This job is with EBRD, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
Requisition ID
36009
Office Country
Bulgaria
Office City
Sofia
Division
Information Technology
Contract Type
Fixed Term
Contract Length
3 years
Posting End Date
21/10/2025
We’re seeking a Preventative & Threat Engineer to proactively prevent, detect, and respond to security incidents across cloud and on-prem environments. You’ll work hands-on with SIEM and SOAR platforms, monitor threat intelligence feeds, and use frameworks like MITRE ATT&CK to understand attacker tactics, techniques, and procedures. From uncovering indicators of compromise to hypothesising new threats, you’ll transform intelligence into actionable defenses that protect critical systems and data.
This is a highly technical, hands-on role where analysis, automation, and rapid response converge. You’ll examine large data sets for anomalies, develop scripts and tools in Python, deploy countermeasures under pressure, and optimise SOC operations across AWS, Azure, and GCP environments. Supporting incident response and resilience planning, you’ll ensure the organisation stays ahead of evolving cyber threats. If you thrive in dynamic, high-stakes environments and want to shape the front line of defence, this could be your mission.
Accountabilities and Responsibilities:
Assists to proactively prevent, detect and respond to Cyber Security incidents to reduce risk
Assists with hypothesing new threats and indicators of compromise
Contributes to forming conclusions that may challenge conventional wisdom
Works with the Associate to Identify new and dynamic ways to protect the organisation against the evolving threat landscape
Supports the monitoring of threat intelligence feeds to identify a range of threats, including indicators of compromise and advanced persistent threats (APTs)
Supports the identification of the tactics, techniques and procedures (TTPs) of potential threats through the MITRE ATT&CK or similar frameworks
Understand and support the use of the Threat Hunting Maturity Model and Threat Hunt Process during investigations.
Assists with conducting threat assessments to identify what threats are most likely to target this business, and how they would execute their attacks
Support the capture of attacker techniques, indicators of compromise and objectives, and use the captured information to improve defences through recommendations for the creation of detection logic
Provides support and cover to the Incident Response specialism where required
Participate in an on-call rota to provide after hours support for cyber security related incidents.
Knowledge and Education:
Experience with SIEM and SOAR tools
An understanding of core security fundamentals and concepts
Can proactively identify and address security issues, as soon as they are identified
Familiar with cloud security concepts and best practices, as well as the security features and capabilities of major cloud platforms such as AWS, Azure, and GCP.
Familiar with security automation tools and techniques, and be able to use them to automate security tasks and improve the efficiency of the SOC.
Ability to analyse large data sets and identify anomalies
Ability to quickly create and deploy countermeasures under pressure
Ability to create complex scripts, develop tools, or automate processes in Python or other relevant command languages
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in.
A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).
An environment that places sustainability, equality and digital transformation at the heart of what we do.
A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bank’s core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).