DevOps Engineer (IT Officer, Engineering I)
World Bank
Sofia
Bulgaria
July 16, 2026
Full-timeJuly 16, 2026
Security Engineering Lead
Job Description
Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is a pioneering international organization established to support the development of market economies and promote private and entrepreneurial initiatives in countries across Europe, Asia, and beyond. Founded in 1991, EBRD has grown to employ thousands of professionals and operates in over 30 countries. The bank's mission is to foster the transition to open market-oriented economies and to promote sustainable development through investments and partnerships. EBRD is committed to inclusiveness, innovation, trust, and responsibility, which are reflected in its workplace culture and operational strategies.
Job Overview:
The security" style="border-bottom: 1px dotted #007bff !important;">Security Engineering Lead position is a critical role within the Information Technology division of EBRD, focusing on embedding security into the engineering processes of modern applications and cloud platforms. The successful candidate will be responsible for leading secure-by-design engineering practices across various technology landscapes, including APIs, microservices, and cloud-native environments. This role requires a deep understanding of security principles and the ability to translate complex security requirements into practical solutions that can be adopted by engineering teams. The Security Engineering Lead will work closely with central IT Security functions to ensure that security measures are both effective and scalable, thereby enhancing the overall security posture of the organization.
Duties and Responsibilities:
The duties and responsibilities of the Security Engineering Lead include defining and driving secure-by-design patterns across applications, APIs, integrations, and cloud services. The role involves embedding DevSecOps and secure Software Development Life Cycle (SDLC) practices across engineering teams, ensuring consistent adoption at scale. The candidate will lead security architecture initiatives across APIs, microservices, Kubernetes (AKS), and Azure environments, driving threat modeling efforts and translating risks into practical controls and resilient design decisions. Additionally, the Security Engineering Lead will own API security, identity, and authentication strategies, champion Zero Trust principles, and oversee security monitoring and vulnerability management initiatives. The role also includes contributing to architecture reviews, supporting audits, and engaging with stakeholders to provide clear and actionable insights regarding security practices.
Required Qualifications:
Candidates must possess extensive experience in Security Engineering within complex, enterprise environments, with deep expertise in securing cloud-native platforms such as Azure, APIs, Kubernetes, and microservices. A strong knowledge of application and API security, including OAuth2, OIDC, and JWT, is essential. Proven experience in implementing secure SDLC and DevSecOps practices is required, along with hands-on experience with Azure security tooling like Defender for Cloud and Sentinel. A solid understanding of Zero Trust architecture and identity-first security models is necessary, as well as experience in threat modeling and translating risks into engineering controls. Familiarity with cybersecurity frameworks such as NIST CSF and ISO 27001 is also important, along with the ability to communicate complex security requirements effectively to both technical and non-technical stakeholders.
Educational Background:
The ideal candidate should have a relevant degree in Computer Science, Information Technology, Cybersecurity, or a related field. Advanced certifications in security, such as CISSP, CSSLP, or Azure Security Engineer, are highly desirable and will enhance the candidate's profile for this position.
Experience:
Candidates should have significant experience in security engineering roles, particularly within enterprise environments. Experience in leading security architecture initiatives and working with cross-functional teams is crucial. A background in financial or regulated environments is considered a plus, as it demonstrates familiarity with compliance and security standards relevant to the banking sector.
Languages:
Fluency in English is mandatory, as it is the primary language of communication within the organization. Knowledge of additional languages is considered an asset, particularly those relevant to the regions in which EBRD operates, as it may facilitate better communication with diverse stakeholders.
Additional Notes:
This position is a fixed-term contract lasting for three years, with a strong emphasis on collaboration and teamwork. EBRD promotes a hybrid working culture, encouraging employees to work in the office at least three days a week. The organization values employee wellbeing and offers a comprehensive suite of competitive benefits, including opportunities for professional development and training. EBRD is committed to diversity and inclusion, encouraging applications from qualified candidates regardless of their background.
The European Bank for Reconstruction and Development (EBRD) is a pioneering international organization established to support the development of market economies and promote private and entrepreneurial initiatives in countries across Europe, Asia, and beyond. Founded in 1991, EBRD has grown to employ thousands of professionals and operates in over 30 countries. The bank's mission is to foster the transition to open market-oriented economies and to promote sustainable development through investments and partnerships. EBRD is committed to inclusiveness, innovation, trust, and responsibility, which are reflected in its workplace culture and operational strategies.
Job Overview:
The security" style="border-bottom: 1px dotted #007bff !important;">Security Engineering Lead position is a critical role within the Information Technology division of EBRD, focusing on embedding security into the engineering processes of modern applications and cloud platforms. The successful candidate will be responsible for leading secure-by-design engineering practices across various technology landscapes, including APIs, microservices, and cloud-native environments. This role requires a deep understanding of security principles and the ability to translate complex security requirements into practical solutions that can be adopted by engineering teams. The Security Engineering Lead will work closely with central IT Security functions to ensure that security measures are both effective and scalable, thereby enhancing the overall security posture of the organization.
Duties and Responsibilities:
The duties and responsibilities of the Security Engineering Lead include defining and driving secure-by-design patterns across applications, APIs, integrations, and cloud services. The role involves embedding DevSecOps and secure Software Development Life Cycle (SDLC) practices across engineering teams, ensuring consistent adoption at scale. The candidate will lead security architecture initiatives across APIs, microservices, Kubernetes (AKS), and Azure environments, driving threat modeling efforts and translating risks into practical controls and resilient design decisions. Additionally, the Security Engineering Lead will own API security, identity, and authentication strategies, champion Zero Trust principles, and oversee security monitoring and vulnerability management initiatives. The role also includes contributing to architecture reviews, supporting audits, and engaging with stakeholders to provide clear and actionable insights regarding security practices.
Required Qualifications:
Candidates must possess extensive experience in Security Engineering within complex, enterprise environments, with deep expertise in securing cloud-native platforms such as Azure, APIs, Kubernetes, and microservices. A strong knowledge of application and API security, including OAuth2, OIDC, and JWT, is essential. Proven experience in implementing secure SDLC and DevSecOps practices is required, along with hands-on experience with Azure security tooling like Defender for Cloud and Sentinel. A solid understanding of Zero Trust architecture and identity-first security models is necessary, as well as experience in threat modeling and translating risks into engineering controls. Familiarity with cybersecurity frameworks such as NIST CSF and ISO 27001 is also important, along with the ability to communicate complex security requirements effectively to both technical and non-technical stakeholders.
Educational Background:
The ideal candidate should have a relevant degree in Computer Science, Information Technology, Cybersecurity, or a related field. Advanced certifications in security, such as CISSP, CSSLP, or Azure Security Engineer, are highly desirable and will enhance the candidate's profile for this position.
Experience:
Candidates should have significant experience in security engineering roles, particularly within enterprise environments. Experience in leading security architecture initiatives and working with cross-functional teams is crucial. A background in financial or regulated environments is considered a plus, as it demonstrates familiarity with compliance and security standards relevant to the banking sector.
Languages:
Fluency in English is mandatory, as it is the primary language of communication within the organization. Knowledge of additional languages is considered an asset, particularly those relevant to the regions in which EBRD operates, as it may facilitate better communication with diverse stakeholders.
Additional Notes:
This position is a fixed-term contract lasting for three years, with a strong emphasis on collaboration and teamwork. EBRD promotes a hybrid working culture, encouraging employees to work in the office at least three days a week. The organization values employee wellbeing and offers a comprehensive suite of competitive benefits, including opportunities for professional development and training. EBRD is committed to diversity and inclusion, encouraging applications from qualified candidates regardless of their background.
Info
Job Posting Disclaimer
This job posting is provided for informational purposes only. The accuracy of the job description, qualifications, and other details mentioned is the sole responsibility of the employer or the organization listing the job. We do not guarantee the validity or legitimacy of this job posting. Candidates are advised to conduct their own due diligence and verify the details directly with the employer before applying.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.
