Basic administration knowledge of Windows and Linux environments.
- Proven ability for technical analysis and strong care for documenting activities.
- Strong analytical skills and meticulous attention to detail.
- Organized, disciplined, and focused on executing standardized processes.
- Good communication skills for daily interaction with technical teams and business areas.
- Sense of responsibility and interest in continuous learning.
- Specific experience with Wazuh, Elastic Stack (ELK), or other open-source SIEM platforms.
- Knowledge of the ISO/IEC 27001 and CIS Controls frameworks.
- Knowledge of LGPD (Brazilian General Data Protection Law) as applied to logs, identities, and personal data protection in security tools.
- Basic scripting skills (PowerShell, Bash, or Python) for automating routine tasks.
- Entry-level information security certifications (e.g., Security+, CySA+, Microsoft SC-900/SC-300).
Benefits
- Life insurance
- Health and dental insurance
- On-site cafeteria
- Transportation voucher or dedicated company shuttle for employees — specific routes
- Corporate learning platform (Universidade Portobello)
- On-site medical clinic
- Workplace physical exercise program
- Profit-sharing program (PPR)
- Discounts at local pharmacies
- Free parking
- Private pension plan
- Union membership
- Discount network — partnerships with various educational institutions
- Discounts on Portobello product purchases
- Vacation allowance
- Portobello "Mom" allowance — assistance for baby layette purchases
- Childcare allowance
- Assistance for dependents with disabilities
- Training and professional development programs
- Wellhub and many more!
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
• Operar e apoiar a sustentação da plataforma SIEM, garantindo a correta coleta das fontes de logs, integridade e qualidade dos dados recebidos. • Apoiar a criação, revisão e ajuste fino (tuning) de regras e casos de uso de detecção, visando a redução de falsos positivos e otimização dos alertas. • Operar e administrar Firewalls de Próxima Geração (NGFW): implementação controlada de regras de acesso, NAT, VPNs, documentação de justificativas e revisão periódica de regras órfãs. • Apoiar ativamente as atividades de segmentação de rede, regras de tráfego e hardening de perímetro. • Monitorar, classificar e investigar alertas de segurança gerados pelo SIEM, firewalls e demais ferramentas perimetrais. • Realizar a triagem e análise inicial de incidentes de segurança perimetral, efetuando o escalonamento estruturado para o Especialista quando necessário. • Produzir relatórios operacionais, mapas de tráfego e indicadores de incidentes/bloqueios de segurança. • Elaborar e manter atualizada a documentação técnica de topologias, fluxos de redes e procedimentos operacionais (POPs).
Senior Cyber Security Analyst
SS&C TechnologiesEstablished in 1986, SS&C Technologies is a leading global provider of services and software for the global financial services industry. Committed to helping cl
Title: Sr. Cyber Security Analyst Location: Waltham, MA / Boston, MA - Hybrid / New York / Florida / Texas / Virginia / Washington - Remote Full time Job Description: As a leading financial services and healthcare technology company based on revenue, SS&C is headquartered in Windsor, Connecticut, and has 27,000+ employees in 35 countries. Some 20,000 financial services and healthcare organizations, from the world's largest companies to small and mid-market firms, rely on SS&C for expertise, scale, and technology. Job Description Sr. Cyber Security Analyst Locations: Waltham, MA / Boston, MA - Hybrid / New York / Florida / Texas / Virginia / Washington - Remote About the Role We are seeking a Sr. Cybersecurity Analyst to join our growing team, report to the Director of Information Security and Privacy. In this role, you will help protect client data and ensure trust in our products by identifying risks, coordinating remediation, and supporting daily security operations. You will leverage your expertise to assess, implement, and continuously improve controls aligned with security standards. Collaborating with cross-functional teams, you will drive risk-informed decision-making, support audit readiness, and help enhance our security culture. Why Join SS&C SS&C combines proprietary technology with deep industry expertise to support complex financial and health care operations. Our teams design, implement, and operate solutions that help clients manage data, automate processes, and scale their businesses with confidence. You will work with industry experts, modern platforms, and evolving technologies, gaining exposure to real-world operational challenges and large-scale enterprise environments. How You Will Make an Impact - Support the development, implementation, and monitoring of security policies and controls, and collaborate with Global Security to ensure alignment with enterprise security standards and frameworks. - Investigate security incidents and collaborate with internal teams for effective resolution. Coordinate post-incident reporting and remediation. - Partner with the Vulnerability Management team to drive vulnerability remediation, recommend controls, create playbooks, and ensure fixes are completed by application and system owners within SLAs. - Conduct periodic access reviews and report security access violations. - Create and deliver high-quality written communications on security, compliance, and audit issues. - Support internal security projects, automation efforts, and process improvements. - Adopt and extend AI-assisted security tooling to reduce toil, accelerate investigations, augment, and simplify recurring security workflows. - Collaborate with engineering teams to embed security best practices into the software development lifecycle (SDLC) and cloud environments. - Perform security assessments of new products and services to ensure the adequacy of security and privacy. Required Experience - Bachelor's degree in Information Security, Computer Science, or a related field. - 5+ years of experience in cybersecurity, risk management, or related roles. - Strong knowledge of security frameworks and standards (e.g., NIST CSF, ISO 27001, SOC 2, CIS Controls), privacy principles, and risk management methodologies. - Hands-on experience with security tools, including network firewalls, IDS/IPS, WAF, vulnerability management, XDR/EDR, and DLP solutions. - Experience with evaluating and testing the security of Public Cloud (AWS, Azure). - Strong understanding of application security, cloud security, network security, identity and access management, and cryptography. - Excellent written and oral communication skills, with experience in drafting technical documentation and client communications. - Hands-on experience with scripting, automation (Python, PowerShell, Bash, AI), and infrastructure-as-code security (Terraform, CloudFormation) to scale security outcomes and reduce manual work. - Experience executing threat modeling and design reviews. In-depth knowledge of identifying and protecting against web application and API security threats. - Industry certifications such as CISSP, CISM, CCSP, GSEC, or equivalent. What Sets You Apart (preferred qualifications) - Detail oriented and organized, with an ability to track multiple efforts to completion. - Strong analytical, process and problem-solving skills. - The desire, commitment, and ability to be a team player. Ability to manage expectations, align different points of view and gain consensus. - Excellent time management skills to effectively manage multiple and sometimes competing priorities. Ability to develop structured plans for short-term work activities and manage own time to consistently meet agreed targets across multiple concurrent security efforts. - Capable of working with limited direct supervision. Join SS&C, where innovation meets global opportunities. #LI-PE1 #LI-HYBRID Unless explicitly requested or approached by SS&C Technologies, Inc. or any of its affiliated companies, the company will not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services. SS&C Technologies offers a comprehensive total rewards package designed to support your wellbeing, growth, and future. Our benefits include medical, dental, and vision coverage; a 401(k) plan with company match; paid time off, holidays, and parental leave; and professional development reimbursement opportunity. Actual base salary will vary based on several factors, including but not limited to relevant skills, prior experience, education, demonstrated performance, and geographic location. New York: The expected base salary for the position is between 110,000 USD to 145,000 USD. Washington: The expected base salary for the position is between 110,000 USD to 145,000 USD. Massachusetts: The expected base salary for the position is between 110,000 USD to 145,000 USD. In addition, employees in this role may be eligible for consideration on an annual basis for a discretionary bonus and/or equity awards, such as restricted stock units or stock options, based upon individual and business performance at the company's discretion. Applications will be accepted on an ongoing basis until the position is filled. SS&C Technologies is an Equal Employment Opportunity employer and does not discriminate against any applicant for employment or employee on the basis of race, color, religious creed, gender, age, marital status, sexual orientation, national origin, disability, veteran status or any other classification protected by applicable discrimination laws.
Role Description At Centorrino Technologies (CT), we’re more than just tech—we’re a community that goes beyond expectations. We’ve been recognised as a Great Place to Work in 2024 and one of the Best Places to Work Medium Size in Australia for 2024, with an outstanding eNPS score of 68. And we’re not stopping there. We're on a mission to redefine the customer experience, and we need a passionate Cyber Analyst to join our team in Melbourne and/or Perth. This role requires NV1 security clearance. - Conduct real-time monitoring of security alerts and incidents utilising our SIEM tools (FortiSIEM and MS Sentinel) to ensure swift identification and resolution of potential threats. - Utilise vulnerability management tools such as Tenable and MS Defender to report on vulnerabilities within customer environments and propose appropriate remediation plans. - Conduct security awareness training sessions for customers to foster a security-conscious culture. - Conduct regular security meetings with CT customers by generating reports and presenting findings. - Collaborate with all stakeholders to configure and fine-tune security tools, including EDR solutions, application control, firewalls, intrusion detection systems, and anti-malware software. - Develop and maintain comprehensive documentation on security procedures and guidelines. - Stay up-to-date with the latest cyber security trends, technologies, and best practices to continuously enhance our security posture. Qualifications - An NV1 Security Clearance is required to be eligible for this role. - Experience with any SIEM products, ideally FortiSIEM and/or Microsoft Sentinel. - Familiarity with IDS/IPS, EDR Solutions, cloud technologies and endpoint protection. - Knowledge of network protocols, security architectures, and information security frameworks. - Ideally experience in conducting vulnerability assessments and remediation. - Excellent analytical and problem-solving skills, with the ability to think critically and respond quickly to security incidents. - Effective communication and teamwork skills, with the ability to convey complex technical concepts to non-technical stakeholders. - Ideally experience in conducting vulnerability assessments and remediation using products such as Tenable and Microsoft Defender. - Working with user Cybersecurity Awareness training software such as uSecure or Microsoft based training modules. - Relevant certifications are beneficial (e.g., Tenable Vulnerability Management Specialist Course, SC-900, SC-200, SC-100). Benefits - Extensive training and development opportunities that enable continual growth as part of your career planning. - Extensive discounts and benefits to maximise your money. - A choice of your IT equipment to maximise your success and access to cost-price tech for your personal needs. - Fun team events to celebrate achievements and connect with colleagues outside work as part of our engaging culture. - CT celebrates diversity and enables every voice to be heard as we drive to create the world we want. Note: A valid Vulnerable People / Working with Children Check (WWCC) and Police Check are required.
Role Description Develop and maintain a forward-looking cybersecurity strategy while integrating emerging technologies into the AIOps roadmap. Ensure security designs align with overarching business and IT objectives by collaborating with Security Architects and IT teams. - Provide technical direction for implementing security solutions and maintaining consistency across platforms. - Lead innovation initiatives by researching new security technologies and enhancing existing systems and processes. - Design data integration solutions that support AI training while ensuring compliance with regulatory requirements. - Assess technical security risks, implement mitigation strategies, and conduct vulnerability management activities. - Act as a technical leader, collaborating with cross-functional teams and supporting security incident investigations. - Promote security best practices, monitor performance metrics, and design scalable AIOps solutions that align with business goals. 100% telecommuting allowed from any location in the U.S. Qualifications - Master’s Degree in Information Systems, Cybersecurity, Information Technology, or a related field. - Two (2) years of experience in the job offered or related field. - Employer is willing to accept Bachelor’s degree and Five (5) years of experience in the job offered or related field in lieu of the Master’s Degree and Two (2) years of experience. Requirements - Two (2) years demonstrated experience in working with cybersecurity principles, practices, and technologies. - Two (2) years demonstrated experience in working with machine learning and data analysis techniques. - Two (2) years demonstrated experience in developing and implementing technical security and AIOps strategies. - Experience working with the following security technologies, platforms, and AIOps tools: - Firewalls - Intrusion Detection & Response (EDR) - Security Information & Event Management (SIEM) - Identity & Access Management (IAM) - Data Loss Prevention (DLP) - Cloud Security Solutions - Zero Trust Security Frameworks - Threat Intelligence Platforms - Vulnerability Management Platforms - Application Security Platforms - Security Orchestration, Automation, and Response (SOAR) - App Dynamics - Datadog - Dynatrace - Splunk IT Service Intelligence (ITSI) - LogicMonitor - BigPanda - AI & Machine Learning Fundamentals: working with supervised/unsupervised learning, neural networks, and model training. - Data Engineering: working with data ingestion, transformation, and pipeline management. - Cloud Platforms: working with Azure and Databricks for implementing AIOps. - Scripting & Automation: working with Python, Bash, or PowerShell for automating tasks and workflows. - Monitoring & Observability Tools: working with tools like Splunk, Evidently, Azure monitoring. - DevOps & CI/CD: working with Jenkins, Github Actions. - MLOps: Managing ML models in production, including versioning, monitoring, and retraining. Benefits - Competitive compensation package. - Base pay determined by performance, experience, skills, equity, regular job market evaluations, and geographical markets. - Other compensation, such as an annual bonus or long-term incentive opportunities may be offered. Contact To apply, please send resumes to JobPostings@McKesson.com . Reference #: 002251.



