• Mindera works with a variety of clients across the world to innovate and solve tough technical problems. Our security team enables Mindera to meet security standards, such as UK Cyber Essentials Plus and ISO 27001, and keep all Minders safe from the bad guys’ hands. • We are looking for one mid-level Information Security Analyst to work across all our locations. • As a mid-level information security analyst, you will help the team monitor Mindera’s infrastructure, manage vulnerabilities, respond to incidents, and offer advice and support to Minders. • You will also have the opportunity to contribute to our procedures as well as research and integrate solutions to continually improve Mindera’s security posture. • Important note: this role primarily involves working within European time zones, requiring a significant overlap with team hours.

Role Description We are looking for one mid-level Information Security Analyst to work across all our locations. As a mid-level information security analyst, you will help the team monitor Mindera’s infrastructure, manage vulnerabilities, respond to incidents, and offer advice and support to Minders. You will also have the opportunity to contribute to our procedures as well as research and integrate solutions to continually improve Mindera’s security posture. Important note: this role primarily involves working within European time zones, requiring a significant overlap with team hours. - Security monitoring and alerting: Develop, maintain, and fine-tune detection rules for our XDR platform. Investigate security events to determine whether an incident occurred. - Vulnerability management: Run and analyse vulnerability scans, identify weaknesses, report results and co-ordinate remediation. - Security enablement: Advise and answer queries from Minders, contribute to security guidelines, awareness, and best practices. Work with development teams to integrate threat modeling into the software development lifecycle, identifying and mitigating potential security risks. - Incident response: Provide assistance during containment and recovery, prepare reports and use the lessons learned to strengthen our defenses, applying frameworks like MITRE ATT&CK. - Systems integration: Develop scripts and tools to automate repetitive tasks and leverage Infrastructure as Code (IaC) principles to build and manage integrations across our security tools. Qualifications - At least 3 years of hands-on experience in two or more relevant areas. - Technical Skills: - XDR Threat Detection/Response: Experience with XDR platforms like Palo Alto, CrowdStrike, etc. Ability to investigate security events and build/tune detection rules. - Vulnerability Management: Hands-on experience with tools like Tenable, Qualys, etc. Knowledge of creating scans, reports, and using APIs for automation. - Scripting and Automation: Ability to write practical scripts using languages like Python or Bash. - Change management: Knowledge of testing, validating, rolling out, and rolling back changes safely and securely. - Operating Systems: Solid knowledge of Linux and macOS, and practical understanding of Windows. - Cloud and On-prem Infrastructure: Familiarity with networking concepts and cloud (AWS, GCP) with interest in Infrastructure as Code (IaC). - Security Frameworks: Basic understanding of frameworks like MITRE ATT&CK, NIST, CIS. - Communication Skills: Good communicator, proficient in English, both spoken and written. - Interpersonal skills: Ability to support people from different backgrounds and skillsets effectively. - Growth Mindset: Ability to work autonomously and proactively in a distributed and dynamic organization. Requirements - Permanent contract - Unlimited PTO - Flexible working hours - Training & conferences, create your own training plan - Work with large scale systems powering global businesses - Collaborative team environment with a politics-free culture Benefits - Work with a bunch of great people - Team ownership of projects - Encouragement to take risks and make decisions - Focus on communication and collaboration - Freedom and Responsibility culture - Value commitment, feedback, and empathy Company Description At Mindera we use technology to build products we are proud of, with people we love. Software Engineering Applications, including Web and Mobile, are at the core of what we do at Mindera. We partner with our clients to understand their products and deliver high-performance, resilient and scalable software systems that create an impact in their users and businesses across the world. Our offices are located: Porto, Portugal | Aveiro, Portugal | Coimbra, Portugal | Leicester, UK | San Diego, USA | San Francisco, USA | Chennai, India | Bengaluru, India | Cluj-Napoca, Romania | Blumenau, Brazil | Casablanca, Morocco | Australia.

Role Description Evolve Security is looking for an OSOC Security Analyst to join our growing team. This position will assist with the overall successful delivery of various application vulnerability assessments, continuous internal / external penetration assessments, incident response and detection assessments, and other types of security strategy and architecture reviews. - Review eASM dashboard daily to monitor for any anomalies or security incidents. - Conduct testing and validation of vulnerabilities identified by the ASM system, providing evidence of validation to support remediation efforts. - Investigate eASM vulnerabilities thoroughly, analyzing potential impact and root causes. - Conduct various types of penetration testing, including scanning and password attacks, to identify potential weaknesses in the system. - Perform technical vulnerability scans and validate remediation efforts to ensure effective security posture. - Escalate identified vulnerabilities and security incidents to appropriate client or internal team members for resolution. - Engage with clients during project kick-off meetings to understand their specific security requirements and objectives. - Assist in maturing eASM Evolve Security processes, procedures, templates, and methodologies to enhance overall effectiveness. - Take on other duties as assigned to support the growth and expansion of enterprise and academy initiatives, contributing to the overall success of the security program. - Passionate about cybersecurity with a curiosity to learn. Qualifications - 0-1 years of information technology experience, ideally with a focus on information security. - 0-1 years penetration testing, application and vulnerability management experience through education or security/consulting firm. - Knowledge of multiple operating systems and associated command-line administration tools (Bash / PowerShell). - Knowledge of the application stack including web. - Scripting experience in one or more of: Ruby, Python, Perl, Bash. - ESCP, Security+ certifications. - A desire to tinker and understand how things work. - Ability to interface with clients, utilizing consulting and negotiating skills. - Strongly self-motivated and able to work independently towards team objectives. - Strong communication skills (oral and written) and ability to work as part of a team. Benefits - Healthcare Benefits - 401(k) Match - Parental Leave - Flexible Paid Time Off - Annual vacation reimbursement Company Description Evolve Security is a cybersecurity services firm headquartered in Chicago, IL. We are dedicated to improving our client’s security posture by providing continuous penetration testing, training services, and talent solutions. - In addition to our professional cybersecurity service offerings, Evolve Security offers a cybersecurity bootcamp, “Evolve Academy”, currently ranked the #1 cybersecurity bootcamp in the world. - The Cybersecurity Bootcamp in Chicago provides immersive training, giving students the concrete and practical skills needed on the job. - Students gain real work experience through live security assessment work that they perform on not-for-profit companies. - We are passionate about directly improving our customers’ security posture, and we proudly train others to help meet the need for qualified cybersecurity talent.

• Execute and monitor periodic vulnerability scans across internal infrastructure and cloud platforms. • Conduct periodic scans to support compliance requirements. • Perform External Attack Surface Assessments on internet-facing assets. • Assist in validating scan results and identifying false positives. • Analyze Vulnerability scan results to identify security gaps and potential threats. • Prioritise Vulnerability scan report based on risk severity and business impact. • Report findings to asset owners and relevant stakeholders for timely remediation. • Collaborate with IT, System Administrators, and Product Teams to ensure vulnerabilities are remediated within defined Service Level Agreements (SLAs). • Track remediation progress and follow up on outstanding vulnerabilities. • Support implementation of mitigation strategies where immediate remediation is not possible. • Assist in performing risk assessments related to identified vulnerabilities. • Support documentation of risks and contribute to mitigation planning. • Maintain awareness of evolving risk posture across systems. • Support the operation and maintenance of vulnerability management tools. • Assist in scan configuration, execution, result interpretation and reporting. • Support vulnerability management activities aligned with standards such as PCI-DSS, ISO 27001, and NIST. • Assist with audit preparation, including evidence gathering and documentations. • Ensure scanning and remediation practices meet compliance requirements. • Assist in creating dashboards and reports to visualize vulnerability trends, risk posture, and remediation performance. • Maintain accurate records of vulnerabilities, remediation status, and scan history. • Communicate findings clearly to both technical and non-technical stakeholders. • Suggest improvements to scanning, reporting, and remediation workflows. • Assist in Incident Response tasks and post-incident analysis when needed. • Assist in Threat Intelligence tasks from internal and external sources when needed. • Track emerging threats, vulnerabilities, and tactics used by relevant threat actors. • Contribute to threat briefings and recommendations for security controls. • Stay current with emerging vulnerabilities, threats, and cybersecurity trends. • Participate in training, labs, and knowledge-sharing sessions. • Continuously develop technical skills in security tools and methodologies.