Information Security Consultant

Job Posting Organization:
The European Bank for Reconstruction and Development (EBRD) is an international financial institution established in 199

• Its mission is to promote the transition to open market-oriented economies and to foster private and entrepreneurial initiative in countries from Central Europe to Central Asia. The EBRD operates in over 30 countries and employs a diverse workforce of approximately 2,000 employees. The organization is committed to sustainability, equality, and digital transformation, and values diversity as one of its core principles.

Job Overview:
The security" style="border-bottom: 1px dotted #007bff !important;">security" style="border-bottom: 1px dotted #007bff !important;">Information Security Consultant position is a critical role within the Risk Management division of the EBRD. The consultant will be responsible for leading advanced security testing initiatives, specifically focusing on Red Team and Purple Team engagements. This role requires a deep understanding of ethical hacking, risk assessment methodologies, and the ability to synthesize complex technical findings into actionable guidance for improving the organization's cyber posture. The consultant will bridge the gap between technical security measures and security risk management, ensuring that security practices align with business objectives and compliance requirements. The position demands strong analytical skills, the ability to produce metrics and reports, and the capability to communicate technical concepts to non-technical stakeholders effectively.

Duties and Responsibilities:
The duties and responsibilities of the Information Security Consultant include:

• Scoping & Planning: Define objectives, scope, and success criteria for Red Team and Purple Team exercises; develop detailed test plans aligned with organizational risk priorities; coordinate scheduling and resource allocation for stakeholders.
• Engagement Management: Act as the primary liaison between internal teams and external Managed Security Service Providers (MSSPs); ensure adherence to timelines and ethical guidelines; monitor progress and provide updates to senior leadership.
• Technical Oversight: Review and validate attack scenarios and tactics used during engagements; ensure effective integration of offensive and defensive teams during Purple Team exercises.
• Analysis & Reporting: Analyze findings from engagements; prepare comprehensive reports detailing vulnerabilities and defensive gaps; present results to both technical and non-technical stakeholders.
• Implementation Guidance: Provide actionable remediation steps and strategic recommendations; collaborate with IT security and operations teams to guide implementation improvements; track remediation progress and validate effectiveness through follow-up testing.

Required Qualifications:
The required qualifications for the Information Security Consultant position include a strong understanding of adversarial tactics, experience with penetration testing and exploit development, and familiarity with security information and event management (SIEM) and endpoint detection and response (EDR) tools. The candidate should possess excellent reporting and presentation skills, with the ability to translate technical concepts into business language. Proven collaboration skills with external MSSPs and internal stakeholders are essential, along with excellent communication skills for cross-functional engagement.

Educational Background:
Candidates for the Information Security Consultant position should have a relevant educational background in cybersecurity, computer science, or a related field. Preferred certifications include OSCP, OSCE, CRTO, or similar offensive security certifications, as well as GIAC certifications such as GCTI, GPEN, or GCFA.

Experience:
The position requires extensive experience in cybersecurity, particularly in Red and Purple Team operations. Candidates should have hands-on experience in scoping and managing security testing engagements, as well as solid experience in metrics and reporting. A strategic thinker with strong analytical skills is essential, along with the ability to translate technical findings into business risk language.

Languages:
While the job does not specify mandatory languages, proficiency in English is essential for effective communication within the organization. Additional languages may be beneficial but are not explicitly required.

Additional Notes:
This position is a short-term contract lasting 12 months. The EBRD promotes a flexible working environment, expecting employees to attend the office 50% of their working time. The organization values diversity and encourages all qualified candidates from EBRD member countries to apply, regardless of their background. Due to the high volume of applications, detailed feedback will only be provided to shortlisted candidates.