Emojipedia

Information Security Specialist

Emojipedia

full-time

Posted on:

Location Type: Remote

Location: Brasil

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSCloudDNSDockerGoKubernetesPythonTCP/IPTerraform

About the role

  • Lead the response to complex security incidents by conducting in-depth investigations, coordinating mitigation of critical threats, and guiding technical teams during security crises.
  • Design, implement, and optimize advanced security controls, including defense-in-depth architectures, security frameworks, and corporate policy governance.
  • Serve as a technical authority in security architecture reviews, performing threat modeling, risk analysis, and designing secure solutions for critical systems and strategic initiatives.
  • Conduct and coordinate security audits, advanced penetration tests, red team exercises, and compliance assessments against regulatory frameworks (ISO 27001, LGPD, OWASP, SOC 2).
  • Define security strategies for new products, platforms, and integrations, working from conception through implementation and continuous monitoring.
  • Develop and evolve incident response playbooks, crisis management procedures, and continuous improvement programs based on lessons learned.
  • Lead vulnerability management, patch management, and hardening initiatives for critical infrastructure (cloud and on-premises).
  • Plan, execute, and oversee penetration testing (Pentest) and offensive security assessments, translating technical findings into actionable remediation plans.
  • Implement and promote security practices throughout the development lifecycle (DevSecOps), including secure coding and code review.
  • Act as a senior technical reference for the security team, disseminating knowledge, delivering training, and promoting a security-first culture across the organization.
  • Establish security metrics and indicators (KPIs/KRIs), prepare executive reports, and present risk analyses.

Requirements

  • Proven, substantial experience in Information Security, with work across multiple areas (operations, architecture, governance, and incident response).
  • Deep knowledge of detection and incident response, threat hunting, digital forensics, and advanced use of SIEM.
  • Experience with security architectures in hybrid environments (cloud and on-premises), with deep knowledge of AWS.
  • Mastery of security frameworks and standards (NIST CSF, ISO 27001/27002, CIS Controls, or OWASP Top 10).
  • Strong knowledge of network protocols, cryptography, authentication, and access controls (TCP/IP, DNS, HTTP, etc.).
  • Strong analytical skills, critical thinking, and an investigative approach to root cause analysis and resolution of complex problems.
  • Hands-on experience with cloud security solutions: WAF, ZTNA, CASB, DLP, and Cloudflare security tools.
  • Advanced experience in Threat Hunting, Threat Intelligence, and use of threat modeling frameworks.
  • Expertise in log analysis, event correlation, forensic investigation, and use of SIEM/SOAR tools for threat detection.
  • Use of artificial intelligence and machine learning tools to optimize vulnerability analysis, event correlation, and automation of security processes.
  • Knowledge of threat modeling, quantitative risk analysis, and hardening processes.
  • Excellent technical and interpersonal communication skills, with the ability to produce technical documentation, security policies, and executive presentations.
  • Proven ability to translate technical risks into business language.
  • Intermediate to advanced experience in penetration testing (network, application, API), familiarity with methodologies (OWASP, OSSTMM, PTES) and tools (Burp Suite, Metasploit, Nmap, Wireshark, Cobalt Strike).
  • Advanced security certifications: CISSP, CISM, OSCP, GIAC (GPEN, GCIH, GCIA), CEH, CCSP, or equivalents.
  • Advanced experience with security automation, scripting and tool development (Python, Bash, PowerShell, Go) and use of security APIs.
  • Experience in Red Team/Blue Team/Purple Team operations, adversary simulation (APT), and tabletop exercises.
  • Prior experience in technology companies, healthtechs, scale-ups, or high-criticality and regulatory compliance environments.
  • Deep knowledge of Zero Trust architectures and implementation of least-privilege and micro-segmentation principles.
  • Additional offensive security and pentest certifications: OSCP, OSWE, OSCE, eJPT, eCPPT, or equivalents.
  • Experience in highly regulated environments (healthcare) with knowledge of LGPD and SOC 2 Type II.
  • Expertise in DevSecOps, integration of security into CI/CD pipelines, container security (Docker, Kubernetes) and IaC security (Terraform, CloudFormation).
  • Knowledge of Threat Intelligence, malware analysis, reverse engineering, and adversary emulation techniques.
  • Experience with Bug Bounty programs, vulnerability disclosure, and coordinating vulnerability responses.
Benefits
  • CAJU card: monthly credit of R$ 1,059.00 distributed across categories: Meals, Food, Mobility, Health, Home Office, Culture, and Education.
  • AMIL National Health Plan S750R1 Special Apartment: 30% copayment on consultations and exams and 40% on PS; extendable to legal dependents (spouses and/or children up to 24 years). Dependent costs are deducted from payroll. Cost for dependent: R$ 826.92 per person + copayment.
  • Omni Saúde: Intended for acquisition of medications with a medical prescription. Monthly balance of R$ 100.00 provided to the employee, exclusively for purchasing medications prescribed by our Conexa Hospital.
  • Free access to Conexa and Zenklub platforms, with online consultations to support your mental and physical health.
  • Childcare assistance according to the regional collective bargaining agreement and extended maternity/paternity leave for our team: option to extend maternity leave to 6 months. For fathers, paternity leave is 30 days.
  • SULAMERICA Life Insurance: Financial protection for you and your loved ones.
  • Day off during your birthday month: take time off to celebrate your special day.
  • Totalpass and Wellhub: benefits to support your fitness goals.
  • Course discounts: Conexa offers educational partnerships with various institutions for personal and professional development.
  • SESC benefit: access to sports, cultural activities, leisure, courses and more with special conditions for employees and dependents.
  • Transportation Voucher: 6% salary deduction if opted.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
incident responsethreat huntingdigital forensicssecurity frameworkspenetration testingvulnerability managementcloud securitysecurity automationscriptingrisk analysis
Soft Skills
analytical skillscritical thinkinginterpersonal communicationtechnical documentationexecutive presentationsproblem resolutionteam leadershiptraining deliverysecurity-first culture promotionroot cause analysis
Certifications
CISSPCISMOSCPGIACCEHCCSPOSWEOSCEeJPTeCPPT