Analista de Segurança Cibernética Sr - SIEM **General Information** Req # 100015652 Career area: Information Technology Country/Region: Brazil State: São Paulo City: Sao Paulo Date: Friday, January 31, 2025 **Additional Locations** : * Brazil **Why Work at Lenovo** We are Lenovo. We do what we say. We own what we do. We WOW our customers. Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). To find out more visitwww.lenovo.com (https://news.lenovo.com/) and read about the latest news via ourStoryHub (https://news.lenovo.com/) . **Description and Requirements** Primary Responsibilities + Provide engineering, operation and enhancement of the SIEM, SOC platform tools and data collection and analysis systems. + Develop, deploy, and tune tools content and reporting. + Assist in the design, architecture and implementation of use cases, detection rules, integration and workflows automation + Analyze existing use case catalogue and correlation rules implemented as well as automation workflows. + Cooperate with the other team members in correlation searches development and testing. + Prepare correlation search test, conduct test and document evidence from test that shows correlation search addresses scenario described in use case. + Cooperate with log source onboarding project to assure correct log source onboarding and log mapping to data models according to SOC tools best practices. + Responsible for the creation of procedures, runbooks, high-level/low-level documentation, implementation of processes and development of staff in relation to SOC tools detection logic. + Provides expert technical advice and counsel in the design, monitoring and improvement of SIEM security systems and SOC tools. Knowledge and skills + 3+ years of hands-on SIEM experience. + Direct experience with SOC tools engineering and data integration. + Scripting and development skills in Python/Perl with deep comprehension of regular expressions. + General networking and security knowledge. + Experience with building intricate searches from disparate data sources and joining them together + Versed in building threat detections (correlation rules) using security logs to detect malicious activity with high fidelity + Knowledge of security logging for Linux, Windows, major EDRs, Firewalls, & Active Directory + The ability to aggregate and analyze logs from various deployed security devices. + Familiarity with DevOps and cloud computer service providers (AWS / Azure) **Additional Locations** : * Brazil * Brazil