Analista Pleno de Segurança Patrimonial na Hershey Brasil, responsável por suporte de segurança física e gestão de serviços de segurança. Atuará em conformidade e gestão de crise em São Roque.
About the role
- Security Engineer responsible for designing and optimizing the security platform across on-prem and cloud environments. Collaborates with SOC and IT teams to strengthen security controls efficiently in Sydney, Australia.
Responsibilities
- Operate and fine-tune EDR, ensuring high visibility and timely response to detections.
- Investigate alerts, triage incidents, and coordinate remediation with IT and engineering teams.
- Develop and maintain detection rules, response playbooks, and operational dashboards.
- Run regular vulnerability scans across endpoints, servers, and cloud workloads.
- Prioritize findings based on exploitability and asset criticality.
- Work with system owners to track remediation progress and verify fixes.
- Review and improve AWS configurations using AWS tools or CNAPP / CSPM monitoring tools (e.g., Wiz, Orca)
- Support secure architecture and IaC practices (Terraform, CloudFormation) with dev teams.
- Automate checks and alerting for misconfigurations and policy violations.
- Support developers on secure coding practices and pipeline integration (e.g., Snyk).
- Review secrets management, API credential handling, and CI/CD pipeline security.
- Implement and maintain least privilege and MFA policies across systems.
- Assist with SSO/SCIM integrations (e.g., Entra ID, 1Password, Cloudflare Zero Trust).
- Work alongside IT Operations and Cloud teams to deploy, harden, and monitor security tools.
- Participate in incident response exercises, phishing simulations, and post-incident reviews.
- Contribute to process documentation and internal knowledge base (e.g., runbooks, playbooks).
Requirements
- **4–6 years of hands-on security experience**, ideally in endpoint protection, cloud security, or vulnerability management.
- Strong working knowledge of **AWS security services**, IAM, and network fundamentals.
- Practical experience with **EDR tools (CrowdStrike, Defender, etc.)** and vulnerability scanners (Qualys, Tenable, etc.).
- Solid understanding of incident response, detection engineering, and access control principles.
- Exposure to security frameworks (ISO 27001, SOC 2, NIST) is a plus, but not mandatory.
- Clear communicator who can explain security findings to both technical and non-technical teams.
Benefits
- Celebrate your tenure with us! Receive generous milestone anniversary gifts that grow with each year of service.
- Join a vibrant workplace culture with fantastic team-building activities, fostering camaraderie and collaboration among colleagues.
- Prioritize your well-being!
- Invest in your growth!
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Senior Security Architect managing security architecture for Fitch Group. Leading design and implementation of control sets for emerging technologies.
Regional Information Security Officer managing security protocols and compliance for KARL STORZ. Leading local ISOs and enhancing information security measures across subsidiaries.
CISO managing information security and privacy governance at Puzzel, a leading cloud - based contact center provider in Europe. Engaging with stakeholders for compliance and risk management.
Manager of IT Support & Endpoint Security overseeing service desk operations and endpoint security strategies. Leading a team to deliver high - quality technical support and manage IT security policies.
Senior Security Officer responsible for security and safety duties in acute care settings. Providing armed presence and response, coordinating with law enforcement as required.
Security Officer overseeing sensitive information protection and compliance with regulations. Collaborating with internal teams ensure security policy implementation and risk management under EU standards.
Technical consultant addressing information security risks for USAA and guiding strategic security direction. Leading peers in assessing security strategies and educating on best practices.
Technical Recruiter for BGS managing recruitment of Cybersecurity and IT professionals. Collaborating with technical teams to identify skill requirements and enhance talent acquisition processes.
PAM Manager responsible for strategy, roadmap, and operations of PAM program at Intact. Leading a team to safeguard privileged identities and secrets across various environments.