Requisition ID
36870
Office Country
United Kingdom
Office City
London
Division
Information Technology
Contract Type
Fixed Term
Contract Length
3 years
Posting End Date
22/07/2026
Purpose of Job
The Principal, Quality Engineering leads the quality engineering strategy for a business-aligned capability or a technology-aligned practice, including tooling, resourcing, CoP engagement, operational resilience, automation and ensuring security standards are maintained for the capability which helps in ensuring and maintaining the quality of EBRD's platforms and technology solutions.
The Principal acts as the quality authority to multi-disciplinary platform or software engineering capabilities, with direct responsibility for setting the overall quality direction and design approaches for one or more squads, ensuring adherence to best practices, EBRD standards, and quality requirements.
This position provides leadership and direction for a team of internal and external Quality Engineering professionals, ensuring the effective governance, assurance, and delivery of quality outcomes across EBRD enterprise platform programmes. The role drives quality standards, test strategy, automation, assurance, and continuous improvement to support the secure, resilient, and successful delivery of business-critical technology solutions.
They will manage the quality activities for multiple assigned projects or programs, responsible for the strategic guidance of quality and the associated quality planning activities and ensuring that key stakeholders are engaged and informed with accurate, targeted, and timely information.
They will work closely with the project resourcing managers in order to effectively manage project resourcing plans in an efficient and lean group.
Accountabilities and Responsibilities
- Requirements and Analysis
- Collaborates with Cyber Security Architects, Product Owners, and Business Analysts to ensure security considerations are embedded in user stories and acceptance criteria. This includes authentication flows, data encryption requirements, and regulatory compliance.
- Conducts and oversees comprehensive risk assessments to identify potential security threats – both functional (e.g. role-based access issues) and non-functional (e.g. performance under attack simulations). Prioritises risk mitigation and remediation activities accordingly.
- Test Planning and Strategy
- Defines and owns the security testing strategy for products or domains under the cyber security capability, ensuring alignment with organisational risk appetite. Incorporates both functional security tests (e.g. role-based access checks) and non-functional security tests (e.g. penetration testing, threat modelling).
- Oversees and coordinates integration of security testing into CI/CD pipelines. This includes static and dynamic code analysis, dependency checks, and container scanning, ensuring teams catch vulnerabilities early.
- Test Design and Execution
- Participates in solution design discussions with cyber architects and senior engineers to ensure secure coding standards, encryption protocols, and identity management solutions are testable and robust.
- Drives adoption and standardisation of security testing frameworks – covering areas like penetration testing, vulnerability scanning, and threat simulation – across squads within the cyber security remit.
- Identifies and champions automation projects that detect vulnerabilities in near real-time (e.g. automated vulnerability scanning, container integrity checks), reducing attack surfaces and accelerating feedback loops.
- Collaboration and Agile Ceremonies
- Advocates for the inclusion of explicit security acceptance criteria in sprint planning and backlog refinement. Ensures squads incorporate security-related user stories, threat models, and test cases.
- Works with security governance, risk and compliance teams, as well as broader IT stakeholders, to align on security standards, share best practices, and coordinates enterprise-wide security initiatives.
- Defect Management
- Implements structured processes for categorising and prioritising security vulnerabilities (e.g. CVSS scoring, regulatory compliance impact). Ensures timely fixes for high-severity issues, balancing business priorities with risk exposure.
- Facilitates post-incident reviews for security breaches or near-miss events, driving remediation and systemic improvements (e.g. adopting stricter encryption, improving logging or monitoring).
- Continuous Improvement and Quality Advocacy
- Serves as the primary advocate for secure engineering practices across the cyber security domain. Promote “shift-left” security testing, encouraging developers to adopt secure coding and testing practices from inception.
- Leads initiatives that incorporate frameworks such as ISO 27001, NIST, PCI-DSS, or OWASP into everyday engineering processes. Ensures compliance while driving continuous improvements to security posture.
- Data Analysis and Reporting
- Develops and presents metrics on security-related coverage (e.g. vulnerability detection rates, patch compliance), application defects, and real-time threat intelligence to senior leadership.
- Champions advanced tools for anomaly detection (e.g. SIEM solutions, machine learning-driven threat hunting) that anticipate security risks before they escalate.
- Technical and Domain Expertise
- Maintains deep domain knowledge of cyber threats, secure coding patterns, and regulatory landscapes. Guides teams in designing secure solutions that meet both functional user needs and non-functional resilience standards.
- Researches and recommends new technologies – such as next-generation firewalls, zero-trust frameworks, or AI-driven threat detection – to enhance the organisation's security toolkit.
- Mentorship and Knowledge Sharing
- Mentors and coaches security-focused Quality Engineers, sharing expertise on vulnerability analysis, secure code reviews, and automated security testing. Provides structured learning paths for emerging threats and tools.
- Establishes and leads security guilds or working groups, ensuring consistent security testing approaches and effective communication of threats, remediations, and lessons learnt across squads.
- ITSM and Service Continuity
- Aligns security testing with service continuity strategies, ensuring plans include resilience against cyber-attacks (e.g. DDoS defense) and compliance with ITSCM (IT Service Continuity Management) requirements.
- Takes a lead role in responding to critical security incidents (e.g. data breaches, ransomware attacks). Coordinates cross-functional efforts, communicates status to senior management, and validates that recovery efforts meet compliance and business continuity standards.
Knowledge, Skills, Experience and Qualifications
- Holds ISTQB Advanced Test Manager or an equivalent recognised certification in test management, or demonstrable experience.
- May hold ISTQB Advanced Security Tester, CISM, CISSP, GIAC GSEC.
- Qualification in IT Service Management, such as ITIL v3 or v4 Foundation or equivalent.
- Demonstrates comprehensive QA leadership across advanced automation, performance, shift-left, or shift-right testing.
- Integrates Agile or DevOps at scale, possibly merges with ITIL v4 for QA–Ops synergy.
- Demonstrable experience in Quality Engineering management and operations within an agile, product focused IT department, ideally within a financial institution
- Experience in code branching strategies (GitFlow, BitBucket, ADO, etc.) and integration of quality into CI/CD pipelines.
- Experienced in advanced AI/ML approaches for improving quality efficiency and effectiveness, analytics, defect identification, understanding how AI can enhance quality processes.
- Provides expert security testing via MITRE ATT&CK, advanced vulnerability management, DevSecOps.
- Familiar with PCI-DSS, ISO 27001, NIST frameworks, large-scale compliance audits.
- Applies chaos engineering (Gremlin, Chaos Mesh) for failover or resilience.
What is it like to work at the EBRD? / About EBRD
Our agile and innovative approach is what makes life at the EBRD a unique experience! You will be part of a pioneering and diverse international organisation, and use your talents to make a real difference to people's lives and help shape the future of the regions we invest in.
At EBRD, our Values – Inclusiveness, Innovation, Trust, and Responsibility – are at the heart of how we work. We bring these to life through our Workplace Behaviours: listening well and speaking up, collaborating smartly, acting decisively with full commitment, and simplifying to amplify our impact. These principles shape our culture and define our success. We seek individuals who not only share these values but are also committed to embedding them in their daily work, fostering a positive and high-performing environment.
The EBRD environment provides you with:
- Varied, stimulating and engaging work that gives you an opportunity to interact with a wide range of experts in the financial, political, public and private sectors across the regions we invest in.
- A working culture that embraces inclusion and celebrates diversity. Our workforce reflects a broad range of backgrounds, perspectives, and experiences, bringing fresh ideas, energy, and innovation and enhancing our ability to serve our clients, shareholders, and counterparties effectively.
- A hybrid workplace that offers flexibility to teams and individuals; that is based on trust, flexibility and connectedness.
- An environment that places sustainability, equality and digital transformation at the heart of what we do.
- A workplace that prioritises employee wellbeing and provides a comprehensive suite of competitive benefits.
Diversity is one of the Bank’s core values which are at the heart of everything it does. As such, the EBRD seeks to ensure that everyone is treated with respect and given equal opportunities and works in an inclusive environment. The EBRD encourages all qualified candidates who are nationals of the EBRD member countries to apply regardless of their racial, ethnic, religious and cultural background, gender, gender identity, sexual orientation, age, socio-economic background or disability.
Please note, that due to the high volume of applications received, we regret to inform you that we are unable to provide detailed feedback to candidates who have not been shortlisted (for further consideration).