IT and Information Security Coordinator

Our Company

Tenchi is a Cyber Security company building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and supported by solid institutional investors, we are driven to disrupt this fast-growing industry.

Tenchi was created to tackle a real challenge: companies often face security risks because their third-parties don’t maintain the same level of cyber protection. This gap leaves even the largest organizations potentially vulnerable to incidents they can’t directly control. That’s exactly where we step in.

Our TPCRM SaaS solution, Zanshin, is the only global TPCRM solution that offers both inside-out and outside-in visibility - combining external attack surface monitoring with automated, continuous, and non-intrusive assessments of cloud infrastructure (IaaS, PaaS, SaaS) and security controls.

Our People and Culture

At Tenchi, we build innovative technology to help companies secure their ecosystems with transparency and peace of mind. We are ambitious and purpose-driven. Our culture is rooted in intentionality, transparency, and action. We move fast, communicate openly, and invest in people who want to make an impact.

As a 100% remote company with team members across Brazil, the US, Canada, Argentina, and Spain, we embrace flexibility while solving meaningful challenges together.

🎥 Want to know more about our DNA? Watch the video. https://www.youtube.com/watch?v=HK8J07hWv30&feature=youtu.be

What you’ll do?

• Provide technical support to internal users, identifying and resolving complex IT and security-related issues.
• Manage and configure IT assets and ensure secure and compliant environments.
• Oversee identity and access management, including user provisioning, de-provisioning, and enforcement of least privilege principles.
• Administer and configure endpoint protection tools, antivirus, patch management systems, and Mobile Device Management (MDM) solutions.
• Support the implementation and maintenance of internal IT and security procedures and documentation.
• Collaborate with the security and compliance teams in conducting risk assessments, internal audits, and implementing GRC controls aligned with privacy and other applicable legislation and the CIS Critical Security Controls framework

• Ensure best practices are followed in day-to-day operations regarding systems, access, and incident response.
• Keep up with industry trends and threats to advise on improvements and preventive measures.
• Educate employees on security policies, awareness, and safe practices.
• Administer AWS environments and apply best security practices, including provisioning access and permissions, implement security features, monitoring and investigating suspicious activities.
• Collaborate with the engineering team to improve the security of CI/CD pipelines, assist in remediating vulnerabilities, and perform security reviews of changes involving Infrastructure as Code (IaC).
• Assist clients in implementing and maintaining SSO integrations.
• Collaborate on strategic planning for the department in alignment with business needs, utilizing OKRs, roadmaps, business plans, and budget planning.

What we’re looking for?

• Proven experience with Windows and Unix-like operating systems.
• Strong background in providing technical support to end users.
• Experience with access management processes, including provisioning and revoking access securely.
• Strong background with Google Workspace and Slack administration from a security perspective.
• Hands-on experience configuring and managing antivirus software, patch management systems, and MDM tools.
• Knowledge of cloud platforms, especially AWS, and how to secure workloads in these environments.
• Understanding of information security best practices and security frameworks, in particular CIS Critical Security Controls and privacy legislation like LGPD and GDPR..
• Proven experience with CI/CD pipelines, SAST/DAST tools, Git, and Infrastructure as Code (IaC).
• Knowledge of authentication protocols such as SAML, OpenID, and OAuth2, with hands-on experience configuring SSO integrations.
• Comfortable writing clear procedures, internal policies, and emails/documentation in English.
• Spoken Portuguese and English fluency is mandatory and will be used daily to interact with team members, partners and vendors in several countries.