Job Posting Organization: The European Bank for Reconstruction and Development (EBRD) is a pioneering international organization established to support the development of market economies and promote private and entrepreneurial initiatives in countries transitioning to market economies. Founded in 1991, the EBRD operates in over 30 countries across Europe, Asia, and the Middle East, employing a diverse workforce of approximately 2,000 employees. The bank's mission is to foster the transition to open market-oriented economies and to promote sustainable development through investments and partnerships. EBRD's values of inclusiveness, innovation, trust, and responsibility guide its operations and interactions with stakeholders.
Job Overview: The Principal security" style="border-bottom: 1px dotted #007bff !important;">Security Engineer position is a critical role within the EBRD's Information Technology division, focusing on integrating security into all aspects of software development and cloud infrastructure. The successful candidate will lead initiatives to embed security practices into the development lifecycle, ensuring that security is a foundational element rather than an afterthought. This role requires a deep understanding of secure development practices, cloud security, and the ability to influence engineering teams to adopt secure methodologies. The Principal Security Engineer will work closely with various stakeholders to ensure that security measures are practical, scalable, and aligned with enterprise security standards. The position offers an opportunity to tackle complex technical challenges and to shape the security landscape of the bank's applications and services.
Duties and Responsibilities:
Define and implement secure-by-design patterns across applications, APIs, integrations, and cloud services.
Embed DevSecOps and secure Software Development Life Cycle (SDLC) practices across engineering teams, ensuring consistent adoption at scale.
Lead security architecture initiatives for APIs, microservices, Kubernetes (AKS), and Azure environments.
Drive threat modeling efforts, translating identified risks into practical controls and resilient design decisions.
Own and manage API security, identity, and authentication strategies, including OAuth2, OIDC, and JWT.
Champion Zero Trust principles across applications, identities, and workloads.
Lead security initiatives for Azure platforms, including landing zones, Defender for Cloud, and policy controls.
Collaborate with engineering teams to secure Kubernetes, Java applications, and manage secrets/key management effectively.
Oversee security monitoring, vulnerability management, and initiatives aimed at improving security posture. 1
Contribute to architecture reviews (High-Level Design/Low-Level Design), Proof of Concepts (PoCs), and major programs to ensure security is integrated from the outset. 1
Support audits, risk reporting, and stakeholder engagement by providing clear, actionable insights. 1
Work in close alignment with the central IT Security function to ensure all engineering practices adhere to enterprise security standards, policies, and governance.
Required Qualifications:
Extensive experience in Security Engineering within complex, enterprise environments.
Deep expertise in securing cloud-native platforms, particularly Azure, APIs, Kubernetes, and microservices.
Strong knowledge of application and API security, including protocols such as OAuth2, OIDC, and JWT.
Proven experience in implementing secure SDLC and DevSecOps practices.
Hands-on experience with Azure security tooling, including Defender for Cloud, Sentinel, Key Vault, and policy management.
Strong understanding of Zero Trust architecture and identity-first security models, particularly Entra ID.
Experience in threat modeling and translating risks into engineering controls.
Familiarity with secure coding practices and vulnerability management, including awareness of OWASP Top 1
Experience securing hybrid environments, including on-premises, SaaS, and PaaS solutions. 1
Familiarity with cybersecurity frameworks such as NIST CSF and ISO 2700
1
Ability to translate complex security requirements into clear, actionable guidance for engineers. 1
Strong communication skills, capable of influencing both technical and non-technical stakeholders.
Educational Background: A bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is required. A master's degree or equivalent advanced qualification is preferred. Relevant certifications such as CISSP, CSSLP, or Azure Security Engineer are highly desirable and can enhance a candidate's profile.
Experience: Candidates should possess extensive experience in security engineering, particularly within complex enterprise environments. A minimum of 5-7 years of relevant experience is typically expected, with a strong focus on cloud security and secure software development practices. Experience in financial or regulated environments is considered an asset, as is experience leading security architecture governance across multiple teams.
Languages: Fluency in English is mandatory, as it is the primary language of communication within the organization. Knowledge of additional languages, particularly those relevant to the EBRD's operational regions, is considered a plus and may enhance a candidate's application.
Additional Notes: This position is a fixed-term contract lasting for 3 years. The role is classified as senior level and is expected to be full-time. The EBRD encourages applications from qualified candidates who are nationals of its member countries, promoting diversity and inclusion within its workforce. The bank offers a comprehensive suite of competitive benefits and prioritizes employee wellbeing, providing a supportive work environment that embraces hybrid and flexible working arrangements.
Info
Job Posting Disclaimer
This job posting is provided for informational purposes only. The accuracy of the job description, qualifications, and other details mentioned is the sole responsibility of the employer or the organization listing the job. We do not guarantee the validity or legitimacy of this job posting. Candidates are advised to conduct their own due diligence and verify the details directly with the employer before applying.
We are not liable for any decisions or actions taken by applicants in response to this job listing. By applying, you agree that all application processes, interviews, and potential job offers are managed exclusively by the listed employer or organization.
Beware of fraudulent job offers. Do not provide sensitive personal information or make any payments to secure a job.