Vacancies at I&M Bank

Key Responsibilities

• Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, container scans, IaC security).
• Collaborate with developers to implement the Bank’s secure coding standards and security minimum baseline requirements.
• Apply security best practices to cloud-native applications and containerized environments.
• Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
• Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
• Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
• Conduct targeted manual application security testing.
• Provide technical remediation guidance to developers and DevOps teams.
• Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
• Contribute to cross-team incident response efforts for application-related vulnerabilities.
• Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
• Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
• Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001

Job Specifications

Academic Qualifications

• Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory

Professional Qualifications / Membership to professional bodies/ Publication  

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Offensive Security Certifications
• AWS Certified Security – Specialty
• Certified Red Team Certifications
• Certified Secure Software Lifecycle Proffessional (CSSLP)
• Cloud Pentester Certifications
• Membership in recognised cyber security professional associations
• ISO/IEC 27001 Lead Implementer/Auditor  

Work Experience Required

• 5-7 years of progressive experience in cyber security.
• Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
• Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
• Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
• Demonstrated experience in integrating threat intelligence into testing and defence strategies.

go to method of application »

The role requires a strategic, hands-on cyber leader with deep expertise in threat emulation, vulnerability exploitation, and adversary simulation, as well as the ability to partner closely with other security and technology teams to strengthen the Group’s defensive posture.

Key Responsibilities

• Develop, implement, and maintain the Group’s Red Team strategy, ensuring realistic simulation of cyber threats, including advanced persistent threats (APTs), insider threats, and emerging attack vectors.
• Assist with CyberSecurity Forensics.
• Oversee targeted threat hunting initiatives, leveraging threat intelligence and advanced analytics to identify potential breaches and vulnerabilities.
• Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
• Direct incident simulation and adversarial testing exercises to validate the effectiveness of security controls, processes, and incident response readiness.
• Lead red team/purple team engagements to evaluate the resilience of critical assets and infrastructure.
• Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
• Establish and maintain key cyber resilience metrics, reporting to executive leadership and governance forums on threat trends, testing outcomes, and operational readiness.
• Select, deploy, and optimise advanced testing and adversary simulation tools and platforms to enhance operational capability.
• Embed cloud security controls in CI/CD.  Build, mentor, and retain a high-performing red team and application security workforce capable of countering evolving and sophisticated threats.

Job Specifications

Academic Qualifications

• Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory
• Master’s Degree in Cyber Security, Information Assurance or a related field – desirable

Professional Qualifications / Membership to professional bodies/ Publication  

• Offensive Security Certifications
• Certified Red Team Certifications
• Certified Secure Software Lifecycle Proffessional (CSSLP)
• Cloud Pentester Certifications
• ISO/IEC 27001 Lead Implementer/Auditor 
• Membership in recognised cyber security professional associations (e.g., ISACA, SANS, ISC2)

Work Experience Required

• 10+ years of progressive experience in cyber security, with at least 5 years in a senior leadership role focused on Red Teaming, threat hunting, and adversary simulation within the financial services sector.
• Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
• Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
• Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
• Demonstrated experience in integrating threat intelligence into testing and defence strategies.
• Familiarity with banking regulations, data protection laws, and industry cyber security standards (e.g., NIST, ISO 27001).