Mid-level Information Security Analyst – Red Team, Vulnerabilities

Role Overview

• Work within Elo's Offensive Security structure, with a primary focus on vulnerability management and penetration testing;
• Plan and execute vulnerability scans across Elo's technology environment and applications, analyze results, assess risk and prioritize remediation according to the Vulnerability Management process and policy;
• Plan and perform security testing (DAST, SCA, vulnerability scans and PCI ASV) and penetration tests to support continuous improvement of the security posture;
• Plan and support Red Team activities focused on preventive and proactive risk identification, especially related to environment compliance for maintaining PCI DSS certification and high standards of the NIST CSF;
• Validate and review penetration test reports, understand identified risks and work with development teams to ensure fixes within SLAs defined by policy;
• Maintain and evolve Vulnerability Management KPIs and dashboards, ensuring executive visibility and supporting decision-making;
• Support implementation and adherence to appropriate security controls for protecting sensitive data, validating their effectiveness in collaboration with Blue Team, Cyber Threat Intelligence (CTI), Security Architecture, CloudSec, Governance and Identity teams;
• Prepare, review and keep up-to-date documentation relevant to the area and responsibilities, such as policies, standards and operational procedures;
• Promote a secure development mindset at Elo through culture, awareness and training actions with teams;
• Support security risk mitigation by proposing and evaluating compensating controls when necessary.

Requirements

• Minimum of 2 years' proven experience with vulnerability scanning tools (e.g., Qualys, Tenable, Nessus, OpenVAS or similar), as well as experience with SAST, DAST, SCA and related tools;
• Experience presenting security risks/vulnerabilities identified by SAST, DAST, SCA and penetration tests to different business areas and technical teams such as engineering and infrastructure;
• Experience building, monitoring and maintaining KPIs and risk indicators to support decision-making;
• Knowledge of PCI-DSS and NIST CSF, and familiarity with methodologies and frameworks such as OWASP, Secure SDLC (S-SDLC) and MITRE ATT&CK;
• Knowledge of offensive security methodologies focused on penetration testing for web/mobile applications and APIs, including technical validation of pentest reports and understanding of exploitation techniques;
• Knowledge of cloud computing architectures and services, networking, operating systems, cryptography and related technologies;
• Bachelor's degree completed or in progress in cybersecurity or a related field;
• Relevant certifications such as CEH (Certified Ethical Hacker) or similar are a plus;
• Advanced English for documentation and written communication.

Tech Stack

• Cloud
• SDLC

Benefits

• Profit Sharing Program (PPR)
• Health insurance (Bradesco
• copayment)
• Optional dental insurance (Bradesco)
• Life insurance (Banco do Brasil)
• Optional private pension (you may contribute up to 7.8% of salary; Elo's contribution ranges from 100% to 200% according to rules)
• Meal/food allowance of R$1,800.00
• Flexible credit balance of R$150.00
• Holiday/Christmas card: R$750.00
• Home office allowance: R$200.00 for hybrid model and R$300.00 for remote model
• Mobility allowance: R$400.00
• Free parking
• Childcare assistance for parents
• Culture allowance (benefit to be used for theater, cinema or bookstores)
• Extended parental leave (for same-sex couples, fathers, adoptive parents, etc.)
• Birthday day off
• Zenklub (psychotherapy
• up to 4 sessions per month fully paid by Elo)
• WellHub and TotalPass (network of gyms and studios for sports activities)