Information Security Specialist
São Paulo, São Paulo, Brazil
Full Time
5 hours ago
No Sponsorship
Key skills
AWSAzureCloudCyber SecurityGoogle Cloud PlatformGCPGoogle CloudIAMRisk ManagementOWASPNetwork SecurityCloud SecurityWAF
About this role
Role Overview
- Act as a technical reference in Information Security;
- Lead response to critical incidents, acting as the technical lead in crisis situations;
- Provide direct, ongoing technical support to analysts, working hands-on in investigations, troubleshooting, and advanced analyses;
- Act as a Security Champion in corporate projects, assessing risks, defining security requirements, and validating architectures;
- Ability to assess cyber risks in OT environments without operational impact, prioritizing availability, safety, and business continuity;
- Knowledge of industrial architectures, including the Purdue Model, zone and conduit definitions, and IT/OT network segmentation;
- Work in Cloud Security with focus on IAM, logging, security posture, and native controls;
- Define, operate, and optimize WAF and application/API security, mitigating OWASP Top 10 risks;
- Execute and direct Cyber Threat Intelligence (CTI) activities, correlating threats, campaigns, and TTPs with business impact;
- Technically lead takedown processes, brand protection, and mitigation of digital fraud;
- Work collaboratively with antifraud, risk, legal, and business teams;
- Support and advance vulnerability management processes, prioritizing risks based on operational and business impact.
Requirements
- Postgraduate degree in Information Security, Cybersecurity, Cyber Defense, Security Engineering, Risk Management, Governance, or related fields;
- Experience in Information Security or Cybersecurity;
- Experience with EDR/XDR, SIEM, and SOAR, with a focus on continuous improvement of use cases, automation, and reduction of operational risk;
- Advanced knowledge of Cloud Security (AWS, Azure, or GCP), with the ability to assess architectures, risks, and security controls in critical environments;
- Experience with WAF, application and API security, defining preventive controls aligned with business risk;
- Solid knowledge of network security, segmentation, access control, and protection of hybrid environments;
- Practical experience in Cyber Threat Intelligence (CTI), with the ability to convert intelligence into strategic defensive decisions;
- Applied knowledge of OT cybersecurity (Cyber OT), including the Purdue Model, zones and conduits, with focus on operational risk, safety, and business continuity;
- Knowledge of ICS/SCADA and industrial protocols;
- Applied knowledge of frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001, IEC 62443, and PCI DSS, using them as a basis for decision-making and prioritization;
- Advanced English, with the ability to participate in and lead technical and executive meetings with international teams.
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
- Google Cloud Platform
Benefits
- Health Insurance
- Dental Insurance
- Life Insurance
- Wellhub
- Meal Voucher
- Discount on Havaianas products
- Birthday Day Off
- Transportation Allowance
- Private Pension
- Profit Sharing (PLR)
- Courses, training and other development activities through ALU (Alpa Learning Universe), our corporate university
- Flexible onsite work model (minimum 3 days per week in the office)
- Flexible Working Hours