| Requisition ID | 36009 |
| Office Country | Bulgaria |
| Office City | Sofia |
| Division | Information Technology |
| Contract Type | Fixed Term |
| Contract Length | 3 years |
| Posting End Date | 23/02/2026 |
We’re seeking a Preventative & Threat Engineer to proactively prevent, detect, and respond to security incidents across cloud and on-prem environments. You’ll work hands-on with SIEM and SOAR platforms, monitor threat intelligence feeds, and use frameworks like MITRE ATT&CK to understand attacker tactics, techniques, and procedures. From uncovering indicators of compromise to hypothesising new threats, you’ll transform intelligence into actionable defenses that protect critical systems and data.
This is a technical, hands-on role where analysis, automation, and rapid response converge. You’ll examine large data sets for anomalies, develop scripts and tools in Python, deploy countermeasures under pressure, and optimise SOC operations across AWS, Azure, and GCP environments. Supporting incident response and resilience planning, you’ll ensure the organisation stays ahead of evolving cyber threats. If you thrive in dynamic, high-stakes environments and want to shape the front line of defence, this could be your mission.
What You’ll Do
You’ll join the frontline of cyber defence, where intelligence becomes action, and action becomes protection.
In this role, you will:
-
Proactively help prevent, detect, and respond to cyber threats across cloud and on‑prem systems.
-
Support threat‑hunting missions, hypothesising attacker behaviour and uncovering indicators of compromise.
-
Work closely with senior engineers to develop new, innovative defence strategies against emerging threats.
-
Monitor global threat intelligence feeds and identify high‑risk indicators, APT activity, and suspicious patterns.
-
Analyse attacker TTPs using frameworks like MITRE ATT&CK, shaping detection logic and defensive tactics.
-
Use threat-hunting maturity models and structured processes to deepen investigation outcomes.
-
Capture attacker behaviours, convert them into detection logic, and recommend improvements to security controls.
-
Support incident response teams, helping contain, mitigate, and recover from active threats.
-
Participate in an on‑call rotation, responding to security events during critical windows.
Need to Have - Your Essentials
-
Hands-on experience with SIEM and SOAR technologies
-
Strong understanding of security fundamentals, vulnerabilities, and defensive principles
-
Ability to proactively identify and escalate threats in fast-moving environments
-
Familiarity with cloud security concepts across AWS, Azure, and GCP
-
Understanding of security automation tools, able to streamline SOC workflows
-
Ability to analyse large, complex data sets and identify anomalies or behavioural patterns
-
Strong scripting experience (especially Python) to automate processes or build investigative tools
Nice to Have
-
Experience with threat hunting methodologies or cyber kill-chain analysis
-
Familiarity with incident response procedures and playbooks
-
Ability to map attacker behaviour using MITRE ATT&CK or similar frameworks
-
Experience in SOC environments or high-security operational teams
-
Exposure to cloud-native defensive tooling and logging services
You don’t need to be an expert in every tool - we value curiosity, learning mindset, and growth
Why You’ll Love This Role
Because this is where cybersecurity becomes mission‑critical.
You won’t just watch alerts, you’ll outthink attackers.
You’ll work with cutting‑edge tooling, real-time intelligence, and multi-cloud environments to stop threats before they become incidents. You’ll develop scripts, build automations, shape defensive strategies, and play a key role in protecting the organisation’s most valuable assets.
If you want a role where your decisions matter, your actions have impact, and your work strengthens the entire cyber defence posture, this is the place to make your mark.
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in.
- A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
- We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
- A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bank’s core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).
Job Segment:
Sustainability, Engineer, Bank, Banking, Energy, Engineering, Finance