Junior Vulnerability Management Engineer

We’re seeking a Junior Vulnerability Management Engineer to join our Security Engineering team. This role focuses on implementing and enhancing the Vulnerability Management process at EBRD, with opportunities to upskill in penetration testing and contribute to the testing team. You’ll improve the scanning process, triage vulnerabilities in order to eliminate false positives, prioritize vulnerabilities taking into consideration multiple factors and crafting sharp reports that drive remediation across the organisation, taking into consideration also risks by potential impact. It’s the perfect launchpad for someone who lives and breathes OWASP Top 10, writes quick-hit exploits, and turns raw findings into actionable risk-reduction strategies. You’ll analyse threat intel feeds, build hypotheses, surface indicators to sharpen detection logic, and collaborate with seasoned red teamers and defenders. If you have a hacker mindset, solid network protocol knowledge, and a passion for turning vulnerabilities into victories, we want to see what you can do.

Accountabilities and Responsibilities:

• Supports the planning, development and execution of vulnerability scans of the organisations information systems 
• Assists with identifying and resolving false positive findings in assessment results 
• Assists with reconnaissance and information collection on the target environment or attack surface 
• Supports the identification of potential weaknesses and vulnerabilities on assets (i.e., end points, applications, users) 
• Supports the validation of weaknesses via exploitation, and reports their findings 
• Assists with providing recommendations on security controls and/or corrective actions for mitigating technical and business risk 
• Supports the creation of hypotheses for analytics and testing of threat data 
• Analyses data from threat and vulnerability feeds and analyses data for applicability to the organisation  
• Supports the generation of reports on assessment findings and summarises to facilitate remediation tasks 
• Assists with communicating lessons learned, initial indicators of detection and opportunities for strengthening signature-based detection capabilities 

Knowledge and Education:

• High level of technical expertise in cybersecurity, including familiarity with relevant penetration and intrusion techniques and attack vectors 
• Understanding of web technologies 
• Grasp of core security fundamentals and concepts 
• Familiarity with the Open Web Application Security Project (OWASP) top 10 vulnerabilities  
• Understanding of offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool  
• Proficient at creating their own scripts regular expressions in their preferred scripting language 
• Technical knowledge in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.) 
• Technical knowledge in security engineering, system and network security, authentication and security protocols 
• The following certifications desired but not essential: Certified ethical hacker (CEH), global information assurance certification (GIAC), GIAC certified pen tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), offensive certified security professional (OSCP) and offensive security certified (OSC) 

What is it like to work at the EBRD? / About EBRD 

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.  

At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment. 

The EBRD environment provides you with: 

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in. 
• A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
• We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum)
• An environment that places sustainability, equality and digital transformation at the heart of what we do. 
• A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits. 

Diversity is one of the Bank’s core values which are at the heart of everything it does.  As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.   

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).