Information Security Consultant

Role Overview

We are seeking a highly skilled Information Security Consultant to lead the scoping, planning, and execution of advanced security testing initiatives, including Red Team and Purple Team engagements. We are looking for a specialist experienced in managing and delivering ethical hacking campaigns, Red/ Purple team assessments and technical risk assessments. This role validates defensive capabilities, synthesises complex findings to provide actionable guidance for improvement of cyber posture and resilience.

This role bridges technical security and security risk management and requires knowledge risk assessment methodologies, an ability to produce metrics, reporting and dashboards as well translate and present technical language, concepts and impacts into language that facilitates business decision making.

Key Responsibilities

Scoping & Planning

• Define objectives, scope, and success criteria for Red Team and Purple Team exercises.
• Develop detailed test plans aligned with organizational risk priorities and compliance requirements.
• Coordinate scheduling and resource allocation for internal and external stakeholders.

Engagement Management

• Act as the primary liaison between internal teams and external MSSPs/consultants.
• Ensure testing activities adhere to agreed timelines, methodologies, and ethical guidelines.
• Monitor progress and provide status updates to senior leadership.

Technical Oversight

• Review and validate attack scenarios, tactics, techniques, and procedures (TTPs) used during engagements.
• Ensure Purple Team exercises effectively integrate offensive and defensive teams for collaborative improvement to enhance detection and response.

Analysis & Reporting

• Analyse findings from Red and Purple Team engagements.
• Prepare comprehensive reports detailing vulnerabilities, attack paths, and defensive gaps.
• Prepare and present results to technical and non-technical stakeholders, including reporting for EBRD senior leadership. Incorporate technical findings and outcomes into information security risk reporting templates.

Implementation Guidance

• Provide actionable remediation steps and strategic recommendations based on findings.
• Collaborate with IT security, security engineering, architecture and operations teams to guide implementation improvements.
• Track remediation progress and validate effectiveness through follow-up testing.

Required Skills & Experience

Technical Expertise

• Strong understanding of adversarial tactics (MITRE ATT&CK framework) and threat emulation.
• Experience with penetration testing, exploit development, and detection engineering.
• Familiarity with SIEM, EDR, and threat-hunting tools.
• Commitment to staying up to date with emerging threats and remedies.

Reporting & Presentation

• Ability to translate technical concepts, including technical risk, into business language and business impact
• Experience in proposing actionable remedial steps to address findings.
• Experience of reporting meaningful metrics to a variety of internal technical and non-technical audiences
• Collaboration
• Proven ability to work with external MSSPs and consultants.
• Experience in overseeing and managing testing campaigns with a variety of internal stakeholders
• Excellent communication skills for cross-functional engagement.

Certifications (Preferred)

• OSCP, OSCE, CRTO, or similar offensive security certifications.
• GIAC certifications (e.g., GCTI, GPEN, GCFA) or equivalent.

Experience

• Extensive background in cybersecurity, covering all major security domains, with solid hands-on experience in Red and Purple Team operations.
• Hands-on experience in scoping and managing security testing engagements.
• Solid experience in metrics and reporting.

Key Attributes

• Strategic thinker with strong analytical skills.
• Ability to translate technical findings into business risk language.
• Ability to partner with a wide range of technical and non-technical stakeholders

What is it like to work at the EBRD?

Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.

The EBRD environment provides you with:

• Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in;
• A working culture that embraces inclusion and celebrates diversity;
• An environment that places sustainability, equality and digital transformation at the heart of what we do.

Diversity is one of the Bank's core values which are at the heart of everything it does. A diverse workforce with the right knowledge and skills enables connection with our clients, brings pioneering ideas, energy and innovation. The EBRD staff is characterised by its rich diversity of nationalities, cultures and opinions and we aim to sustain and build on this strength. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, sexual orientation or disabilities. As an inclusive employer, we promote flexible working and expecting our employee to attend the office 50% of their working time.

Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).

Job Segment: Information Security, Risk Management, Sustainability, Consulting, Banking, Technology, Finance, Energy, Service