• 0
    Notifications 0 new
    You have no notifications.
Post New Job

DevSecOps Specialist

Full time @I&M Bank limited posted 2 weeks ago in IT/Telcom
  • Nairobi, Nairobi County, Kenya, 01000 View on Map
  • Post Date : August 31, 2025
  • Salary: Ksh35,000.00 - Ksh100,000.00 / Monthly
  • 0 Click(s)
  • View(s) 41
Email Job

Job Detail

  • Job ID 4294
  • Offered Salary  1000
  • Career Level  Others
  • Experience  5 Years
  • Gender  Both
  • Industry  IT/Telcom
  • Qualifications  Diploma/Degree/Masters
  • State  Nairobi
  • City  Nairobi

Job Description

DevSecOps Specialist

Information & Cyber Security – Nairobi, Nairobi

Job Purpose

The DevSecOps specialist is responsible for embedding security into the software development lifecycle (SDLC) and CI/CD pipelines, ensuring applications and cloud-native workloads are secure by design. Reporting to the Head Application Security & Red Team Operations, this role acts as a technical enabler for development teams, integrating automated security controls, conducting secure code reviews, and supporting offensive/defensive testing practices.

 

The role requires solid technical skills and hands-on experience in security automation, developer enablement and collaborative support to enable rapid, secure delivery of Bank applications.

Key Responsibilities

  • Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, container scans, IaC security).
  • Collaborate with developers to implement the Bank’s secure coding standards and security minimum baseline requirements.
  • Apply security best practices to cloud-native applications and containerized environments.
  • Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
  • Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
  • Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
  • Conduct targeted manual application security testing.
  • Provide technical remediation guidance to developers and DevOps teams.
  • Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
  • Contribute to cross-team incident response efforts for application-related vulnerabilities.
  • Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
  • Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
  • Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001

Job Dimensions:

Financial Responsibility:

 

Job Specifications

Academic Qualifications

·        Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory

Professional Qualifications / Membership to professional bodies/ Publication

  • Microsoft Certified: Azure Security Engineer Associate (AZ-500)
  • Offensive Security Certifications
  • AWS Certified Security – Specialty
  • Certified Red Team Certifications
  • Certified Secure Software Lifecycle Proffessional (CSSLP)
  • Cloud Pentester Certifications
  • Membership in recognised cyber security professional associations
  • ISO/IEC 27001 Lead Implementer/Auditor

Work Experience Required

  • 5-7 years of progressive experience in cyber security.
  • Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
  • Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
  • Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
  • Demonstrated experience in integrating threat intelligence into testing and defence strategies.

Competencies:

  • Strong understanding of adversarial tactics, techniques, and procedures (TTPs) and their countermeasures
  • Familiarity with threat modeling, OWASP Top 10, MITRE ATT&CK, and secure coding practices. ● Hands-on experience with CI/CD platforms (Jenkins, GitLab CI, GitHub Actions, Azure DevOps, CircleCI)
  • Strong technical expertise in cloud security, CI/CD pipelines, secure SDLC, SAST/DAST, penetration testing, threat modeling, and container security.
  • Scripting and automation skills (Python, Bash, PowerShell, or Go)
  • Exceptional analytical and problem-solving skills, with the ability to design and execute creative attack simulations.
  • Hands-on knowledge of offensive security tools, frameworks, and red team methodologies. ● Excellent leadership skills, with the ability to inspire and develop high-performing teams.
  • High ethical standards, integrity, and commitment to responsible security testing practices.

If you believe you meet the above requirements log onto our www.imbankgroup.com/ke and click on careers and apply for the position. Your application should reach us as soon as possible but not later than 3rd September 2025.

Other jobs you may like

 
Required 'Candidate' login to applying this job. Click here to logout And try again
 
 
 
 

Apply for this Job

  • Drop a resume file or click to upload.
    To upload file size is (Max 5Mb) and allowed file types are (.doc, .docx, .pdf)
    or
    Upload Resume
  • Upload Cover Letter

    To upload file size is (Max 1Mb) and allowed file types are (.doc, .docx, .pdf)

  • By clicking checkbox, you agree to our Terms and Conditions and Privacy Policy

 

Job Alerts

 

Account Activation

Before you can login, you must activate your account with the code sent to your email address. If you did not receive this email, please check your junk/spam folder. Click here to resend the activation email. If you entered an incorrect email address, you will need to re-register with the correct email address.