Caro usuário, habilite o javascript para que esse site funcione corretamente.

Security Operations Engineer

CLT (Efetivo)Presencial (Local)VIPPorto Alegre-RSEmpresa Confidencial (Cadastre-se)

* Salário: R$ 3.000 a R$ 6.000 por mês (estimado)

* O valor exibido é uma estimativa calculada com base em dados públicos e referências do mercado. Não garantimos que este seja o salário oferecido para esta vaga específica.

Área: Tecnologia da Informação

Nível: Junior

About Confidencial (Apenas para Cadastrados)

We are a global technology company specializing in digital applications and security. Our platform helps companies operate more agilely, reducing response times and increasing the reliability of their systems.

At Confidencial (Apenas para Cadastrados), our purpose is to simplify application development and transform the future with cutting-edge technology. Here, you will have the chance to develop in an innovative environment, alongside a high-performance team, working on real challenges and creating solutions that make a difference.

About the Position

We are looking for a [Job title] to join our [Department] team in our [location] office. As part of the [Department] team, the successful candidate will be responsible for [information about the responsibilities of the position].

Key Responsibilities

  • Detection engineering: rules mapped to MITRE ATT&CK, with measurable coverage and FP rates.
  • SIEM operation: rules, decoders, dashboards, and data source onboarding (hosting delegated).
  • Incident response: leads end-to-end IR; coordinates with external retainer for surge work.
  • Alert triage of escalations from MDR and internal tooling.
  • Threat hunting (hypothesis-driven and intel-driven).
  • Threat intelligence: consumes and operationalizes IOCs and TTPs into detections.
  • EDR operation: policy, response actions, SIEM integration.
  • Automation and SOAR: playbooks to reduce triage and response toil.
  • Phishing simulation and security awareness program operation.
  • Cross-coverage: shared on-call rotation across the three-engineer team.

Required Qualifications

  • Deep familiarity with at least one major SIEM (Wazuh, Splunk, Sentinel, Elastic, Chronicle).
  • Hands-on with at least one major EDR (CrowdStrike, SentinelOne, Defender for Endpoint).
  • Strong understanding of MITRE ATT&CK, the cyber kill chain, and NIST 800-61 IR lifecycle.
  • Log analysis across Windows, Linux, cloud audit trails, and identity logs (Okta, Entra ID).
  • Scripting in Python or PowerShell.
  • Working knowledge of attacker tradecraft, malware behavior, and network forensics.
  • Bachelor's in Computer Science, Information Security, or equivalent practical experience.

Preferred Qualifications

  • Certifications: GCIH, GCFA, GCIA, GCDA, GNFA, or Blue Team Level 2.
  • Detection-as-code experience (rules in Git, peer-reviewed, CI-tested).
  • Prior experience inside an MDR provider.
  • Hands-on cloud detection and response (AWS, Azure, or GCP).
  • Purple team or red/blue collaboration experience.
  • Malware analysis or memory forensics fundamentals.
  • Public detection contributions (Sigma rules, Atomic Red Team, conference talks).

Benefits & Confidencial (Apenas para Cadastrados) Way of Life

  • CLT hiring model;
  • Health and dental plan;
  • Flexible VR and VA (Flash Card), including during vacation periods;
  • Transport voucher without payroll deduction;
  • Annual internal hackathons;
  • Mobility allowance (additional amount for travel);
  • Freestyle (incentive to customize the workstation);
  • Stock options (according to policy);
  • Birthday day off;
  • TotalPass;
  • Flexible working hours (really flexible);
  • Nomad Program to work from anywhere for up to 30 days per year (according to policy);
  • Annual international exchange program.

FlexWork Model

We offer a FlexWork model that prioritizes acculturation and collaboration. For the first three months, you will work on-site in the local office, an essential step in building solid relationships and a genuine connection with our values and culture. We believe that this initial immersion not only strengthens the team, but also boosts creativity and innovation.

After this period, you will have the possibility to apply for the hybrid model, working on-site at least three times a week. This approach balances interaction in person and autonomy, creating a dynamic and productive working environment.

At Confidencial (Apenas para Cadastrados), all applications are welcome, regardless of gender, sexual orientation, age, pregnancy, disability, ethnicity, color, country of origin, or religion. We believe that an inclusive environment contributes to our success and that respect is present in all our relationships.

Come and join our team! We look forward to getting to know you and walking a path of success in technology together!

Compartilhar: FacebookTwitterLinkedInwhatsapp
Reportar erro nesta vaga