Incident Response Security Engineer

Were looking for a cloud-smart threat-driven Cyber Incident Responder who thrives in the heat of real-time this role youll be on the frontline of protecting our organisation deploying advanced cloud-centric detections tuning SIEM/SOAR engines correlating signals across on-prem cloud network and endpoint environments and turning raw data into actionable intelligence. Youll work hand-in-hand with threat hunters intelligence teams and our MSSP to expose malicious activity contain threats fast and shape the tactics that keep attackers out. If you want to work where cloud security engineering and high-stakes incident response collide this is where youll make your mark.

Youll lead the technical charge during active incidents produce authoritative forensic reports and continuously evolve our detection and response capabilities using frameworks like MITRE ATT&CK and NIST CSF. From refining playbooks to strengthening automation pipelines from driving DR/BCP readiness to communicating root causes with clarity and impact. Youll be key to elevating our SOC into a proactive intelligence-led cloud-ready defence function. If youre energised by deep analysis fast decision-making and staying one step ahead of adversaries youll thrive in this mission-critical role.

Accountabilites and Responsibilities

• Deploys cloud-centric detection to detect threats related to cloud environments and services used by the organisation
• Correlates activity across assets (endpoint network apps) and environments (on-premises cloud) to identify patterns of anomalous activity
• Reviews alerts and data from sensors and documents formal technical incident reports
• Works with threat intelligence and/or threat-hunting teams
• Provides network subscribers with incident response support including mitigating actions to contain activity and facilitating forensics analysis when necessary
• Supports the creation of business continuity/disaster recovery plans including conducting disaster recovery tests publishing test results and making changes necessary to address deficiencies
• Works with security information and event management (SIEM) to manage/tune the system create/manage the detection content and actively watch for alerts
• Correlates network cloud and endpoint activity across environments to identify attacks and unauthorised use
  Works with the MSSP to identify events in incidents that may impact the network and co-ordinate with internal incident response teams to manage and resolve incidents.
• Participate in an on-call rota to provide after hours support for cyber security related incidents.

Knowledge and Skills

• Experience with SIEM and SOAR tools
• Familiarity with incident response frameworks and methodologies including frameworks like NIST CSF and MITRE ATT&CK.
• Expertise with incident response tools and technologies including tools for security information and event management (SIEM) forensics and threat intelligence.
• Expertise with developing and implementing incident response plans
• Experience with reporting and communicating incident details improving incident response processes and recovering from security incidents
• Ability to perform independent analysis of complex problems and distil relevant findings and root causes
• Ability to communicate complex and technical issues to diverse audiences orally and in writing in an easily understood authoritative and actionable manner
• Familiar with cloud security concepts and best practices as well as the security features and capabilities of major cloud platforms such as AWS Azure and GCP.
• Familiar with security automation tools and techniques and be able to use them to automate security tasks and improve the efficiency of the SOC.

What is it like to work at the EBRD / About EBRD

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation and use your talents to make a real difference to peoples lives and help shape the future of the regions we invest in.

At EBRD our Values Inclusiveness Innovation Trust and Responsibility are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up collaborating smartly acting decisively with full commitment and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work fostering a positive and high-performing environment.

The EBRD environment provides you with:

• Varied stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial political public and private sectors across the regions we invest in.
• A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds perspectives and experiences bringing fresh ideas energy and innovation and enhancing our ability to serve our clients shareholders and counterparties effectively.
• We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).
• An environment that places sustainability equality and digital transformation at the heart of what we do.
• A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.

Diversity is one of the Banks core values which are at the heart of everything it does. As such the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial ethnic religious and cultural background gender gender identity sexual orientation age socio-economic background or disability.

Please note that due to the high volume of applications received we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).