Senior Secure by Design Specialist ( Re-Advertisement)

Role purpose:

Reporting to the EHOD Cyber Security and working closely with the Secure by Design Manager, the successful candidate will lend support in ensuring all new and existing systems, products, services comply with Safaricom’s security policies & standards and other industry best practices e.g. ISO27001, CIS, Internal Cyber Security Baseline standards etc. The candidate will also provide timely security assurance reports and advice to the business when required even with very tight timelines.

Key accountabilities and decision ownership:

·         Conduct periodic security reviews, vulnerability assessments & penetration tests across all of Safaricom’s systems/infrastructure

·         Ensure all new and existing systems/products/services comply with Company’s security policies & standards and other industry best practices e.g. ISO27001, CIS and Ethiopia Data Protection Laws

·         Provide timely and quality security assurance reports and advice to the business when required even with very tight deadlines

·         Do regular follow ups with system custodians/owners to ensure any security risks identified are addressed within the agreed timelines

·         Define Cyber Security metrics and report periodically on security compliance across all networks/systems

·         Research on new threats/technologies/vulnerabilities/security design principles etc.

·         Working knowledge of Virtualization & Microservices technologies e.g. VMware, Open shift, Kubernetes, Docker etc will be an added advantage                           

·         Working knowledge and experience in DevSecOps technologies and practices i.e. Jenkins, Jira, Github, Gitlab etc will be an added advantage

Core competencies, knowledge and experience:

Business Competencies:

·         Minimum of 7 years of work experience and 5 years of relevant experience in information security/cybersecurity

·         Strong analytical and organizational skills.

·         Experience with securing various environments preferred.

·         Experience in working across security frameworks.

·         Experience in working across security technologies.

·         In depth understanding of the role of Information Security in network and system security.

·         Proven experience based on ability to design and develop security architectures for complex multi-component systems.

·         Demonstrated experience in developing conceptual, logical and physical IT security architecture deliverables.

·         Possess very good knowledge of technological advances within the information security area

Must have technical / professional qualifications:

• Degree in Information Security/Computer Forensics/Computer Science/Information Technology or other relevant Technical Degree


• Information security certifications e.g. CEH/CISSP/CISM/CISA/GIAC/CPTP/OSCP


• Advanced Networking certifications: CCNA/CCNP/CCSP/CCIE are also preferred


• Certifications in Microsoft Windows and Linux/Unix Operating Systems


• Demonstrate competency in the use and administration of ethical hacking tools e.g. KALI Linux, Metasploit, Nexpose, Nessus, Nmap, BurpSuite etc…


• Minimum of 5 years’ working experience in Information Systems Security – e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, ICT Audits, Pre-and-Post Implementation System Reviews etc…


• Minimum of 3 years’ working experience in Networking and Operating Systems e.g.  Cisco, Huawei, Windows (All), Unix, Linux etc

How To Apply

If you feel that you are up to the challenge and possess the necessary qualification and experience, kindly proceed to update your candidate profile on the career portal and then Click on the apply button. Remember to attach your resume.

The closing date for receiving applications is October 31,2024