Analyst, Security Incident Response Engineer

European Bank for Reconstruction & Development We're seeking a seasoned Incident Response Engineer to lead the detection, analysis, and containment of threats across on-prem, cloud, and hybrid environments. You'll work at pace with SIEM and SOAR tooling, tune detection content, and hunt for anomalous activity across networks, endpoints, and applications. From forensic deep-dives to root cause analysis, you'll own the technical response that transforms alerts into decisive action. This role goes beyond triage. You'll help shape the incident response function itself. Collaborating with MSSPs, internal SOC teams, and cloud security specialists, you'll apply frameworks like NIST CSF and MITRE ATT&CK, orchestrate response playbooks, and drive improvements in resilience and recovery. With expertise in cloud platforms (AWS, Azure, GCP), automation, and disaster recovery planning, you'll harden defenses while leading the charge during live incidents. If you thrive in high-pressure environments and want to be the engineer everyone looks to when seconds count, this role is built for you.

• Supports the MSSP with network monitoring and intrusion detection analysis using various computer network tools, such as intrusion detection/prevention systems, firewalls and host-based security systems
• Supports log-based and endpoint-based threat detection to detect and protect against threats coming from multiple sources
• Assists with cloud-centric detection to detect threats related to cloud environments and services used by the organisation
• Contributes to correlation activity across assets (endpoint, network, apps) and environments (on-premises, cloud) to identify patterns of anomalous activity
• Supports the review of alerts and data from sensors, and documents formal, technical incident reports
• Supports the threat intelligence and/or threat-hunting teams
• Provides incident response support, including mitigating actions to contain activity and assisting with forensics analysis when necessary
• Supports the creation of business continuity/disaster recovery plans, including assisting in conducting disaster recovery tests, and supporting changes necessary to address deficiencies
• Works with the MSSP and internal teams to manage/tune the security information and event management (SIEM) system, support the detection content and actively watch for alerts
• Assists to correlate network, cloud and endpoint activity across environments to identify attacks and unauthorised use
• Supports the Associate Incident Response and the MSSP to identify events on incidents that may impact the network and co-ordinate with internal incident response teams to manage and resolve incidents

Participate in after hours escalated support for cyber security related incidents.

• Experience with security information and event management (SIEM) and security orchestration, automation, and response (SOAR) tools
• Familiarity with incident response frameworks and methodologies, including NIST CSF and MITRE ATT&CK
• Experience with incident response tools and technologies, including SIEM, forensics, and threat intelligence
• Experience with developing and implementing incident response plans
• Experience with reporting and communicating incident details, improving incident response processes and recovering from security incidents
• Ability to perform independent analysis of complex problems and distill relevant findings and root causes
• Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner
• Familiar with cloud security concepts and best practices, including major cloud platforms such as AWS, Azure, and GCP
• Familiar with security automation tools and techniques to automate security tasks and improve SOC efficiency

Our agile and innovative approach is what makes life at the EBRD a unique experience. You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people’s lives and help shape the future of the regions we invest in. We value Inclusiveness, Innovation, Trust, and Responsibility, and embed these in our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. We seek individuals who share these values and aim to embed them in daily work.

• Varied, stimulating work with experts across sectors
• A culture that embraces inclusion and diversity
• A hybrid workplace based on trust, flexibility and connectedness
• An environment prioritising sustainability, equality and digital transformation
• A comprehensive suite of competitive benefits

Diversity is a core value. The EBRD seeks to ensure equal opportunities and an inclusive environment. Qualified candidates from member countries are encouraged to apply regardless of race, ethnicity, religion, gender, gender identity, sexual orientation, age, socio-economic background, or disability.

Please submit your application via the official website or the Apply button on CinfoPoste. Applications submitted through other portals will not be considered.

How cinfo Can Support You in the Application Process:

• Application and Interview Preparation: Guidance for documents and interview prep.
• For Swiss nationals invited to the first round: Notify recruitment@cinfo.ch for visibility support.

Sector: Nonprofit/Community/Social Services/International Cooperation

Role: Other | Working hours: 80-100% / 100% | Job type: Staff (Permanent and Fixed Term)

European Bank for Reconstruction and Development