Mid-Level Security Operations Analyst
Nuclea
full-time
Posted on:
Location Type: Hybrid
Location: São Paulo • 🇧🇷 Brazil
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
LinuxPythonSplunk
About the role
- Continuous monitoring of security events and alerts using SIEM platforms.
- Analysis and correlation of logs to identify suspicious activity or indicators of compromise (IoCs).
- Develop security use cases aligned with frameworks such as MITRE ATT&CK and internal policies.
- Define correlation rules for threat detection (e.g., anomalous behavior, brute-force attacks, data exfiltration).
- Tune thresholds and alert logic to reduce false positives.
- Parser development and log normalization.
- Create custom parsers to integrate new log sources into the SIEM.
- Ensure data normalization (mapping to standard fields such as IP, user, action).
- Validate log quality and consistency to prevent correlation failures.
- Work with common formats (Syslog, JSON, XML) and protocols (CEF, LEEF).
- Operation and automation with SOAR, creating playbooks for fast and efficient response.
- Triage and handling of security incidents according to criticality and impact.
- Investigations across endpoints, networks and applications to determine root cause.
- Escalation and communication with internal teams and vendors when necessary.
- Detailed documentation of incidents, actions taken, and mitigation recommendations.
- Contribute to continuous improvement of monitoring and response processes.
- Participate in incident simulation and tabletop exercises.
- Collaborate with IT and Security teams to implement preventive controls.
Requirements
- Bachelor's degree in Information Security, Cyber Defense, IT or related fields.
- Postgraduate degree in Cyber Security, Forensics, Intelligence or Security Architecture is a plus.
- Experience with SIEMs (Splunk, QRadar, SecOps, Elastic, Sentinel).
- Experience in security incident response.
- Experience with Windows and Linux operating systems.
- Knowledge of query languages (SPL, AQL, KQL).
- Familiarity with regex for parser creation.
- Understanding of log formats and protocols.
- Basics of SOAR automation (Python, YAML).
- Knowledge of MITRE ATT&CK, IOCs, and TTPs.
- Knowledge and hands-on experience with security solutions such as WAF, Firewall, IPS, Anti-Malware, EDR, ATP for detection and containment of security incidents.
- Availability for on-call shifts on weekends and holidays.
- Clear and assertive communication skills.
- Teamwork and collaboration.
- Curiosity and continuous learning.
- Ethics and responsibility.
- Analytical and critical thinking.
- Attention to detail.
- Proactivity.
- Resilience and emotional control.
Benefits
- Health and dental insurance
- Meal allowance (Caju)
- Life insurance
- Home office allowance
- Profit-sharing (PLR)
- Private pension plan
- Childcare assistance
- WellHub (Gympass)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
SIEMlog analysisparser developmentlog normalizationthreat detectionquery languagesSOAR automationsecurity incident responseWindows operating systemLinux operating system
Soft skills
communicationteamworkcuriosityanalytical thinkingattention to detailproactivityresiliencecritical thinkingcollaborationethics
Certifications
Bachelor's degree in Information SecurityPostgraduate degree in Cyber Security