GSOC Watch Desk Analyst

This role requires both in-person and 12x36 shift work. Shifts are 12 hours, with 36 hours off in between.

The Watch Desk Analyst (Brand & Cyber Focus) is an entry-level role within the Global Security Operations Center, supporting the company’s security intelligence work.

In this role, you will help identify and assess online risks that may affect the company, its customers, executives and employees. This includes monitoring public sources and security platforms for phishing, impersonation, fake apps, fraudulent ads, suspicious domains, leaked-data claims, scams and reputational risks.

This is a hands-on role for someone who is curious, detail-oriented and comfortable working with online information. You should be able to investigate, separate what matters from what does not, and communicate your findings clearly, especially when time matters.

What you’ll do

• Monitor public sources and security tools to identify potential risks involving the company’s brand, customers, executives and employees.
• Review alerts related to phishing, impersonation, fake apps, fraudulent ads, suspicious domains, leaked data and online scams.
• Check whether findings are relevant, credible and urgent, and escalate the right cases to the right teams.
• Write clear and timely updates to help teams understand what happened, why it matters and what should happen next.
• Support brand protection and takedown efforts by collecting evidence, documenting findings and following up on suspicious content.
• Look for repeated patterns across cases, helping the team spot recurring actors, tactics and abuse trends.

Minimum Requirements

• Bachelor’s degree completed or in progress in Computer Science, International Relations, Social Sciences or a related field, or equivalent practical experience.
• Genuine interest in security, threat intelligence, brand protection, fraud, OSINT or cyber risk.
• Strong research and analytical skills, with curiosity, attention to detail and good judgment.
• Basic understanding of OSINT/SOCMINT concepts, source verification and safe online research practices.
• Familiarity with common cyber and online abuse signals, such as phishing, malicious domains, leaked credentials, impersonation and scams.
• Comfortable learning new tools, platforms and workflows.
• Clear written communication and ability to document findings consistently.
• Fluency in Portuguese and working English. Spanish is a plus.
• Ability to prioritize under pressure and work in a 12x36 shift schedule.
• Discretion when handling sensitive information and a collaborative, team-first attitude.

Preferred, but not required

• Experience with OSINT/SOCMINT research, brand protection, fraud monitoring, threat intelligence or security operations.
• Familiarity with threat-intelligence, digital risk protection or takedown platforms.
• Basic knowledge of frameworks such as MITRE ATT&CK or the cyber kill chain.
• Understanding of fraud and scam trends in Brazil or Latin America, such as Pix scams, fake support channels and social engineering.
• Experience using AI tools, automation, scripts or structured workflows to improve research and analysis.
• Basic scripting or data-enrichment skills, especially with Python.