Incident Response Security Engineer

We’re looking for a cloud-smart, threat-driven Cyber Incident Responder who thrives in the heat of real-time defence. In this role, you’ll be on the frontline of protecting our organisation, deploying advanced cloud-centric detections, tuning SIEM/SOAR engines, correlating signals across on-prem, cloud, network, and endpoint environments, and turning raw data into actionable intelligence. You’ll work hand-in-hand with threat hunters, intelligence teams, and our MSSP to expose malicious activity, contain threats fast, and shape the tactics that keep attackers out. If you want to work where cloud, security engineering, and high-stakes incident response collide, this is where you’ll make your mark.

You’ll lead the technical charge during active incidents, produce authoritative forensic reports, and continuously evolve our detection and response capabilities using frameworks like MITRE ATT&CK and NIST CSF. From refining playbooks to strengthening automation pipelines, from driving DR/BCP readiness to communicating root causes with clarity and impact. You’ll be key to elevating our SOC into a proactive, intelligence-led, cloud-ready defence function. If you’re energised by deep analysis, fast decision-making, and staying one step ahead of adversaries, you’ll thrive in this mission-critical role.

Accountabilites and Responsibilities

• Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organisation
• Correlates activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
• Reviews alerts and data from sensors, and documents formal, technical incident reports
• Works with threat intelligence and/or threat-hunting teams
• Provides network subscribers with incident response support, including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Supports the creation of business continuity/disaster recovery plans, including conducting disaster recovery tests, publishing test results and making changes necessary to address deficiencies
• Works with security information and event management (SIEM) to manage/tune the system, create/manage the detection content and actively watch for alerts
• Correlates network, cloud and endpoint activity across environments to identify attacks and unauthorised use
  Works with the MSSP to identify events in incidents that may impact the network and co-ordinate with internal incident response teams to manage and resolve incidents.
• Participate in an on-call rota to provide after hours support for cyber security related incidents.

Knowledge and Skills

• Experience with SIEM and SOAR tools
• Familiarity with incident response frameworks and methodologies, including frameworks like NIST CSF and MITRE ATT&CK.
• Expertise with incident response tools and technologies, including tools for security information and event management (SIEM), forensics, and threat intelligence.
• Expertise with developing and implementing incident response plans
• Experience with reporting and communicating incident details, improving incident response processes and recovering from security incidents
• Ability to perform independent analysis of complex problems and distil relevant findings and root causes
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
• Familiar with cloud security concepts and best practices, as well as the security features and capabilities of major cloud platforms such as AWS, Azure, and GCP.
• Familiar with security automation tools and techniques, and be able to use them to automate security tasks and improve the efficiency of the SOC.

What is it like to work at the EBRD? / About EBRD 

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.  

At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment. 

The EBRD environment provides you with: 

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in. 
• A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
• We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).  
• An environment that places sustainability, equality and digital transformation at the heart of what we do. 
• A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits. 

Diversity is one of the Bank’s core values which are at the heart of everything it does.  As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.   

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).