Cyber Incident Response Analyst

Control Risks
📍 São Paulo - SP Publicado 20/02/2026 Área: Analista de Resposta a Incidentes de Cybersegurança

Entre ou cadastre-se para liberar a candidatura

Faça login para acessar o link original e 73.490 vagas ativas.

  • Candidatura liberada em 1 clique
  • Alertas de vagas
  • Favoritas salvas
  • Matches do seu perfil
Criar conta grátis para candidatar

Sem custo — leva cerca de 1 minuto.

Sobre a vaga

Leia os requisitos e vantagens antes de aplicar. Atualize seu currículo para aumentar as chances.

Local: São Paulo - São Paulo, Brazil, São Paulo, State of São Paulo, Brazil Formato: Presencial This role requires both in-person and 12x36 shift work.

Local

São Paulo - SP

Presencial

Responsabilidades

  • Alert Monitoring & Queue Management: Actively monitor SIEM, EDR, and cloud security consoles to identify suspicious activity.
  • Validation & Classification: Distinguish between false positives and true security incidents.
  • Incident Enrichment: Perform initial "deep dives" on alerts by collecting relevant evidence (logs, process trees, network traffic, and metadata).
  • Initial Containment (Tier 1 Response): Execute standardized playbooks for immediate threat mitigation, such as isolating compromised hosts, revoking session tokens or blocking malicious IPs/domains to minimize "blast radius."
  • Seamless Escalation: Draft high-quality hand-off reports for the CSIRT squad, ensuring all technical indicators (IOCs) and initial findings are clearly documented to reduce Mean Time to Respond (MTTR).
  • External Threat Screening: Monitor Dark Web, social media, and phishing repositories for targeted campaigns, performing the initial triage of leaked credentials or mentions of the company.

Requisitos

  • Bachelor's degree in computer science, Computer Engineering or related fields.
  • At least 1 year of experience in a SOC or Incident Response environment, specifically handling high-volume alert queues.
  • Fluency in Portuguese and English is mandatory for technical reporting and global collaboration.
  • Proficiency in analyzing logs from multiple sources (Windows/Linux Event Logs, Firewall, Proxy, AWS/Azure/GCP, and O365).
  • Solid understanding of TCP/IP, DNS, HTTP/S, and common attack vectors (DDoS, SQLi, Brute Force).
  • Familiarity with SIEM/EDR platforms and triage-assistance tools (e.g., VirusTotal, Any.Run, URLScan, Joe Sandbox, AbuseIPDB).
  • Understanding of the MITRE ATT&CK framework to categorize observed attacker behavior during the triage process.

Carga horária

This role requires both in-person and 12x36 shift work.

Sobre a empresa

All employees are expected to display behaviours reflective of our company values: Integrity and Ethics, Collaboration and Teamwork, Commitment to People and Professionalism and Excellence.