MENU
I&M Bank
Devsecops Specialist

I&m Bank

Nairobi | Full Time | Banking / Financial Services

Closing in 1 week from now

Key Responsibilities

  • Integrate security controls into CI/CD pipelines SAST, DAST, SCA, container scans, IaC security.
  • Collaborate with developers to implement the Bank’s secure coding standards and security minimum baseline requirements.
  • Apply security best practices to cloud-native applications and containerized environments.
  • Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
  • Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
  • Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
  • Conduct targeted manual application security testing.
  • Provide technical remediation guidance to developers and DevOps teams.
  • Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
  • Contribute to cross-team incident response efforts for application-related vulnerabilities.
  • Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
  • Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
  • Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001

Job Specifications

Academic Qualifications

  • Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory

Professional Qualifications / Membership to professional bodies/ Publication  

  • Microsoft Certified: Azure Security Engineer Associate AZ-500
  • Offensive Security Certifications
  • AWS Certified Security – Specialty
  • Certified Red Team Certifications
  • Certified Secure Software Lifecycle Proffessional CSSLP
  • Cloud Pentester Certifications
  • Membership in recognised cyber security professional associations
  • ISO/IEC 27001 Lead Implementer/Auditor  

Work Experience Required

  • 5-7 years of progressive experience in cyber security.
  • Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
  • Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
  • Strong background in vulnerability assessment, adversarial emulation frameworks e.g., MITRE ATT&CK, CALDERA, C2 frameworks, and purple teaming.
  • Demonstrated experience in integrating threat intelligence into testing and defence strategies.

Never miss a chance!

Subscribe to get latest job listings, career insights and guidance in your inbox