Information Security Specialist

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Portobello Shop

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

🛒 Retail

🛍️ eCommerce

Retail • eCommerce • Construction

Portobello Shop is a leading retailer in Brazil, specializing in a diverse range of products for interior design and construction. With 150 stores across the country, they offer exclusive products tailored for large construction projects as well as a variety of items through multi-brand retail outlets. Portobello Shop focuses on transforming environments and enhancing customer experiences through innovative solutions in design and building materials.

📋 Description

• Technical owner for the information security operations platform, responsible for the architecture, strategy, and sustaining controls for detection, incident response, vulnerability management, identity management, and perimeter governance. • Primary technical reference for the area, contributing to process maturity and the technical development of the team. • Architect, deploy, and direct the maintenance of an open-source-based SIEM platform, including data collection, normalization, event correlation, processing pipelines, and retention policies. • Develop and maintain detection use cases aligned with the MITRE ATT&CK framework, with continuous tuning to reduce false positives and increase detection effectiveness. • Strategically lead the corporate Vulnerability Management program, including risk-based prioritization, coordination of remediation with technology teams, and monitoring executive-level indicators. • Define and govern Identity and Access Management (IAM) processes: identity lifecycle, segregation of duties, RBAC, MFA, and periodic access reviews. • Govern policies and rules for Next-Generation Firewalls (NGFW): network segmentation, periodic rule reviews, and hardening. • Provide technical leadership for response to critical security incidents, supporting containment, forensic analysis, and coordination of remediation activities. • Implement and monitor hardening of environments based on recognized industry benchmarks (CIS Benchmarks). • Develop automations and integrations using tools and scripting languages to optimize team operations. • Prepare and maintain high-complexity technical documentation, standard operating procedures, security policies, and reference architectures. • Act as a mentor to team analysts, promoting knowledge transfer, technical culture, and operational continuity.

🎯 Requirements

• Solid and proven experience in Information Security operations (SecOps, Blue Team, or related areas). • Advanced hands-on experience with open-source SIEM platforms (creating complex rules, event correlation, tuning, and detection engineering). • Experience designing and running corporate Vulnerability Management programs. • Experience with commercial Vulnerability Management tools (Qualys, Tenable, Rapid7, or equivalents). • Experience in governance of Identity and Access Management (IAM), including Active Directory, SSO, MFA, identity federation, and RBAC models. • Experience in administration and governance of Next-Generation Firewalls (Check Point, Palo Alto, Fortinet, or equivalents). • Applied knowledge of the ISO/IEC 27001, NIST Cybersecurity Framework, and CIS Controls frameworks. • Experience with automation using Python, Bash, or PowerShell. • Proficiency with Windows and Linux environments. • Knowledge of Cloud environments (AWS, Azure, or OCI). • Technical autonomy and resilience to make decisions under resource constraints or crisis scenarios. • Highly collaborative profile and orientation toward solving complex problems. • Excellent verbal and written communication to interact with both technical and executive (non-technical) audiences. • Commitment to documentation and knowledge dissemination. • Differential: • Advanced knowledge of regex and building custom parsers. • Recognized certifications in Information Security (e.g., CISSP, CISM, CompTIA CySA+, Security+, eLearnSecurity). • Practical knowledge of the Brazilian General Data Protection Law (LGPD) applied to log management and security monitoring. • Experience in Operational Technology (OT) / industrial environments.

🏖️ Benefits

• Life insurance; • Health and dental insurance; • On-site cafeteria/restaurant; • Transportation voucher or dedicated company shuttle for employees - specific routes; • Portobello Corporate University platform; • On-site medical clinic; • Workplace exercise program (ginástica laboral); • Profit Sharing (PPR); • Discounts at local pharmacies; • Free parking; • Private pension plan; • Union membership; • Discount network - partnerships with various educational institutions; • Discounts on Portobello product purchases; • Vacation bonus (Abono Férias); • "Mother Support" allowance - to purchase baby layette; • Childcare allowance; • Assistance for dependents with disabilities (PCD dependents); • Professional training and development programs; • Wellhub and many more!!!