Preventative & Threat Engineer

Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is a pioneering international organization established to support the development of market economies and promote private and entrepreneurial initiatives in countries transitioning to market economies. Founded in 1991, the EBRD operates in over 30 countries across Europe, Asia, and the Middle East, employing thousands of professionals dedicated to fostering sustainable development and economic growth. The organization is committed to promoting inclusiveness, innovation, trust, and responsibility in its operations, ensuring that its workforce reflects a diverse range of backgrounds and experiences.

Job Overview:
The Preventative & Threat Engineer position is a highly technical role focused on proactively preventing, detecting, and responding to security" style="border-bottom: 1px dotted #007bff !important;">security incidents across both cloud and on-premises environments. The successful candidate will engage hands-on with Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platforms, actively monitoring threat intelligence feeds and utilizing frameworks such as MITRE ATT&CK to understand and counteract attacker tactics, techniques, and procedures. This role requires a blend of analytical skills, automation capabilities, and rapid response strategies to safeguard critical systems and data from evolving cyber threats. The engineer will be responsible for analyzing large datasets for anomalies, developing scripts and tools in Python, deploying countermeasures under pressure, and optimizing Security Operations Center (SOC) operations across various cloud environments including AWS, Azure, and Google Cloud Platform (GCP). The position also involves supporting incident response and resilience planning to ensure the organization remains ahead of potential cyber threats.

Duties and Responsibilities:
The Preventative & Threat Engineer will have a comprehensive set of responsibilities, including but not limited to: proactively preventing, detecting, and responding to cyber security incidents to mitigate risks; hypothesizing new threats and identifying indicators of compromise; contributing to the development of innovative security strategies; monitoring threat intelligence feeds to identify various threats, including advanced persistent threats (APTs); utilizing the MITRE ATT&CK framework to understand potential threats' tactics, techniques, and procedures (TTPs); conducting threat assessments to identify likely threats and their attack methods; capturing attacker techniques and indicators of compromise to enhance defenses; providing support to the Incident Response team as needed; and participating in an on-call rotation for after-hours support related to cyber security incidents.

Required Qualifications:
Candidates must possess a solid understanding of core security fundamentals and concepts, with experience in using SIEM and SOAR tools. They should be capable of proactively identifying and addressing security issues as they arise. Familiarity with cloud security concepts and best practices, as well as the security features of major cloud platforms such as AWS, Azure, and GCP, is essential. The ability to analyze large datasets to identify anomalies and quickly create and deploy countermeasures under pressure is crucial. Additionally, candidates should have experience in creating complex scripts and developing tools or automating processes using Python or other relevant programming languages.

Educational Background:
A bachelor's degree in Computer Science, Information Technology, Cyber Security, or a related field is required. Advanced degrees or certifications in cyber security or related disciplines will be considered an asset, as they demonstrate a deeper understanding of the field and commitment to professional development.

Experience:
Candidates should have a minimum of 3-5 years of experience in cyber security, specifically in roles focused on threat detection, incident response, or security engineering. Experience working in a Security Operations Center (SOC) environment is highly desirable, as is familiarity with threat hunting and incident response processes.

Languages:
Fluency in English is mandatory, as it is the primary language of communication within the organization. Proficiency in additional languages, particularly those relevant to the EBRD's member countries, is considered a valuable asset and may enhance a candidate's application.

Additional Notes:
This position is a fixed-term contract lasting for 3 years. The role is based in Sofia, Bulgaria, and offers a hybrid working arrangement, with a minimum expectation of in-person collaboration three days a week. The EBRD is committed to fostering an inclusive work environment and encourages applications from qualified candidates regardless of their background. The organization also provides a comprehensive suite of competitive benefits aimed at promoting employee wellbeing.