Principal, Quality Eng:, IT Security (London, GB)
United Kingdom, England, London
Nonprofit/Community/Social Services/International Cooperation
Other
Date of last update: 2026-07-17 (Expiry date: 2026-07-22)
Company presentation
The European Bank for Reconstruction and Development was founded in 1991 when communism was crumbling in Europe and ex-Soviet countries needed support to nurture a new private sector and democracy. Today we invest to help build market economies from central Europe to central Asia and the southern and eastern Mediterranean. We are now the largest single investor in our region. Owned by 69 countries and two intergovernmental institutions, we provide project financing for banks, industries and businesses. We also work with publicly owned companies to support privatisation, restructure state-owned firms and improve municipal services. Wherever we are active, we promote policies that bolster the business climate.
Please note that not all types of contracts and advertisements are listed in cinfoPoste. Find all of them, including local positions as well as specific programmes here, while consultancies are here.
Find in-depth information on careers with EBRD and related cinfo's support on cinfo.ch: Visit the organisation's profile
Job description
Verify your compatibility with this job ad
The compatibility is only an indication and should not discourage you from applying if you think your profile matches. It is also not taken into consideration for recruitment.
Requisition ID
36870
Office Country
United Kingdom
Office City
London
Division
Information Technology
Contract Type
Fixed Term
Contract Length
3 years
Posting End Date
22/07/2026
Purpose of Job
The Principal, Quality Engineering leads the quality engineering strategy for a business-aligned capability or a technology-aligned practice, including tooling, resourcing, CoP engagement, operational resilience, automation and ensuring security standards are maintained for the capability which helps in ensuring and maintaining the quality of EBRD's platforms and technology solutions.
The Principal acts as the quality authority to multi-disciplinary platform or software engineering capabilities, with direct responsibility for setting the overall quality direction and design approaches for one or more squads, ensuring adherence to best practices, EBRD standards, and quality requirements.
This position provides leadership and direction for a team of internal and external Quality Engineering professionals, ensuring the effective governance, assurance, and delivery of quality outcomes across EBRD enterprise platform programmes. The role drives quality standards, test strategy, automation, assurance, and continuous improvement to support the secure, resilient, and successful delivery of business-critical technology solutions.
They will manage the quality activities for multiple assigned projects or programs, responsible for the strategic guidance of quality and the associated quality planning activities and ensuring that key stakeholders are engaged and informed with accurate, targeted, and timely information.
They will work closely with the project resourcing managers in order to effectively manage project resourcing plans in an efficient and lean group.
Accountabilities and Responsibilities
- Requirements and Analysis
- Collaborates with Cyber Security Architects, Product Owners, and Business Analysts to ensure security considerations are embedded in user stories and acceptance criteria. This includes authentication flows, data encryption requirements, and regulatory compliance.
- Conducts and oversees comprehensive risk assessments to identify potential security threats ? both functional (e.g. role-based access issues) and non-functional (e.g. performance under attack simulations). Prioritises risk mitigation and remediation activities accordingly.
- Test Planning and Strategy
- Defines and owns the security testing strategy for products or domains under the cyber security capability, ensuring alignment with organisational risk appetite. Incorporates both functional security tests (e.g. role-based access checks) and non-functional security tests (e.g. penetration testing, threat modelling).
- Oversees and coordinates integration of security testing into CI/CD pipelines. This includes static and dynamic code analysis, dependency checks, and container scanning, ensuring teams catch vulnerabilities early.
- Test Design and Execution
- Participates in solution design discussions with cyber architects and senior engineers to ensure secure coding standards, encryption protocols, and identity management solutions are testable and robust.
- Drives adoption and standardisation of security testing frameworks ? covering areas like penetration testing, vulnerability scanning, and threat simulation ? across squads within the cyber security remit.
- Identifies and champions automation projects that detect vulnerabilities in near real-time (e.g. automated vulnerability scanning, container integrity checks), reducing attack surfaces and accelerating feedback loops.
- Collaboration and Agile Ceremonies
- Advocates for the inclusion of explicit security acceptance criteria in sprint planning and backlog refinement. Ensures squads incorporate security-related user stories, threat models, and test cases.
- Works with security governance, risk and compliance teams, as well as broader IT stakeholders, to align on security standards, share best practices, and coordinates enterprise-wide security initiatives.
- Defect Management
- Implements structured processes for categorising and prioritising security vulnerabilities (e.g. CVSS scoring, regulatory compliance impact). Ensures timely fixes for high-severity issues, balancing business priorities with risk exposure.
- Facilitates post-incident reviews for security breaches or near-miss events, driving remediation and systemic improvements (e.g. adopting stricter encryption, improving logging or monitoring).
- Continuous Improvement and Quality Advocacy
- Serves as the primary advocate for secure engineering practices across the cyber security domain. Promote ?shift-left? security testing, encouraging developers to adopt secure coding and testing practices from inception.
- Leads initiatives that incorporate frameworks such as ISO 27001, NIST, PCI-DSS, or OWASP into everyday engineering processes. Ensures compliance while driving continuous improvements to security posture.
- Data Analysis and Reporting
- Develops and presents metrics on security-related coverage (e.g. vulnerability detection rates, patch compliance), application defects, and real-time threat intelligence to senior leadership.
- Champions advanced tools for anomaly detection (e.g. SIEM solutions, machine learning-driven threat hunting) that anticipate security risks before they escalate.
- Technical and Domain Expertise
- Maintains deep domain knowledge of cyber threats, secure coding patterns, and regulatory landscapes. Guides teams in designing secure solutions that meet both functional user needs and non-functional resilience standards.
- Researches and recommends new technologies ? such as next-generation firewalls, zero-trust frameworks, or AI-driven threat detection ? to enhance the organisation's security toolkit.
- Mentorship and Knowledge Sharing
- Mentors and coaches security-focused Quality Engineers, sharing expertise on vulnerability analysis, secure code reviews, and automated security testing. Provides structured learning paths for emerging threats and tools.
- Establishes and leads security guilds or working groups, ensuring consistent security testing approaches and effective communication of threats, remediations, and lessons learnt across squads.
- ITSM and Service Continuity
- Aligns security testing with service continuity strategies, ensuring plans include resilience against cyber-attacks (e.g. DDoS defense) and compliance with ITSCM (IT Service Continuity Management) requirements.
- Takes a lead role in responding to critical security incidents (e.g. data breaches, ransomware attacks). Coordinates cross-functional efforts, communicates status to senior management, and validates that recovery efforts meet compliance and business continuity standards.
Knowledge, Skills, Experience and Qualifications
- Holds ISTQB Advanced Test Manager or an equivalent recognised certification in test management, or demonstrable experience.
- May hold ISTQB Advanced Security Tester, CISM, CISSP, GIAC GSEC.
- Qualification in IT Service Management, such as ITIL v3 or v4 Foundation or equivalent.
- Demonstrates comprehensive QA leadership across advanced automation, performance, shift-left, or shift-right testing.
- Integrates Agile or DevOps at scale, possibly merges with ITIL v4 for QA?Ops synergy.
- Demonstrable experience in Quality Engineering management and operations within an agile, product focused IT department, ideally within a financial institution
- Experience in code branching strategies (GitFlow, BitBucket, ADO, etc.) and integration of quality into CI/CD pipelines.
- Experienced in advanced AI/ML approaches for improving quality efficiency and effectiveness, analytics, defect identification, understanding how AI can enhance quality processes.
- Provides expert security testing via MITRE ATT&CK, advanced vulnerability management, DevSecOps.
- Familiar with PCI-DSS, ISO 27001, NIST frameworks, large-scale compliance audits.
- Applies chaos engineering (Gremlin, Chaos Mesh) for failover or resilience.
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values ? Inclusiveness, Innovation, Trust, and Responsibility ? are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in.
- A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
- A hybrid workplace that offers flexibility to teams and individuals; that is based on trust, flexibility and connectedness.
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
- A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bank's core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).
View details
Working hours (%): 80-100% / 100%
80-100% / 100%Macro-area: Western and Central Europe without Switzerland
Area of work Definition: Information and Communication Technology

