Overview of the role:

As a Senior Incident Response Engineer at Confidencial (Apenas para Cadastrados), you will play a key role in protecting our systems and data by leading the detection, investigation, and response to security incidents.

This is a highly technical and hands-on position, combining incident response, threat hunting, and security engineering. You will work on complex investigations, improve our response capabilities, and help scale our security operations in a fast-paced, global environment.

What you’ll do:

• Lead the investigation and response to security incidents across corporate environments
• Analyze logs, alerts, and telemetry from SIEM, EDR, IDS/IPS, and other security tools
• Execute and coordinate containment, eradication, and recovery actions
• Perform root cause analysis (RCA) and drive improvements to prevent recurrence
• Conduct proactive threat hunting to identify suspicious or malicious behavior
• Investigate anomalous activities across networks, endpoints, and cloud environments
• Analyze indicators of compromise (IOCs) and attacker techniques (MITRE ATT&CK)
• Perform digital forensics and ensure proper evidence handling
• Develop and maintain incident response playbooks and procedures
• Automate detection and response workflows using scripting (Python, PowerShell, or Bash)
• Integrate and optimize security tools to improve detection and response efficiency
• Document incidents, findings, and lessons learned
• Contribute to the continuous evolution of security operations and incident response maturity

What you’ll bring:

• Strong experience in Incident Response or Security Operations in complex environments
• Hands-on experience with security tools (SIEM, EDR, IDS/IPS, firewalls)
• Solid understanding of networking (TCP/IP, DNS, HTTP, traffic analysis, packet capture)
• Experience with log analysis and investigation of security events
• Knowledge of digital forensics and incident investigation
• Experience with scripting (Python, PowerShell, or Bash) for automation
• Familiarity with frameworks such as MITRE ATT&CK, NIST, or ISO 27001
• Experience working with cloud environments (AWS, GCP, or Azure)
• Experience with version control (Git)

We require a candidate who has achieved or is capable of the following:

• Ability to correlate multiple data sources and identify attack patterns
• Clear and effective communication with both technical and non-technical stakeholders
• Ability to perform under pressure during high-severity incidents
• Strong ownership and accountability in incident handling
• High level of organization and discipline in documentation
• Proactive approach to learning and staying up to date with emerging threats
• Experience with malware analysis, threat intelligence, SOAR, or security architecture is a plus
• Experience in large-scale or high-availability environments is a plus

It’s ok if you don’t think you tick every box on this list. We love people who want to challenge themselves and are passionate about what they do. If you believe you can contribute in some areas and are eager to learn, we encourage you to apply.