DevSecOps Specialist

Job Purpose
The DevSecOps specialist is responsible for embedding security into the software development lifecycle (SDLC) and CI/CD pipelines, ensuring applications and cloud-native workloads are secure by design. Reporting to the Head Application Security & Red Team Operations, this role acts as a technical enabler for development teams, integrating automated security controls, conducting secure code reviews, and supporting offensive/defensive testing practices.

The role requires solid technical skills and hands-on experience in security automation, developer enablement and collaborative support to enable rapid, secure delivery of Bank applications.

Key Responsibilities

• Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, container scans, IaC security).
• Collaborate with developers to implement the Bank's secure coding standards and security minimum baseline requirements.
• Apply security best practices to cloud-native applications and containerized environments.
• Conduct cloud security posture reviews and integrate automated compliance checks into build pipelines.
• Ensure secrets management, identity, and zero-trust principles are applied within DevOps pipelines.
• Support red team and penetration testing activities by fixing identified vulnerabilities and integrating findings into pipelines.
• Conduct targeted manual application security testing.
• Provide technical remediation guidance to developers and DevOps teams.
• Provide training and awareness to developers on secure coding, CI/CD security, and threat modeling.
• Contribute to cross-team incident response efforts for application-related vulnerabilities.
• Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
• Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
• Ensure pipelines meet compliance requirements i.e., NIST CSF & ISO 27001

Job Dimensions
Financial Responsibility:

Job Specifications

Academic Qualifications

• Bachelor's Degree in IT, Technology, Cyber Security, or a related field – mandatory

Professional Qualifications / Membership To Professional Bodies/ Publication

• Microsoft Certified: Azure Security Engineer Associate (AZ-500)
• Offensive Security Certifications
• AWS Certified Security – Specialty
• Certified Red Team Certifications
• Certified Secure Software Lifecycle Proffessional (CSSLP)
• Cloud Pentester Certifications
• Membership in recognised cyber security professional associations
• ISO/IEC 27001 Lead Implementer/Auditor

Work Experience Required

• 5-7 years of progressive experience in cyber security.
• Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
• Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
• Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
• Demonstrated experience in integrating threat intelligence into testing and defence strategies.

Competencies

• Strong understanding of adversarial tactics, techniques, and procedures (TTPs) and their countermeasures
• Familiarity with threat modeling, OWASP Top 10, MITRE ATT&CK, and secure coding practices.
• Hands-on experience with CI/CD platforms (Jenkins, GitLab CI, GitHub Actions, Azure DevOps, CircleCI)
• Strong technical expertise in cloud security, CI/CD pipelines, secure SDLC, SAST/DAST, penetration testing, threat modeling, and container security.
• Scripting and automation skills (Python, Bash, PowerShell, or Go)
• Exceptional analytical and problem-solving skills, with the ability to design and execute creative attack simulations.
• Hands-on knowledge of offensive security tools, frameworks, and red team methodologies.
• Excellent leadership skills, with the ability to inspire and develop high-performing teams.
• High ethical standards, integrity, and commitment to responsible security testing practices.

If you believe you meet the above requirements log onto our and click on careers and apply for the position. Your application should reach us as soon as possible but not later than 3rd September 2025.