This job is with EBRD, an inclusive employer and a member of myGwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.
Requisition ID
36002
Office Country
Bulgaria
Office City
Sofia
Division
Information Technology
Contract Type
Fixed Term
Contract Length
3 years
Posting End Date
21/10/2025
We’re seeking a seasoned Incident Response Engineer to lead the detection, analysis, and containment of threats across on-prem, cloud, and hybrid environments. You’ll work at pace with SIEM and SOAR tooling, tune detection content, and hunt for anomalous activity across networks, endpoints, and applications. From forensic deep-dives to root cause analysis, you’ll own the technical response that transforms alerts into decisive action.
This role goes beyond triage! You’ll help shape the incident response function itself. Collaborating with MSSPs, internal SOC teams, and cloud security specialists, you’ll apply frameworks like NIST CSF and MITRE ATT&CK, orchestrate response playbooks, and drive improvements in resilience and recovery. With your expertise in cloud platforms (AWS, Azure, GCP), automation, and disaster recovery planning, you’ll harden defenses while leading the charge during live incidents. If you thrive in high-pressure environments and want to be the engineer everyone looks to when seconds count, this role is built for you.
Accountabilities and Responsibilities:
Supports the MSSP with network monitoring and intrusion detection analysis using various computer network tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
Supports log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
Assists with cloud-centric detection to detect threats related to cloud environments and services used by the organisation
Contributes to correlation activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
Supports the review of alerts and data from sensors, and documents formal, technical incident reports
Supports the threat intelligence and/or threat-hunting teams
Provides incident response support, including mitigating actions to contain activity and assisting with forensics analysis when necessary
Supports the creation of business continuity/disaster recovery plans, including assisting in conducting disaster recovery tests, and supporting changes necessary to address deficiencies
Works with the MSSP and internal teams to manage/tune the security information and event management (SIEM) system, support the detection content and actively watch for alerts
Assists to correlate network, cloud and endpoint activity across environments to identify attacks and unauthorised use
Supports the Associate Incident Response and the MSSP to identify events on incidents that may impact the network and co-ordinate with internal incident response teams to manage and resolve incidents.
Participate in after hours escalated support for cyber security related incidents.
Knowledge and Education:
Experience with security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools
Familiarity with incident response frameworks and methodologies, including frameworks like NIST CSF and MITRE ATT&CK.
Experience with incident response tools and technologies, including tools for security information and event management (SIEM), forensics, and threat intelligence.
Experience with developing and implementing incident response plans
Experience with reporting and communicating incident details, improving incident response processes and recovering from security incidents
Ability to perform independent analysis of complex problems and distil relevant findings and root causes
Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
Familiar with cloud security concepts and best practices, as well as the security features and capabilities of major cloud platforms such as AWS, Azure, and GCP.
Familiar with security automation tools and techniques, and be able to use them to automate security tasks and improve the efficiency of the SOC.
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in.
A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).
An environment that places sustainability, equality and digital transformation at the heart of what we do.
A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bank’s core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).