Job Description

European Bank for Reconstruction & Development
We're seeking a seasoned Incident Response Engineer to lead the detection, analysis, and containment of threats across on-prem, cloud, and hybrid environments. You'll work at pace with SIEM and SOAR tooling, tune detection content, and hunt for anomalous activity across networks, endpoints, and applications. From forensic deep-dives to root cause analysis, you'll own the technical response that transforms alerts into decisive action.
This role goes beyond triage! You'll help shape the incident response function itself. Collaborating with MSSPs, internal SOC teams, and cloud security specialists, you'll apply frameworks like NIST CSF and MITRE ATT&CK, orchestrate response playbooks, and drive improvements in resilience and recovery. With your expertise in cloud platforms (AWS, Azure, GCP), automation, and disaster recovery planning, you'll harden defenses while leading the charge during live incidents. If you thrive in high-pressure environments and want to be the engineer everyone looks to when seconds count, this role is built for you.
Accountabilities and Responsibilities:
- Supports the MSSP with network monitoring and intrusion detection analysis using various computer network tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
- Supports log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
- Assists with cloud-centric detection to detect threats related to cloud environments and services used by the organisation
- Contributes to correlation activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
- Supports the review of alerts and data from sensors, and documents formal, technical incident reports
- Supports the threat intelligence and/or threat-hunting teams
- Provides incident response support, including mitigating actions to contain activity and assisting with forensics analysis when necessary
- Supports the creation of business continuity/disaster recovery plans, including assisting in conducting disaster recovery tests, and supporting changes necessary to address deficiencies
- Works with the MSSP and internal teams to manage/tune the security information and event management (SIEM) system, support the detection content and actively watch for alerts
- Assists to correlate network, cloud and endpoint activity across environments to identify attacks and unauthorised use
- Supports the Associate Incident Response and the MSSP to identify events on incidents that may impact the network and co-ordinate with internal incident response teams to manage and resolve incidents.
- Participate in after hours escalated support for cyber security related incidents.
Knowledge and Education:
- Experience with security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools
- Familiarity with incident response frameworks and methodologies, including frameworks like NIST CSF and MITRE ATT&CK.
- Experience with incident response tools and technologies, including tools for security information and event management (SIEM), forensics, and threat intelligence.
- Experience with developing and implementing incident response plans
- Experience with reporting and communicating incident details, improving incident response processes and recovering from security incidents
- Ability to perform independent analysis of complex problems and distil relevant findings and root causes
- Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
- Familiar with cloud security concepts and best practices, as well as the security features and capabilities of major cloud platforms such as AWS, Azure, and GCP.
- Familiar with security automation tools and techniques, and be able to use them to automate security tasks and improve the efficiency of the SOC.
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values - Inclusiveness, Innovation, Trust, and Responsibility - are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in.
- A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
- A hybrid workplace that offers flexibility to teams and individuals; that is based on trust, flexibility and connectedness.
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
- A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bank's core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).
Important Application Information:
Please submit your application only via the official website of the hiring organization or by using the "Apply" button on CinfoPoste, which will redirect you to the organization's application site. Applications submitted through other job portals will not be forwarded to the respective organization and will not be considered. To ensure your application reaches the right destination, always follow the official application process as indicated in the job posting.
How cinfo Can Support You in the Application Process for This Position
- Application and Interview Preparation: Whether you're preparing your application documents or getting ready for an interview, you can book a Job Application Support session to receive tailored guidance.
- For Swiss nationals invited to the first round of the selection process (e.g., written test, interview, assessment center): Notify us at recruitment@cinfo.ch, and we will inform our HR partners in the respective organization and the Swiss Government to help increase your visibility.
Sector: Nonprofit/Community/Social Services/International Cooperation
Role: Other
Working hours (%): 80-100% / 100%
Job type: Staff (Permanent and Fixed Term)

Skills Required