
Devsecops Specialist
I&m Bank
Nairobi | Full Time | Banking / Financial Services
Closing in 1 week from now
Key Responsibilities
- Integrate security controls into CI/CD pipelines SAST, DAST, SCA, container scans, IaC security.
- Collaborate with developers to implement the Bank’s secure coding standards and security minimum baseline requirements.
- Apply security best practices to cloud-native applications and containerized environments.
- Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
- Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
- Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
- Conduct targeted manual application security testing.
- Provide technical remediation guidance to developers and DevOps teams.
- Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
- Contribute to cross-team incident response efforts for application-related vulnerabilities.
- Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
- Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
- Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001
Job Specifications
Academic Qualifications
- Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory
Professional Qualifications / Membership to professional bodies/ Publication
- Microsoft Certified: Azure Security Engineer Associate AZ-500
- Offensive Security Certifications
- AWS Certified Security – Specialty
- Certified Red Team Certifications
- Certified Secure Software Lifecycle Proffessional CSSLP
- Cloud Pentester Certifications
- Membership in recognised cyber security professional associations
- ISO/IEC 27001 Lead Implementer/Auditor
Work Experience Required
- 5-7 years of progressive experience in cyber security.
- Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
- Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
- Strong background in vulnerability assessment, adversarial emulation frameworks e.g., MITRE ATT&CK, CALDERA, C2 frameworks, and purple teaming.
- Demonstrated experience in integrating threat intelligence into testing and defence strategies.
Never miss a chance!
Subscribe to get latest job listings, career insights and guidance in your inbox