About the role

Technical Leader at VISION Cybersecurity overseeing SOC operations and guiding security investigations. Responsible for improving detection mechanisms and collaboration with security engineering teams.

Responsibilities

Act as the primary technical reference for SOC operations, supporting N1 and N2 analysts in conducting security investigations.
Perform advanced technical analysis of complex incidents, including root cause identification, impact assessment, and attack vector determination.
Correlate events from multiple sources (SIEM, EDR/XDR, network logs, system logs and other security tools) to build threat scenarios.
Provide technical guidance on containment, mitigation, and incident response actions.
Ensure the technical quality of analyses performed by the SOC, reviewing investigations when necessary.
Ensure adherence to the defined processes, procedures and playbooks for the operation.
Identify opportunities to improve detection mechanisms and support the creation and evolution of correlation rules in the SIEM.
Work to reduce false positives and increase the SOC’s operational efficiency.
Propose and implement continuous improvements to operational processes, playbooks and runbooks.
Collaborate with Security Engineering and DFIR teams to evolve detection and response capabilities.
Provide technical support for the analysis of relevant incidents to management (supervisors and managers).
Promote sharing of technical knowledge and best practices within the team.
Document relevant technical analyses and contribute to the evolution of the operation’s documentation.
Support the preparation of technical reports on security incidents.

Hands-on experience with SIEM platforms (e.g., Securonix, Splunk, IBM QRadar, Microsoft Sentinel or similar), including creating and tuning correlation rules.
Experience with EDR/XDR solutions (e.g., Microsoft Defender, CrowdStrike, SentinelOne).
Experience analyzing security logs from multiple sources:
• Operating systems (Windows/Linux)
• Network devices (Firewalls, Proxies, IDS/IPS)
• Applications and cloud services
Knowledge of network protocols (TCP/IP, DNS, HTTP/HTTPS) and traffic analysis.
Familiarity with investigation and analysis tools, such as:
• Threat Intelligence platforms
• Sandboxes
• Forensic analysis tools (basic to intermediate)
Experience integrating security tools and ingesting logs.
Knowledge of cloud environments (Azure, AWS or GCP) and their security logs.
Advanced incident investigation capabilities (analysis, correlation and response).
Strong log analysis skills and the ability to identify attack patterns.
Experience reducing false positives and optimizing alerts.
Practical knowledge of security frameworks and methodologies, such as:
• MITRE ATT&CK
• NIST
• CIS Controls
Ability to create and evolve:
• Detection use cases
• Incident response playbooks and runbooks
Structured thinking for analyzing complex scenarios and identifying root causes.

Health plan with no monthly fee for you (cost-sharing);
Dental plan with no monthly fee for you;
Life insurance;
Pipo Saúde: Digital health and corporate benefits broker;
Zenklub: Emotional health and well-being platform, with special discounts;
TotalPass: Platform that connects you to various networks to support your and your family’s well-being.
Private pension plan;
Commuter allowance;
Meal or food allowance;
Birthday day off: How about a day off during your birthday month?
Casual ISH – Comfort and professionalism together: choose an outfit that reflects your well-being while respecting the workplace;
Morning and afternoon fruit breakfasts to boost energy for in-person routines!
Employee referral program with cash bonuses;
Onboarding kit: We prepare a Super kit to support your day-to-day at work.
Deeplearning: Our Corporate University - a space dedicated to continuous development of our employees, with courses, training and workshops focused on professional and personal improvement;
Opportunity for professional growth;
Culture of feedback and development;
Exclusive leadership program;
Here you’ll find a relaxed environment that breathes innovation; our leadership is accessible! Doors are always open and you can find them walking the company corridors.