We bring an Out of the Ordinary approach to creating and managing wealth.
Founded in South Africa as a small finance company, today we offer clients our services as a global bank and asset management group.
Follow us on LinkedIn for unique insights from leading minds within the world of finance and Out of the Ordinary stories about our people, communit...
Read more about this company
Description
- Are you passionate about building clean, reliable applications? Do you enjoy collaborating across teams to solve real problems? Does working in a supportive environment where learning matters appeal to you?
- We need someone to help design, develop, and look after high-quality back-end services. This means contributing to technical discussions, helping shape how things are built, and caring about quality at every step.
A Good Fit?
- Do you take pride in writing clear, well-tested code? Are you someone who enjoys sharing ideas and learning from others? Do you like improving how things work — not just what gets built? This opportunity suits someone comfortable in Agile settings, curious by nature, and able to communicate warmly across engineering and business functions. Balancing speed and quality comes naturally — and helping others grow matters to you.
Day to Day
- The day-to-day centres on designing and building back-end services and APIs in C# and ASP.NET. Code reviews, pair programming, and collaborative problem-solving are all part of the rhythm.
- On the infrastructure side, the focus includes working in Azure, using containers and CI/CD tooling such as Docker, Kubernetes, and Azure DevOps. Keeping things tested, documented, and easy to maintain is a shared priority.
- Could you see yourself contributing to how an organisation builds and ships its applications? This includes helping refine coding standards, testing approaches, and deployment practices. Maintaining documentation such as Standard Operating Procedures also features as part of the picture.
Bring Along
Qualifications:
- Degree (NQF 7 or higher) in Computer Science, Information Technology, or a related discipline
- A postgraduate qualification is a bonus
Essential:
- Hands-on development covering C# and ASP.NET
- Azure cloud development experience
- Comfort using cloud storage solutions
- Familiarity covering DevOps tooling — Azure DevOps
- Understanding of object-oriented principles, design patterns, and Agile ways of working (Scrum, Kanban)
- Ability to analyse, troubleshoot, and modify complex systems
- Familiarity covering unit testing and code quality tools such as SonarQube
Nice to Have:
- Awareness of security, performance tuning, and scalability practices
- Infrastructure as Code know-how
- Power Platform and D365 experience
- A collaborative communication style and attention to detail
go to method of application »
Description
- The Programme and Project Management Lead is a functional leadership role responsible for end-to-end programme and project management at Investec Bank (Switzerland) AG; ensuring an efficient design of the bank by managing the project portfolio and aligning the operational model to the strategy of Investec's international businesses (Bank and Wealth). The operational model refers to all the services, processes and systems required in line with the bank's value chain.
Key Responsibilities
- Assessing the overall business needs in order to implement the strategy, and in conjunction with Executive Management across the Investec Group (Bank and Wealth), project sponsors and department heads, identifying specific actions, deliverables, and projects & initiatives.
- Managing the collective project portfolio (programme management).
- Project managing a wide variety of international and cross-jurisdictional projects across all departments, which includes work such as: drafting business case outlines, requirement gathering, planning, budgeting, status monitoring, task tracking, RAIDD logs, project documentation, presentations, coordination with involved business areas, running progress meetings and workshops, etc.
- Developing and maintaining roadmaps and balanced scorecards to monitor implementation of projects/programmes in line with the business strategy.
- Resource and people management, involving discussing and analysing all the related project challenges with Executive Management, sponsors and department heads.
- Business analyst work, such as: identifying and implementing opportunities to optimise processes and systems in order to free up resources within the operational/transactional areas that are running the bank; liaising with business areas and performing gap analyses to improve the quality and efficiency of the operational model; ensuring an effective and integrated end-to-end process and system design.
- Working closely with IT to structure applications and infrastructure to ensure that processes are automated where appropriate and systems are providing the functionalities required by the business in an efficient manner.
- Presentation of programme and project status reports to the IBSAG/IWI/IBP Executive Management and Investec Bank (Switzerland) AG Board of Directors.
- Utilising project managers from other areas of the Investec Group where appropriate and managing their delivery.
- Building market knowledge, exchanging information with peers, understanding what competitors are doing and being aware of companies who are providing new services in the market which may benefit a project.
Experience, skill and capability
- Project management qualifications and experience.
- Experience with managing a wide variety of international projects.
- Strong inter-personal communication skills on a senior, executive management level.
- Strong leadership and people management experience.
- Excellent organisational and influencing skills.
- Detailed knowledge of financial services, in particular private banking and wealth management, and the key geographical markets.
- Proficient presentation skills.
- Proficient IT user knowledge, in particular with MS Office (Excel, Access, Word, PowerPoint, SharePoint).
- Good at building a widespread internal network.
- Proven ability to contribute and work well as part of a team, in particular running meetings.
- Troubleshooting and problem-solving attitude. Able to determine the root cause of problems and evaluate appropriate measures considering their efficiency and practicability.
- Using (analytical) logic reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or different approaches.
- Interest in keeping up-to-date with technology trends and digitalisation to ensure innovation and technological improvement.
- Level-headed with the ability to make tough, quick decisions.
- Thorough attention to detail.
- Proactive approach.
- Ability to manage across borders and different cultures.
go to method of application »
Description
- The Senior Penetration Tester is responsible for identifying, validating, and clearly communicating security vulnerabilities across Investec's applications, APIs, cloud-hosted services, and supporting infrastructure.
- The primary focus of the role is application security and penetration testing of modern web applications, APIs, and services deployed in Azure. The role also requires a strong understanding of identity and access attack paths, including Active Directory, Microsoft Entra ID, authentication flows, privilege escalation, and related cloud identity risks.
- The role works closely with development teams, platform teams, architects, and security stakeholders to plan and execute assessments, explain real-world risk, and support effective remediation. The successful candidate will combine hands-on offensive security testing with practical engineering enablement, helping teams improve security while supporting delivery.
- Red team and adversary simulation experience is advantageous, but the primary focus of the role is structured penetration testing.
Key responsibilities
Penetration Testing and Offensive Security
- Plan, scope, and execute penetration tests focused on web applications, APIs, and Azure-hosted services.
- Identify and safely validate vulnerabilities, including complex or chained attack paths, to demonstrate realistic impact.
- Conduct manual testing beyond automated scanning, with appropriate rules of engagement and care for production systems.
- Capture clear evidence of findings, exploitability, impact, and remediation validation.
Web, API and Application Testing
- Perform in-depth security testing of web applications and APIs, particularly modern Angular, .NET, and Azure-hosted environments.
- Assess application architecture, authentication, authorisation, API integrations, data flows, and trust boundaries.
- Test for common and complex application security issues, including access control flaws, injection, insecure configuration, SSRF, insecure deserialisation, and business logic weaknesses.
- Provide developers with practical remediation guidance and contribute to reusable AppSec testing patterns and methodologies.
Azure, Identity and Supporting Infrastructure Testing
- Assess Azure-hosted application environments, including identity, access control, managed identities, secrets handling, storage exposure, networking, and privilege escalation paths.
- Evaluate identity-related attack paths across Active Directory, Microsoft Entra ID, hybrid identity, service principals, privileged roles, conditional access, and authentication mechanisms.
- Test supporting infrastructure where it is relevant to application security, identity exposure, or platform risk.
- Apply red team or adversary simulation techniques where appropriate, while recognising that full-scope red teaming is not the primary focus of the role.
Reporting, Remediation and Risk Communication
- Produce clear penetration testing reports that explain findings, evidence, exploitability, risk, and impact.
- Translate technical vulnerabilities into actionable and prioritised remediation guidance.
- Communicate risk in terms of realistic attack paths, affected systems, business impact, and control weaknesses.
- Work with development, architecture, platform, and security teams to track, retest, and validate remediation.
Security Enablement and Collaboration
- Work closely with developers, architects, platform engineers, and security stakeholders to improve application security maturity.
- Support secure engineering practices across CI/CD pipelines, cloud deployment patterns, infrastructure as code, secrets management, and release processes.
- Contribute to application security standards, testing patterns, secure development guidance, and operational processes.
- Support peer review, methodology sharing, and technical guidance within the security team.
Qualifications, Experience and Skills
- Bachelor's degree in Computer Science, Information Technology, Engineering, Cyber Security, or a related discipline, or equivalent practical experience.
- Proven hands-on penetration testing experience, with strong depth in web application and API testing.
- Practical experience testing modern applications, preferably Angular, .NET, REST APIs, and Azure-hosted services.
- Strong understanding of secure software delivery and the ability to engage effectively with development teams.
- Experience working in enterprise environments where security, delivery, risk, and operational stability must be balanced.
Relevant Certifications
Desirable certifications include:
- OSCP, OSWE, OSEP, or equivalent offensive security certifications.
- Microsoft Azure, cloud security, application security, or identity-focused certifications.
- Red team certifications such as CRTO or CRTL are advantageous.
- Equivalent practical experience will be considered alongside formal certifications.
Technical Skills and Experience
Required
- Strong hands-on application and API penetration testing experience.
- Deep familiarity with web and API security issues, including OWASP Top 10, authentication and authorisation flaws, injection, insecure configuration, and business logic weaknesses.
- Working knowledge of modern web application architectures, particularly Angular, .NET/C#, TypeScript, REST APIs, and Azure-hosted application services.
- Ability to read and reason about application code, configuration, logs, and deployment artefacts.
- Practical Azure security testing experience, particularly around application hosting, identity, access control, managed identities, networking, storage, and secrets.
- Good understanding of Active Directory, Microsoft Entra ID, hybrid identity, authentication protocols, privilege escalation, and identity-based attack paths.
- Understanding of CI/CD pipelines, cloud-native deployment patterns, infrastructure as code, secrets management, and common software delivery risks.
- Scripting and automation ability using PowerShell, Bash, Python, or similar technologies.
- Experience with tools such as Burp Suite, Nmap, BloodHound, and relevant cloud or identity assessment tooling.
Advantageous
- Exposure to Java application environments.
- Experience with red teaming, adversary simulation, assumed breach testing, or purple team exercises.
- Exposure to AWS, Oracle Cloud, wireless testing, or broader infrastructure penetration testing.
- Familiarity with OWASP, MITRE ATT&CK, and relevant cloud security benchmarks.
- Experience developing reusable security testing tooling, scripts, or methodologies.
go to method of application »
Description
- We are looking for a Senior Cyber Security Incident Response Specialist to join our global Incident Response (IR) team. As an incident responder, your primary responsibility will be to triage, investigate and remediate reported security incidents within the environment. However, this role will also require you to become a key part in the development of the IR Team's capabilities, improving security monitoring workflows and developing custom tooling.
Key responsibilities
- Performing hands-on investigations of Cyber Security incidents from triage through to closure.
- Research and implement new playbooks that can be used within the IR team's SOAR platform.
- Continually assess the effectiveness of the SOAR platform and assist in developing strategic work items to improve the IR function.
- Assess potential threats to the environment, developing detection mechanisms and response methodologies.
- Conduct advanced investigations into targeted and persistent threats, using forensic, network, and behavioural analysis to uncover the full scope and impact of security incidents.
- Correlate evidence across endpoints, networks, and cloud platforms to reconstruct attack paths and identify adversary intent.
Core Competencies
- Ability to communicate technical information between different teams across the organisation
- Strong customer focused thinking
- Effective written and oral communication skills
- Strong documentation skills
- Willingness to share ideas and collaborate with various teams
Experience, skill and capability
- 4+ years of experience (or equivalent) with security analysis and incident response (e.g., working within a SOC/CSIRT/CERT) within regulated environments.
- Experience responding to and containing live security incidents such as ransomware, data breaches and advanced targeted attacks following a standard incident handling process.
- Expert skills in three or more of the following: SIEM, networking, EDR, SOAR or cloud infrastructure.
- Understand the totality of a threat across multiple technologies, demonstrating the ability to think like an attacker.
- You must be comfortable with conceptualizing, developing and delivering automated responses to security incidents.
- Experience in developing tooling integrations and creating custom toolsets for incident analysis.
- Vendor independent qualifications in Digital Forensics and Incident Response, e.g., GIAC, CREST, ISC2, EC-Council, IACIS, etc. would be beneficial.
- Experience working with Azure/MS365 offerings, common attack techniques utilized by threat actors against these platforms and potential IR responses.
- Solid understanding of technical and security domains fundamental to investigations and incident response including:
- Client-Server infrastructures, security architectures and related logging and alerting.
- TCP/IP networking with the ability to perform deep-dive network forensic analysis.
- File-system analysis with the ability to find and extract common disk-based indicators of compromise.
- Windows and Linux with emphasis on memory structures and ability to find common memory-based indicators of compromise.
- Malware analysis activities using behavioural techniques. Ability to perform dynamic and static analysis is an advantage.
go to method of application »
Description
- The team is responsible for developing and implementing all the IFRS 9 impairment and stress testing models, including climate stress testing. This is an excellent opportunity to get exposure to both retail and wholesale models. Model automation is a key focus area for the team. Strong programming skills and a background in machine learning would be helpful.
Experience, skills and capability
- A full understanding of the IFRS 9 impairment requirements.
- Research and implement new algorithms to automate model development.
- Develop IFRS 9 probability of default (PD) and loss given default (LGD) models.
- Consider approaches to incorporate climate risk into the models.
- Build relationships and liaise with key stakeholders from Business, Risk, Finance and Economics.
- Understand the synergies between IFRS 9 and stress testing models; and develop/enhance the stress test models.
- Work with the IT team to implement and test the models.
- Prepare model development documentation.
- Ensure a proper audit trail of all the analyses performed to assist the model validation team that must independently review all models.
- Monitor and backtest the performance of the models over time.
- Ensure stakeholder buy-in by preparing and presenting the models at various forums.
Qualifications
- A degree in Computer Science / Mathematics / Statistics / Econometrics / Engineering
- Strong Programming experience in Python
- Experience in a model development or validation environment required.
- Strong communication skills with the ability to articulate quantitative concepts to both technical and non-technical stakeholders.
- Critical analytical thinking and problem-solving skills.
- Mathematically inclined.
go to method of application »
Description
- Investec Sandton is looking for a Full stack developer (at least 5 years' experience) in the Business and Commercial Banking Tech – Borrowing-Based Facility team who will be part of the full application life cycle including, but not limited to, the evaluation of business requirements, system analysis and design, writing of technical specifications and diagrams, programming, unit testing, maintenance, and technical support of our applications.
Experience, skill and capability
- Qualification: B. Comm (Information Systems) / BSc (Computer Science) or relevant qualifications
- Proficient in Programming Languages: JavaScript, Typescript, .NET, C#
- Front-end Development: Knowledge of front-end technologies like HTML, CSS, and JavaScript frameworks – Angular - to build responsive and user-friendly web interfaces
- Back-end Development: Proficiency in server-side programming using frameworks and technologies such as Node.js, ASP.NET MVC, to handle server logic, data storage, and integration with databases
- Databases and Query Languages: Experience working with relational databases and understanding of SQL query languages, along with Liquibase understanding (advantageous)
- API Development and Integration: Ability to design, build, and consume RESTful APIs, as well as integrate with external APIs and services to exchange data between systems
- Version Control: Familiarity with version control systems like Git and understanding of branching, merging, and resolving conflicts to collaborate effectively with other developers
- Responsive Design and CSS Frameworks: Advantageous to have understand responsive design principles and experience with CSS frameworks like Bootstrap or Foundation to create visually appealing and mobile-friendly web applications
- Testing and Debugging: Ability to write unit tests, perform integration testing, and debug applications to ensure code quality, identify and fix issues, and improve overall reliability pre- and post-deployment
- Deployment and DevOps: Azure DevOps pipelines – develop infrastructure and code using bicep Proficiency in deploying applications to Azure DevOps for managing source code repositories, building and releasing applications, and implementing continuous integration and delivery processes (CI/CD) and infrastructure automation, including automated deployment pipelines
- Security Best Practices: Understanding of web application security concepts, such as Azure Active Directory (Azure AD) and the ability to integrate authentication and authorisation mechanisms into applications using Azure AD, data validation, and protection against common vulnerabilities
- Performance Optimisation: Experience in optimising application performance, including minimising load times, optimising database queries, and implementing caching mechanisms
- Problem Solving and Troubleshooting: Strong analytical and problem-solving skills to identify, debug, and resolve issues in both front-end and back-end components of applications
- Collaboration and Communication: Effective communication and collaboration skills to work in cross-functional teams, participate in code reviews, and communicate technical concepts to non-technical stakeholders
- Continuous Learning and Adaptability: Willingness to learn new technologies, keep up with industry trends, and adapt to evolving development practices and tools
go to method of application »
Description
- The Business Process Engineer (BPE) is a critical enabler within the Private Bank's transformation journey, responsible for creating end to end visibility, ownership, and optimisation of business processes. The role exists to redesign, simplify, and modernise processes to support a more efficient, scalable, and client centric operating model.
- The BPE maps and engineers workflows across teams, identifies duplicated or inefficient steps, removes friction for bankers, and designs automated or semi automated solutions that reduce manual workload. This role ensures alignment between business needs, client experience, and technology delivery by acting as the connective tissue between operations, product, and technology.
- With over 400 existing processes lacking ownership or review, the BPE brings rigour, governance, and industry best practice into process design. The role mitigates key risks—including operational inefficiency, slower time to market, increased audit exposure, and poor client experience—by establishing clear ownership, improving process quality, and supporting transformation initiatives.
- In essence, the Business Process Engineer ensures that the Private Bank's processes are streamlined, scalable, well governed, and designed for both efficiency and exceptional client experience, ultimately strengthening the bank's ability to deliver change successfully.
Key Responsibilities
End to End Process Mapping & Optimisation
- Map, document, and simplify end to end Private Bank processes across all teams and regions.
- Identify inefficiencies, duplication, manual workarounds, process gaps, and bottlenecks.
- Redesign workflows to improve clarity, reduce friction, and enhance client and banker experience.
- Define future state processes aligned to business strategy and tech modernisation requirements.
Workflow Re engineering & Automation Enablement
- Partner with Operations, Product, and Tech to design automated or semi automated solutions.
- Translate business processes into clear, structured inputs for technology teams.
- Reduce end to end processing times through process re engineering and optimisation.
- Ensure readiness for automation by embedding rigour in process standards and documentation.
Governance, Ownership & Process Library Management
- Establish clear ownership, accountability, and hand off points for each PB process.
- Build and maintain a structured, centralised process library that meets audit and compliance requirements.
- Conduct continuous relevance checks to ensure processes remain aligned to industry best practice.
- Support controls mapping and ensure process documentation meets regulatory and audit standards.
Client Journey & Experience Improvement
- Design intuitive, streamlined client journeys to eliminate delays and enhance service delivery.
- Map industry requirement changes (e.g., notification rules, decline reasons) into client workflows.
- Identify pain points and experience gaps and propose improvements.
Cross Functional Collaboration
- Work collaboratively with Regional Operations, Product Teams, Technology, Testing, and Risk.
- Act as the connective tissue between teams to ensure alignment, clarity, and timely delivery.
- Facilitate workshops and working sessions to co create process improvements.
Enablement of Testing, Controls & Quality Assurance
- Support creation of end to end business testing scenarios.
- Ensure processes underpinning products (e.g., statements, transaction codes) are accurate and complete.
- Strengthen internal controls through well designed workflows and improved documentation.
Support Strategic Transformation & Operating Model Shifts
- Ensure process optimisation keeps pace with Tech Modernisation and broader transformation initiatives.
- Enable faster technology delivery by reducing upstream inefficiencies and improving workflow clarity.
- Drive readiness for new operating models through improved process structure and governance.
Risk Identification & Mitigation
- Identify operational, client experience, technology, and governance risks embedded in current processes.
- Recommend mitigating actions to reduce inefficiency, regulatory exposure, and client dissatisfaction.
- Support the organisation in reducing repeat audit findings and improving compliance maturity.
Qualifications, Experience and Skills
- Bachelor's degree in Business Process Management, Industrial Engineering, Operations Management or a related field.
- Relevant certifications in Lean, Six Sigma, BPM, Agile, or Business Analysis (advantageous).
- 5+ years' experience in process engineering, business analysis, or operational improvement roles.
- Proven experience mapping and optimising end to end processes in complex, multi team environments.
- Experience working within financial services, particularly banking or payments, is highly advantageous.
- Demonstrated involvement in automation enablement, workflow redesign, or system modernisation initiatives.
- Strong background working with cross functional teams, including Operations, Product, Technology, Testing, and Risk.
- Exposure to process governance, audit remediation, or internal control environments.
go to method of application »
Description
- The Application Security Engineer is responsible for improving and embedding security throughout the software development lifecycle across Investec's engineering environments. The role focuses on secure software development practices, application security tooling, DevSecOps integration, and engineering enablement to reduce security risk while supporting modern software delivery.
- The role works closely with software engineering teams, platform teams, and security stakeholders to implement scalable application security controls, improve developer security practices, and enhance visibility into software supply chain and application risk.
Key Responsibilities
Application Security Engineering
- Partner with engineering teams to embed security into software design, development, testing, and deployment processes.
- Provide practical security guidance and support across modern application architectures and development frameworks.
- Assist teams in identifying and remediating application security vulnerabilities and weaknesses.
- Promote secure-by-default engineering practices across the software development lifecycle.
Secure Development and Code Review
- Support secure coding practices across primarily .NET and TypeScript environments, with exposure to Python and Java ecosystems.
- Review application architectures, code patterns, and integrations for security risks and weaknesses.
- Assist development teams with remediation guidance and secure implementation approaches.
- Develop and maintain secure coding standards, patterns, and reusable guidance.
Application Security Tooling and DevSecOps
- Implement, maintain, and optimise application security tooling across CI/CD pipelines and engineering workflows.
- Manage and support tooling including:
- Static Application Security Testing (SAST)
- Software Composition Analysis (SCA)
- Secrets detection and scanning
- Software supply chain security controls
- Support integration of security tooling into build and deployment processes to enable automated security validation.
- Work closely with platform and engineering teams to improve developer experience and reduce friction in security adoption.
Software Supply Chain and Vulnerability Management
- Assist with management and interpretation of software security findings including vulnerabilities, dependency risks, and exposure trends.
- Maintain familiarity with industry standards and terminology including:
- CWE (Common Weakness Enumeration)
- CVE (Common Vulnerabilities and Exposures)
- SBOM (Software Bill of Materials)
- Support prioritisation and remediation of application and dependency vulnerabilities.
- Contribute to improving software supply chain visibility and governance.
Infrastructure as Code (IaC) and Cloud-Native Security
- Support secure Infrastructure-as-Code practices with a strong focus on Bicep and cloud-native deployment models.
- Review and improve security controls within application deployment templates and infrastructure definitions.
- Collaborate with cloud and platform engineering teams to improve secure deployment standards and patterns.
- Promote DevSecOps practices across application and infrastructure delivery pipelines.
Security Enablement and Collaboration
- Work closely with developers, architects, and platform teams to improve security maturity across engineering environments.
- Assist with application security awareness, guidance, and developer enablement initiatives.
- Contribute to security standards, engineering patterns, and operational processes.
- Support investigation and response activities related to application security findings and incidents.
Qualifications, Experience and Skills
- Bachelor's degree in Computer Science, Information Technology, Engineering, or related discipline (or equivalent practical experience)
Relevant Certifications (desirable)
- CSSLP, GWAPT, GWEB, OSWE, or equivalent application security certifications
- Microsoft Azure certifications advantageous
- Secure software development or DevSecOps related certifications beneficial
Technical Skills and Experience
- Strong understanding of modern application security principles and secure software development practices.
- Hands-on experience with .NET and TypeScript application ecosystems.
- Working knowledge of Python and Java environments advantageous.
- Familiarity with scripting and automation using PowerShell, Bash, or similar technologies.
- Experience implementing and managing application security tooling including SAST and SCA solutions.
- Strong understanding of software supply chain security concepts including SBOMs, dependency management, and vulnerability management.
- Familiarity with common application security weaknesses and frameworks including OWASP Top 10 and CWE classifications.
- Experience with CI/CD concepts and DevSecOps integration patterns.
- Strong Infrastructure-as-Code knowledge with experience in Bicep desirable.
Behavioural Attributes
- Pragmatic and engineering-focused mindset
- Strong analytical and problem-solving capability
- Collaborative and developer-friendly approach
- Ability to communicate complex technical concepts clearly
- Self-driven with strong ownership and continuous improvement mindset
Method of Application
Use the link(s) below to apply on company website.
Build your CV for free. Download in different templates.