Senior Security Engineer
Stone & Company
full-time
Posted on:
Location Type: Remote
Location: Brazil
Visit company websiteExplore more
Job Level
About the role
- Works on ambiguous problems without a predefined scope that require difficult prioritization, balancing deadlines and quality
- Serves as a reference for decisions on solution details
- Helps the team resolve loosely scoped problems and participates in solution discovery
- Provides suggestions and constructive feedback, disseminating technical knowledge within the team
- Independently defines and delivers technical roadmaps for larger projects, often involving cross-team dependencies
- Shares knowledge with the team
- Establishes individual objectives in a simple and cohesive manner
- Enables teams that interface with and within their own team to collaborate on area and company-wide objectives
- Pursues tangible deadlines for projects and strategy
- Brings clarity to executive definitions and enables fair discussion of objectives
- Reviews technical and commercial proposals from IT partners
- Assists in creating and monitoring the strategic evolution roadmap for Information Security
- Helps define general guidelines and best practices for information security
- Creates a culture of transformation by sharing lessons learned while delivering results
Requirements
- Experience with Python
- Understand how attacks work, perform proof-of-concepts (PoCs) and create filters/detection methods
- Advanced knowledge of networking and protocols: NetFlow, packet sniffers, vPC, STP, HSRP, QoS, VoIP, IPsec
- Intermediate knowledge of cryptography
- Ability to read and understand RFCs (Request for Comments) published by the IETF (Internet Engineering Task Force)
- Basic understanding of best practices such as DISA STIGs, SRGs, CISecurity
- Advanced knowledge of ISO 27000 series, ITIL, FIPS 140-2, CWE, CVSS, CVE, MITRE ATT&CK, EDR, MDR
- Advanced knowledge of Linux servers (forensics, clustering, disaster recovery)
- Advanced knowledge of Windows servers (Active Directory, IIS, DNS, SSL/TLS, WSUS, service hardening)
- Advanced knowledge of DNS services (DNSSEC, AXFR/IXFR, SOA, CAA)
- Advanced knowledge of virtualization and container solutions (NSX, VDI, SDDC, KVM, hypervisor technologies, NFV)
- Intermediate knowledge of threat techniques (reverse engineering, buffer overflow, shellcode, obfuscation, hijacking, DLL hooking, process hooking, process injection)
- Intermediate programming/development knowledge (ASM, C, C#, Golang, Rust)
- Intermediate knowledge of cloud platforms such as AWS, Azure, GCP
- Advanced knowledge of IDS/IPS, Firewall, Web Gateway, Email Gateway, WAF bypass techniques, anti-malware, Proxy, HIDS, NIDS
- Advanced knowledge of fragmentation, spoofing, and proxying techniques
- Ability to collect and preserve evidence
- Ability to handle and simulate information security incidents
Benefits
- 🩺 Health and Dental Insurance
- 🏥 Digital Hospital by Vitta: access to a multidisciplinary medical team, therapists, and a 24/7 health team available quickly and conveniently
- 🥗 Meal Allowance and/or Food Voucher
- 💻 Remote Allowance + Initial Setup (exclusive for remote positions)
- 🕗 Flexible working hours
- ✏ Education Benefit - Internal platform with access to books, podcasts, training, and video lessons for self-development (Studa and StoneCo Library)
- 💪 Gympass
- 👶 Childcare Assistance
- 💰 Profit Sharing (PLR)
- 💚 Life Insurance
- 🚗 Transportation Voucher (exclusive for on-site positions)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
PythonnetworkingcryptographyLinux serversWindows serversDNS servicesvirtualizationcloud platformsIDS/IPSthreat techniques
Soft Skills
problem solvingcommunicationcollaborationfeedbackstrategic planningknowledge sharingprioritizationclarityobjectives settingtransformation
Certifications
ISO 27000 seriesITILFIPS 140-2DISA STIGsCISecurity