Lead Application Security & Red Team Operations at I&M Bank

Job Purpose

The Group Head Application Security & Red Team Operations is responsible for embedding security across the software development lifecycle, driving secure engineering practices, and leading proactive offensive security operations. This role will ensure applications and infrastructure are built, deployed, and operated securely while driving a robust red team program to continuously assess and improve the Bank’s cyber resilience.

The role requires a strategic, hands-on cyber leader with deep expertise in threat emulation, vulnerability exploitation, and adversary simulation, as well as the ability to partner closely with other security and technology teams to strengthen the Group’s defensive posture.

Key Responsibilities

• Develop, implement, and maintain the Group’s Red Team strategy, ensuring realistic simulation of cyber threats, including advanced persistent threats (APTs), insider threats, and emerging attack vectors.
• Assist with CyberSecurity Forensics.
• Oversee targeted threat hunting initiatives, leveraging threat intelligence and advanced analytics to identify potential breaches and vulnerabilities.
• Collaborate with the Group SOC team to translate intelligence into actionable detection and defence improvements.
• Direct incident simulation and adversarial testing exercises to validate the effectiveness of security controls, processes, and incident response readiness.
• Lead red team/purple team engagements to evaluate the resilience of critical assets and infrastructure.
• Partner with the SOC, Technology, Risk, and Compliance teams to ensure defensive measures align with regulatory requirements, internal policies, and industry best practices.
• Establish and maintain key cyber resilience metrics, reporting to executive leadership and governance forums on threat trends, testing outcomes, and operational readiness.
• Select, deploy, and optimise advanced testing and adversary simulation tools and platforms to enhance operational capability.
• Embed cloud security controls in CI/CD.  Build, mentor, and retain a high-performing red team and application security workforce capable of countering evolving and sophisticated threats.

Job Specifications

Academic Qualifications

• Bachelor’s Degree in IT, Technology, Cyber Security, or a related field – mandatory

·   Master’s Degree in Cyber Security, Information Assurance or a related field – desirable

Professional Qualifications / Membership to professional bodies/ Publication  

• Offensive Security Certifications
• Certified Red Team Certifications
• Certified Secure Software Lifecycle Proffessional (CSSLP)
• Cloud Pentester Certifications
• ISO/IEC 27001 Lead Implementer/Auditor 
• Membership in recognised cyber security professional associations (e.g., ISACA, SANS, ISC2)

Work Experience Required

• 10+ years of progressive experience in cyber security, with at least 5 years in a senior leadership role focused on Red Teaming, threat hunting, and adversary simulation within the financial services sector.
• Proven track record in planning and executing complex red team and penetration testing engagements against advanced threat actors.
• Hands-on expertise in exploitation techniques, attack path development, and evasion tactics.
• Strong background in vulnerability assessment, adversarial emulation frameworks (e.g., MITRE ATT&CK, CALDERA, C2 frameworks), and purple teaming.
• Demonstrated experience in integrating threat intelligence into testing and defence strategies.
• Familiarity with banking regulations, data protection laws, and industry cyber security standards (e.g., NIST, ISO 27001).

Competencies:

• Deep technical knowledge of Application, DevSecOps and offensive security.
• Strong understanding of adversarial tactics, techniques, and procedures (TTPs) and their countermeasures.
• Strong technical expertise in cloud security, CI/CD pipelines, secure SDLC, SAST/DAST, penetration testing, threat modeling, and container security.
• Exceptional analytical and problem-solving skills, with the ability to design and execute creative attack simulations.
• Hands-on knowledge of offensive security tools, frameworks, and red team methodologies. ● Excellent leadership skills, with the ability to inspire and develop high-performing teams.
• Strong stakeholder engagement and communication skills, capable of influencing executive decision-making.
• Strategic mindset, aligning cyber defence and testing capabilities with business objectives and evolving threat landscapes.
• High ethical standards, integrity, and commitment to responsible security testing practices.

Apply

If you believe you meet the above requirements log onto our
www.imbankgroup.com/ke and click on careers and apply for the position. Your application should reach us as soon as possible but not later than 3rd September 2025.