Requisition ID 35649 Office Country Bulgaria Office City Sofia Division Information Technology Contract Type Fixed Term Contract Length 3 years Posting End Date 28/05/2025
Are you an cyber expert with an passion for finding the cracks before the criminals do? Weโre searching for an Offensive Security Expert to join the front lines of our cyber defense. Youโll lead offensive security operations, scanning systems, probing weaknesses, and simulating real-world attacks using standard offensive tooling. From validating vulnerabilities through hands-on exploitation to crafting custom scripts that expose hidden threats, your work will drive critical security insights and real-time risk reduction.
This role is built for someone with deep technical expertise and an hacker mindset, fluent in web technologies, OWASP Top 10, and the inner workings of modern attack vectors. Youโll also dive into threat intelligence, develop hypotheses, and contribute to smarter detection strategies. If youโre driven to outsmart adversaries, influence real-world defense strategies, and play an key role in proactive security, your next mission starts here.
Accountabilities & Responsibilities
โข Plans, develops and executes vulnerability scans of organization information systems
โข Identifies and resolves false positive findings in assessment results
โข Performs reconnaissance and information collection on the target environment or attack surface
โข Identifies potential weaknesses and vulnerabilities on assets (i.e., end points, applications, users)
โข Validates weaknesses via exploitation, and reports their findings
โข Recommends security controls and/or corrective actions for mitigating technical and business risk
โข Creates hypotheses for analytics and testing of threat data
โข Analyses data from threat and vulnerability feeds and analyses data for applicability to the organisation
โข Generates reports on assessment findings and summarises to facilitate remediation tasks
โข Shares lessons learned, initial indicators of detection and opportunities for strengthening signature-based detection capabilities
Knowledge, Skills, Experience & Qualifications
โข Highest level of technical expertise in cybersecurity, including deep familiarity with relevant penetration and intrusion techniques and attack vectors
โข Strong understanding of web technologies
โข Solid grasp of core security fundamentals and concepts
โข Familiarity with the Open Web Application Security Project (OWASP) top 10 vulnerabilities
โข Knowledge of offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool
โข Proficient at creating their own scripts regular expressions in their preferred scripting language
โข Technical knowledge in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.)
โข Technical knowledge in security engineering, system and network security, authentication and security protocols
โข The following certifications desired but not essential: Certified ethical hacker (CEH), global information assurance certification (GIAC), GIAC certified pen tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), offensive certified security professional (OSCP) and offensive security certified (OSC)
What is it like to work at the EBRD?
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
- A working culture that embraces inclusion and celebrates diversity;
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
Diversity is one of the Bankโs core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum).
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).