DevSecOps Specialist at I&M Bank

I&M Bank

  • Nairobi
  • Permanent
  • Full-time
  • 6 days ago
Key Responsibilities
  • Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, container scans, IaC security).
  • Collaborate with developers to implement the Bank’s secure coding standards and security minimum baseline requirements.
  • Apply security best practices to cloud-native applications and containerized environments.
  • Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
  • Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
  • Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
  • Conduct targeted manual application security testing.
  • Provide technical remediation guidance to developers and DevOps teams.
  • Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
  • Contribute to cross-team incident response efforts for application-related vulnerabilities.
  • Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
  • Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
  • Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001
Job SpecificationsAcademic Qualifications
  • Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory
Professional Qualifications / Membership to professional bodies/ Publication
  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
  • Offensive Security Certifications
  • AWS Certified Security – Specialty
  • Certified Red Team Certifications
  • Certified Secure Software Lifecycle Proffessional (CSSLP)
  • Cloud Pentester Certifications
  • Membership in recognised cyber security professional associations
  • ISO/IEC 27001 Lead Implementer/Auditor
Work Experience Required
  • 5-7 years of progressive experience in cyber security.
  • Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
  • Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
  • Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
  • Demonstrated experience in integrating threat intelligence into testing and defence strategies.
Method of ApplicationInterested and qualified? Go to to applyBuild your CV for free.

Myjobmag