Middle Cybersecurity Engineer

• Act as the technical escalation point for complex incidents; directly analyze logs, events, and provide mitigation recommendations.
  
• Conduct root cause analysis (RCA), diagnosing the origin, impact, and corrective actions for security incidents.
  
• Develop and fine-tune advanced detection rules (e.g., using the MITRE ATT&CK framework) in SIEM and/or EDR tools.
  
• Implement and manage automation playbooks (e.g., Playbooks in Azure Sentinel) to accelerate and optimize incident response processes.
  
• Participate in the implementation and monitoring of security controls such as IAM, EDR, DLP, and specific cloud security protections (e.g., Azure Defender).
  
• Provide technical guidance for SOC task execution, ensuring implementation and technical alignment with the project.
  
• Drive continuous improvement and optimization of incident response processes within the SOC.
  
• Perform critical vulnerability assessments within the client perimeter and coordinate mitigation actions.
  
• Adopt an analytical approach to detect anomalies in logs and events, using complex queries in KQL (Microsoft Sentinel).
  
• Participate in crisis management processes, supporting the response during highly critical situations.
  
• Produce detailed technical reports on security incidents and vulnerabilities (RCA).
  
• Develop methodologies for data and log integration, increasing SOC visibility and effectiveness.
  

Requirements

• Bachelor's or postgraduate degree in Information Security or Cybersecurity.
  
• Minimum of 3/4 years in cybersecurity, with at least 2 of those years focused on cybersecurity incident management or team management.
  
• Fluency in English (written and spoken) is essential.
  
• Experience with SIEM tools, especially Microsoft Sentinel (or similar solutions like Splunk or QRadar).
  
• Experience with EDR tools (e.g., SentinelOne, CrowdStrike, Microsoft Defender).
  
• Experience with Vulnerability Management tools (e.g., Rapid7, Tenable).
  
• Experience in cloud security, particularly with Microsoft Azure (Azure Sentinel, Azure Defender, etc.).
  
• Leadership skills and experience managing small teams.
  
• Strong communication skills, with the ability to translate technical concepts.
  
• Attention to detail and accuracy in analysis and documentation processes.
  
• Critical thinking.
  
• Analytical mindset to identify complex patterns and correlate security events.
  

• the preference is for candidates based in Lisbon or Porto with a hybrid work model (2 days per week in the office). However, we can consider profiles from outside these two urban centers if candidates are available for travel. They will be part of the shared Cybersecurity team.
  

• International experience.
  
• Certifications: Security+, SC-200, SC-100, AZ-500.