Principal Security Engineer - Hybrid Cloud & Application

Build security into everything, from APIs to cloud platforms, at enterprise scale.
This is your opportunity to lead secure-by-design engineering across modern applications, microservices, and cloud-native environments. You’ll define the golden paths for secure development, embed DevSecOps practices into delivery pipelines, and shape how security is engineered, not bolted on, across a complex technology landscape.
Operating within agreed enterprise security standards and governance set by the central IT Security function, you’ll act as the bridge between central policy and real-world engineering, ensuring security is both practical and scalable.
If you thrive on solving deep technical challenges, influencing architecture, and turning security into a scalable, developer-friendly capability, this role puts you at the heart of it all.

What You’ll Do

• Define and drive secure-by-design patterns across applications, APIs, integrations, and cloud services
• Embed DevSecOps and secure SDLC practices across engineering teams, ensuring consistent adoption at scale
• Lead security architecture across APIs, microservices, Kubernetes (AKS), and Azure environments
• Drive threat modelling, translating risks into practical controls and resilient design decisions
• Own API security, identity, and authentication strategies (OAuth2, OIDC, JWT)
• Champion Zero Trust principles across applications, identities, and workloads
• Lead security for Azure platforms, including landing zones, Defender for Cloud, and policy controls
• Partner with engineering teams to secure Kubernetes, Java applications, and secrets/key management
• Oversee security monitoring, vulnerability management, and posture improvement initiatives
• Contribute to architecture reviews (HLD/LLD), PoCs, and major programmes to ensure security is built in from day one
• Support audits, risk reporting, and stakeholder engagement with clear, actionable insights
• Work in close alignment with the central IT Security function (dotted line), ensuring all engineering practices adhere to enterprise security standards, policies, and governance

Need to Have - Your Essentials

• Extensive experience in Security Engineering within complex, enterprise environments
• Deep expertise securing cloud-native platforms (Azure, APIs, Kubernetes, microservices)
• Strong knowledge of application and API security, including OAuth2, OIDC, JWT
• Proven experience implementing secure SDLC and DevSecOps practices
• Hands-on experience with Azure security tooling (Defender for Cloud, Sentinel, Key Vault, policies)
• Strong understanding of Zero Trust architecture and identity-first security models (Entra ID)
• Experience in threat modelling and translating risks into engineering controls
• Knowledge of secure coding practices and vulnerability management (OWASP Top 10)
• Experience securing hybrid environments (on-prem, SaaS, PaaS)
• Familiarity with cybersecurity frameworks (e.g., NIST CSF, ISO 27001)
• Ability to translate complex security requirements into clear, actionable guidance for engineers
• Strong communication skills, able to influence both technical and non-technical stakeholders

Nice to Have

• Experience working with Kubernetes/AKS security at scale
• Background in financial or regulated environments
• Experience leading security architecture governance across multiple teams
• Hands-on experience with threat intelligence integration
• Experience delivering security training and awareness programmes
• Relevant certifications (CISSP, CSSLP, Azure Security Engineer, etc.)

Why You’ll Love This Role

Because this isn’t just about securing systems.
It’s about redefining how engineering teams build secure software at scale.
You’ll sit at the intersection of central security strategy and hands-on engineering delivery, giving you both influence and impact. Your work will shape how security is applied in real-world systems, across every product, every deployment, and every layer of the stack.
If you want ownership, technical depth, and the opportunity to lead security engineering in a truly modern environment, this is your platform.

What is it like to work at the EBRD? / About EBRD 

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.  

At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment. 

The EBRD environment provides you with: 

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in. 
• A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
• We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).
• An environment that places sustainability, equality and digital transformation at the heart of what we do. 
• A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits. 

Diversity is one of the Bank’s core values which are at the heart of everything it does.  As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.   

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).