Cyber Incident Response Analyst

Location: São Paulo, State of São Paulo, Brazil

Department: Embedded Consulting Services

Workplace: on_site

Employment Type: full

Description

This role requires both in-person and 12x36 shift work. Shifts are 12 hours, with 36 hours off in between. Please submit CVs in English.

As a Triage Analyst within the Global Security Operations Center (GSOC), you will serve as the first line of defense for the CSIRT squad. Your primary mission is the high-precision screening and validation of security events. You will be responsible for filtering out the "noise," identifying real threats among thousands of alerts, and ensuring that critical incidents are enriched with context and escalated to specialized squads with maximum efficiency. This role is balance between technical alertness and rapid decision-making.

Core Responsibilities

• Alert Monitoring & Queue Management: Actively monitor SIEM, EDR, and cloud security consoles to identify suspicious activity. Maintain a high pace of alert processing while ensuring no critical signal is missed.
• Validation & Classification: Distinguish between false positives and true security incidents. Assign correct severity levels based on business impact, asset criticality, and the current threat landscape.
• Incident Enrichment: Perform initial "deep dives" on alerts by collecting relevant evidence (logs, process trees, network traffic, and metadata). Use OSINT and internal tools to provide immediate context for the CSIRT responders.
• Initial Containment (Tier 1 Response): Execute standardized playbooks for immediate threat mitigation, such as isolating compromised hosts, revoking session tokens or blocking malicious IPs/domains to minimize "blast radius."
• Seamless Escalation: Draft high-quality hand-off reports for the CSIRT squad, ensuring all technical indicators (IOCs) and initial findings are clearly documented to reduce Mean Time to Respond (MTTR).
• External Threat Screening: Monitor Dark Web, social media, and phishing repositories for targeted campaigns, performing the initial triage of leaked credentials or mentions of the company.

Requirements

Technical Requirements

• Log Analysis: Proficiency in analyzing logs from multiple sources (Windows/Linux Event Logs, Firewall, Proxy, AWS/Azure/GCP, and O365).
• Network Fundamentals: Solid understanding of TCP/IP, DNS, HTTP/S, and common attack vectors (DDoS, SQLi, Brute Force).
• Tooling: Familiarity with SIEM/EDR platforms and triage-assistance tools (e.g., VirusTotal, Any.Run, URLScan, Joe Sandbox, AbuseIPDB).
• Frameworks: Understanding of the MITRE ATT&CK framework to categorize observed attacker behavior during the triage process.

Qualifications and specialist skills

• Bachelor’s degree in computer science, Computer Engineering or related fields.
• Experience: At least 1 year of experience in a SOC or Incident Response environment, specifically handling high-volume alert queues.
• Languages: Fluency in Portuguese and English is mandatory for technical reporting and global collaboration.

Behaviors

• All employees are expected to display behaviours reflective of our company values: Integrity and Ethics, Collaboration and Teamwork, Commitment to People and Professionalism and Excellence.

Please submit CVs in English.