Requisition ID 35650 Office Country Bulgaria Office City Sofia Division Information Technology Contract Type Fixed Term Contract Length 3 years Posting End Date 16/07/2025
Ready to turn curiosity into cyberโresilience? Join our security team as a Junior Security Pen Test Engineer, where youโll help run endโtoโend vulnerability scans, dig into reconnaissance data, and validate weaknesses with realโworld exploitation techniques. From sorting out false positives to crafting sharp reports that drive remediation, youโll be handsโon with industryโleading tools like Kali, Metasploit, and Cobalt Strike, keeping our endpoints, apps, and cloud assets one step ahead of attackers.
This is the perfect launchpad for a practitioner who lives and breathes OWASP Top 10, scripting quickโhit exploits, and translating raw findings into actionable riskโreduction strategies. Youโll analyse threatโintel feeds, build hypotheses, and surface indicators that sharpen our detection logic while collaborating with seasoned redโteamers and defenders alike. If you have a hacker mindset, a solid grasp of network protocols, and a passion for turning vulnerabilities into victories, we want to see what you can do.
Accountabilities and Responsibilities:
Supports the planning, development and execution of vulnerability scans of the organisations information systems Assists with identifying and resolving false positive findings in assessment results Assists with reconnaissance and information collection on the target environment or attack surface Supports the identification of potential weaknesses and vulnerabilities on assets (i.e., end points, applications, users) Supports the validation of weaknesses via exploitation, and reports their findings Assists with providing recommendations on security controls and/or corrective actions for mitigating technical and business risk Supports the creation of hypotheses for analytics and testing of threat data Analyses data from threat and vulnerability feeds and analyses data for applicability to the organisation Supports the generation of reports on assessment findings and summarises to facilitate remediation tasks Assists with communicating lessons learned, initial indicators of detection and opportunities for strengthening signature-based detection capabilities
Knowledge and Education:
High level of technical expertise in cybersecurity, including familiarity with relevant penetration and intrusion techniques and attack vectors Understanding of web technologies Grasp of core security fundamentals and concepts Familiarity with the Open Web Application Security Project (OWASP) top 10 vulnerabilities Understanding of offensive tools such as: Metaspoit, Kali Linux, Cobalt Strike, Mimikatz or a similar tool Proficient at creating their own scripts regular expressions in their preferred scripting language Technical knowledge in system security vulnerabilities and remediation techniques, network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, etc.) Technical knowledge in security engineering, system and network security, authentication and security protocols The following certifications desired but not essential: Certified ethical hacker (CEH), global information assurance certification (GIAC), GIAC certified pen tester (GPEN), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), offensive certified security professional (OSCP) and offensive security certified (OSC)
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values โ Inclusiveness, Innovation, Trust, and Responsibility โ are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in. A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively. We offer hybrid and flexible working arrangements and believe we operate at our best when collaborating 3 days a week in person (minimum) An environment that places sustainability, equality and digital transformation at the heart of what we do. A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bankโs core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).