Role Overview

We are hiring a Mid-Level IAM Analyst to join our cybersecurity team. This role is responsible for support for orchestrating and responding to incidents, following processes, playbooks, and best practices create process, configurating tools and improving IAM subjects to company.

The professional will work closely with other security fronts, infrastructure, systems, and business teams, evaluating improvements and adjustments necessary for the effectiveness of the incident response process, as well as supporting the organization's Cyber ​​Defence strategy of IAM Program.

Key Responsibilities

• Support, implement, and maintain identity and access management processes, including provisioning, revocation, and periodic privilege reviews;

• Management of IAM-related tools, ensuring functionality, reliability, and compliance with security requirements;

• Create, review, and optimize access rules, profiles, groups, and policies, ensuring the application of principles such as least privilege and SoD (Segregation of Duties) for on-premises and cloud environments;

• Support integrating systems and applications with IAM platforms;

• Collaborate with other teams to map access processes, identify risks, and recommend control implementations or automations;

• Support internal teams in understanding identity and access management practices and related security requirements;

• Support audit processes, continuously monitor security alerts generated by the SIEM.

• Analyze security events from different sources (proxy, firewall, XDR, Cloud, database, DLP, among others) in order to identify possible incidents or violations, suspicious activities, or indicators of compromise (IOCs).

• Ability to write incident reports containing evidence, root cause analysis, action plan, and address issues with the responsible teams.

• Handling N2 and N3 incidents.

• Identify false positives, correlate events, and propose improvements to controls.

• Suggest and develop new SOAR playbooks.

• Contribute to the continuous evolution of monitoring, refinement of rules, and producing KPIs on MTTD (Mean Time to Detection), MTTR (Mean Time to Remediation), and False Positive Rate.

• Configure, create, and review security policies, operational playbooks, and exceptions in defense solutions (XDR, SIEM, SOAR, Email Protection, and other security tools).

• Conduct security investigations and threat hunting activities through in-depth analysis of logs, alerts, and telemetry, identifying anomalous behaviors, possible indicators of compromise, and potential early-stage threats. 

 Required Skills & Experience

• At least 3 years of direct experience with IAM-related topics;

• Knowledge about AD/Entra ID, LDAP, SAML, OAuth, SSO, MFA, PAM, SoD, RBAC, Principle of Least Privilege and access reviews;

• Experience management IAM tools;

• Knowledge of Defender for Identity and other IAM tools for hybrid and multicloud environments (On-Prem, Azure, AWS, GCP);

• Fluency in English;

• Knowledge of information security standards and best practices (e.g., ISO 27001, NIST, etc.).

• At least 5 years of experience in SOC/CSIRT teams, working with information security monitoring and incident response, and digital fraud investigation.

• Proficiency in networks, protocols, and logs (firewall, proxy, DNS, syslog, endpoint, cloud, etc.).

• Experience with SIEM, EDR/XDR, DLP, WAF, IDS/IPS, FW, etc. solutions.

• Familiarity with MITRE ATT&CK, OWASP Top 10, CVSS, NIST CSF, and major attack scenarios, whether at the network level, application level, social engineering, ransomware and various malware, fraud, among others.

• Experience in event correlation and alert triage.

• Relevant certifications (e.g., Security+, CEH, CHFI) are highly desirable.

• Fluency in English.

• Ability to orchestrate incidents, escalating to technology teams and other stakeholders.

• Practical knowledge of CrowdStrike Falcon, Microsoft Defender for Cloud, Defender for Endpoint, Microsoft Sentinel, and Defender for 365 solutions for monitoring, analysis, tuning, use case creation, and operational responses within these platforms.

Preferred Qualifications

• Knowledge of scripts and automations, integration of new tools into SIEM.

• Knowledge of Threat Intel, to enrich the SOC, understanding of tools and techniques used in attacks (TTPs), investigations of IOCs, IOAs, data breach investigations, etc.

• Participation in Purple Team exercises and/or attack simulations to enrich threat detection methods.

• Certifications in CrowdStrike and Microsoft solutions.

• Relevant certifications from IAM/PAM solution providers, for example: (CyberArk, Senha Segura, BeyondTrust, SailPoint, Okta, Microsoft EntraID, etc).