DevSecOps Specialist at I&M Bank

Key Responsibilities

• Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, container scans, IaC security).
• Collaborate with developers to implement the Bank’s secure coding standards and security minimum baseline requirements.
• Apply security best practices to cloud-native applications and containerized environments.
• Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
• Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
• Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
• Conduct targeted manual application security testing.
• Provide technical remediation guidance to developers and DevOps teams.
• Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
• Contribute to cross-team incident response efforts for application-related vulnerabilities.
• Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
• Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
• Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001

Job Specifications

Academic Qualifications

• Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory

Professional Qualifications / Membership to professional bodies/ Publication  

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Offensive Security Certifications
• AWS Certified Security – Specialty
• Certified Red Team Certifications
• Certified Secure Software Lifecycle Proffessional (CSSLP)
• Cloud Pentester Certifications
• Membership in recognised cyber security professional associations
• ISO/IEC 27001 Lead Implementer/Auditor  

Work Experience Required

• 5-7 years of progressive experience in cyber security.
• Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
• Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
• Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
• Demonstrated experience in integrating threat intelligence into testing and defence strategies.