Continuously monitor alerts and events in the Wazuh SIEM, identifying anomalous behavior and potential threats.
Analyze the transaction dashboard of the SaaS platform, detecting suspicious patterns or fraudulent activity in incentive and payment operations.
Perform alert triage, correlating events from multiple sources (application logs, network, endpoints, and cloud).
Monitor indicators of compromise (IoCs) and implement detection rules in the SIEM.
Support identification, containment, and escalation of security incidents according to established playbooks.
Document incidents clearly and accurately, recording timelines, impact, and actions taken.
Collaborate with Infrastructure, Development, and Product teams during investigations and remediation processes.
Perform basic analysis of logs, artifacts, and suspicious samples to support investigations.
Contribute to the preparation of periodic security reports (daily, weekly, and monthly).
Keep up to date with vulnerability advisories (CVEs) and threat intelligence relevant to the technology and fintech sectors.
Propose adjustments and create new rules and alerts in Wazuh based on identified incidents.
Participate in security posture review meetings and SOC improvement processes.
Assist in creating and updating runbooks and incident response playbooks.

Bachelor’s degree completed or in progress in Information Security, Computer Science, Computer Engineering, Computer Networks, Information Systems, or related fields.
Solid understanding of computer networking: TCP/IP, DNS, HTTP/S, firewalls, and proxies.
Familiarity with SIEM concepts and log analysis (experience with Wazuh is a plus).
Knowledge of Linux and Windows operating systems, including interpretation of native logs.
Familiarity with attack and defense techniques (MITRE ATT&CK, Cyber Kill Chain).
Ability to read and interpret raw logs (syslogs, event logs, access logs).
Strong attention to detail and analytical reasoning.
Ability to work under pressure and manage priorities in incident scenarios.
Clear and concise communication, both written and verbal.
Proactivity, intellectual curiosity, and a continuous desire to learn.
Entry-level security certifications: CompTIA Security+, SC-900, eJPT, CEH, or similar (desirable).
Hands-on experience with Wazuh: rule configuration, decoders, and integrations (desirable).
Knowledge of threat intelligence platforms (VirusTotal, AbuseIPDB, etc.) (desirable).
Basic knowledge of cloud security (AWS) (desirable).
Basic scripting knowledge in Python or Bash for task automation (desirable).

Benefit (iFood Benefits Card): BRL 1,120.00 per month
Participation in a physical and mental health program through partners, including gym network access and telehealth services.

Junior SOC Analyst – Blue Team

Key skills