0 Information Security jobs in Kenya

Job Role: Information Security Engineer

Exp Required: Atleast 3+ Years of relevant work experience as Information Security engineer

Job type: Full time - Permanent

Job Location: Nairobi, Kenya

***KINDLY DO NOT APPLY IF YOU HAVE LESS THAN 3+ YEARS OF RELEVANT WORK EXPERIENCE IN INFORMATION SECURITY ENGINEER ROLE ***

***KINDLY DO NOT APPLY IF YOU ARE A NON KENYAN CITIZEN***ONLY KENYA CITIZENS WILL BE PREFERRED/CONSIDERED***

Job Summary:

Roles and responsibilities:

Security Architecture & Design

Develop, document, and maintain the enterprise security architecture, ensuring alignment with business goals and IT strategy.

Design security controlsand solutions for infrastructure, applications, networks, and cloud environments.

Evaluate new technologies and recommend secure integration into existing systems.

Implementation & Operations

Configure, deploy, and maintain securitytools (e.g., firewalls, IDS/IPS, SIEM, endpoint protection, vulnerability management).

Lead security configurations for servers, databases, applications, and network devices. Conduct regular vulnerability assessments, penetration testing, and remediation activities.

Governance, Risk, and Compliance

Assist in the development and enforcement of IT security policies, standards, and procedures.

Ensure compliance with applicable regulatory requirements (e.g., GDPR, PCI DSS, ISO 27001, Data Protection Act).

Support risk assessments and the creationof mitigation plans. Prepares the Governance, Risk, and Compliance reports

Incident Response & Monitoring

Act as a key technicallead in the detection, response, and recovery from security incidents.

Maintain and improvethe incident responseplaybook in collaboration with the outsourced CISO.

Conduct post-incident analysis to strengthen defences.

Collaboration & Reporting

Work closely with the outsourced CISO to align on security strategy and initiatives. Provide security status updates, risk assessments, and recommendations to the CIO. Partner with IT operations, development teams, and business units to embed security in all projects.

Qualifications:

• Bachelor's degreein Computer Science,Information Technology, Cybersecurity, or related field. Security certifications preferred (e.g., CISSP, CISM, CEH, CompTIA Security+, CCSP).
• Atleast 3+ years of relevant work experience as information security roles, with strong exposure to security architecture or engineering.
• Hands-on experience with security technologies (firewalls, SIEM, endpoint security, vulnerability scanners).
• Knowledge of cloud security (AWS, Azu1'e), network security, and application security best practices.
• Proven track record of working within a governance and compliance framework. Skills:
• Strong analytical, problem-solving, and troubleshooting skills. Excellent communication and documentation abilities.
• Ability to work independently and collaboratively in a hybrid oversight model.
• Technical depth in cybersecurity tools and architecture design.
• Strong understanding of IT infrastructure and software development lifecycle. Risk-based decision-making.
• Business acumen with the ability to balance security with operational needs.
• Strong communication skills
• We are looking for people who can join immediately to 30 days of notice period

Technical Skills Required: (Mandatory)

• Atleast 3+ years of relevant work experience in information security, with strong exposure to security architecture or engineering.
• Atleast 3+ Years of relevant work experience in information security roles with strong exposure to security architecture or engineering.
• Atleast 3+ Years of relevant work experience with security technologies (firewalls, SIEM, endpoint security, vulnerability scanners).
• Knowledge of cloud security (AWS, Azure), network security, and application security best practices.
• Technical depth in cybersecurity tools and architecture design.
• Strong understanding of IT infrastructure and software development lifecycle

Note:

This is a permanent full time role

Interested candidates can share your updated resume to with the below details

Name -

Tot Exp -

Rel years of wok exp as Internet Security Engineer (IT) -

Rel years of work exp in Information Security Engineering -

Rel years of work exp in Information security -

Rel years of work exp in security architecture or engineering -

Rel years of work exp in security technologies (firewalls, SIEM, endpoint security, vulnerability scanners) -

Rel years of work exp in cloud security (AWS, Azure) -

Rel years of work exp in network security -

Rel years of work exp in application security -

Rel years of work exp in cybersecurity tools -

Rel years of work exp in IT infrastructure-

Rel years of work exp in software development lifecycle -

Rel years of work exp in architecture design -

Notice period (in days) -

Current location -

Mob No -

Email id -

Current salary (in per month Kenyan Shillings) -

Expected salary ECTC (In per month Kenyan Shillings) -

Any offers on hand -

Certification if any -

Reason for leaving or job change -

Nationality -

Kenya ID No/PR ID No -

Date of Birth -

WHY INDSAFRI:

We believe anything is possible We humans have the potential to create and build anything we can imagine. we have walked the entire planet, climbed the greatest mountains, sailed once infinite oceans, inspired by birds we decided to fly, in our once impossible quest for space, now we even float in the outer space. Everything started with a simple belief that something is possible, from simple beginnings, we have come a long way, to building technology that is indistinguishable from magic. And we believe that technology is at its best when it can make people smile. If we do it with all our passion & intelligence, together nothing is impossible. How do we do it? In the future, every business will be a technology company, & the future is now. From food to finance every business is rapidly transforming & embracing cutting-edge technology at its core & good humanistic design at its heart. Indsafri can transform your business for growth, as we have done for numerous organizations big and small, by working as your trusted technology partner and bringing our deep industry experience. If you have a challenging business problem we believe there is always a solution, with the right process, talents & technology anything is possible. The Impact we create: We work with some of the Best Organizations around the world, with a distributed global network of Partners & Talents, using state-of-the-art cutting-edge Technology & High-end Human-Centered Design.

Website

• Monitor and analyze global threat intelligence feeds, identifying emerging threats, vulnerabilities, and attack vectors.
• Develop and maintain comprehensive threat intelligence reports, providing actionable insights to security operations and incident response teams.
• Conduct in-depth research on threat actors, their tactics, techniques, and procedures (TTPs).
• Utilize various security tools and platforms (SIEM, EDR, TIP) to detect and analyze malicious activity.
• Develop and implement threat hunting strategies to proactively identify and neutralize threats within the network.
• Create and refine security alerts and detection rules based on threat intelligence findings.
• Collaborate with incident response teams to provide context and support during security incidents.
• Contribute to the development and improvement of security policies, procedures, and standards.
• Stay current with the latest cybersecurity trends, threats, and technologies.
• Present findings and recommendations to technical and non-technical stakeholders.
• Mentor junior security analysts and share knowledge across the team.

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Minimum of 7 years of experience in information security, with a strong focus on threat intelligence and analysis.
• In-depth knowledge of cybersecurity principles, attack methodologies, and threat actor TTPs.
• Proficiency with threat intelligence platforms, SIEM tools, EDR solutions, and other security technologies.
• Experience with scripting languages (e.g., Python) for automation is a plus.
• Strong analytical, research, and problem-solving skills.
• Excellent written and verbal communication skills, with the ability to produce clear and concise reports.
• Ability to work independently and manage multiple priorities effectively in a remote setting.
• Relevant security certifications such as CISSP, GIAC, or CEH are highly desirable.

• Conduct thorough penetration tests on web applications, APIs, and mobile applications to identify security vulnerabilities.
• Develop and execute comprehensive test plans, methodologies, and scripts.
• Utilize a variety of security tools and techniques to simulate attacks and exploit vulnerabilities.
• Perform security code reviews and analyze application architecture for potential security flaws.
• Document findings meticulously, including the severity of vulnerabilities, potential impact, and detailed remediation recommendations.
• Communicate technical findings effectively to both technical and non-technical audiences through written reports and presentations.
• Stay abreast of the latest application security threats, vulnerabilities, and testing techniques.
• Collaborate with development teams to advise on secure coding practices and assist in the remediation process.
• Contribute to the continuous improvement of the penetration testing program and methodologies.
• Mentor junior penetration testers and share knowledge across the security team.
• Maintain ethical standards and confidentiality in all testing activities.

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• Minimum of 7 years of experience in application security penetration testing.
• Proven expertise in identifying and exploiting common web application vulnerabilities (e.g., OWASP Top 10).
• Proficiency with penetration testing tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, and others.
• Strong understanding of application security principles, secure coding practices, and common development frameworks.
• Experience with API security testing and mobile application security assessments.
• Excellent analytical, problem-solving, and reporting skills.
• Ability to work independently, manage time effectively, and meet project deadlines in a remote environment.
• Relevant security certifications such as OSCP, CEH (with AppSec focus), or GWAPT are highly desirable.

• Design, develop, and maintain secure enterprise-level architectures for networks, applications, and cloud environments.
• Develop and enforce security policies, standards, and best practices across the organization.
• Conduct comprehensive security risk assessments, vulnerability analyses, and penetration testing.
• Evaluate and recommend security technologies, tools, and services to enhance the organization's security posture.
• Develop security roadmaps and strategic plans to address current and future threats.
• Collaborate with IT and business teams to integrate security considerations into the system development lifecycle (SDLC) and project planning.
• Lead incident response planning and contribute to incident management activities.
• Provide expert guidance on data protection, privacy regulations (e.g., GDPR, CCPA), and compliance frameworks.
• Mentor junior security professionals and contribute to the development of a strong security culture.
• Stay current with the latest cybersecurity threats, trends, and mitigation strategies.
• Develop and deliver security awareness training programs.

• Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Minimum of 8 years of progressive experience in information security, with a strong focus on security architecture and design.
• Extensive knowledge of network security, application security, cloud security (AWS, Azure, GCP), endpoint security, and cryptography.
• Proficiency in security frameworks such as NIST, ISO 27001, and CIS Controls.
• Experience with security assessment tools and techniques.
• Relevant security certifications such as CISSP, CISM, or SANS GIAC certifications are highly desirable.
• Excellent analytical, problem-solving, and strategic thinking skills.
• Superior communication and presentation skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
• Proven ability to work independently and lead projects in a remote environment.
• Experience in threat modeling and risk management.

• Monitor security alerts and logs to detect and respond to potential security threats and incidents.
• Conduct regular vulnerability assessments and penetration testing on systems and applications.
• Develop and implement security policies, procedures, and best practices.
• Investigate security breaches and other cybersecurity incidents, performing root cause analysis.
• Recommend and implement security controls and solutions to mitigate identified risks.
• Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
• Develop and deliver security awareness training to employees.
• Manage and maintain security tools and technologies (e.g., firewalls, intrusion detection systems).
• Collaborate with IT teams to ensure secure system configurations and network architecture.
• Document security procedures, incident response plans, and system configurations.

• Bachelor's degree in Information Security, Computer Science, or a related field. Relevant certifications (e.g., CISSP, CompTIA Security+) are highly valued.
• Minimum of 4 years of experience in information security, cybersecurity, or a related role.
• Strong understanding of network security, system security, cryptography, and risk management.
• Experience with security tools such as SIEM, IDS/IPS, firewalls, and endpoint security solutions.
• Proficiency in analyzing security logs and identifying suspicious activity.
• Excellent problem-solving and analytical skills.
• Strong written and verbal communication skills, with the ability to explain technical concepts clearly.
• Ability to work independently and manage time effectively in a remote environment.
• Knowledge of security frameworks and compliance standards (e.g., ISO 27001, NIST).

• Design, implement, and manage advanced information security systems and solutions to protect organizational assets from cyber threats.
• Develop and maintain the company's information security strategy, policies, and procedures.
• Conduct comprehensive risk assessments and vulnerability analyses, identifying potential security weaknesses.
• Lead incident response efforts, including investigation, containment, eradication, and recovery from security breaches.
• Evaluate and implement security technologies such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint protection.
• Develop and deliver security awareness training programs to employees.
• Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, GDPR).
• Collaborate with IT and other departments to integrate security into all aspects of system design and development.
• Stay abreast of the latest cybersecurity threats, vulnerabilities, and mitigation techniques.
• Provide expert guidance and mentorship to junior security engineers and IT staff.
• Manage relationships with security vendors and service providers.
• Develop and execute security architecture reviews and penetration testing programs.

• Master's degree in Computer Science, Information Security, or a related field.
• Minimum of 8 years of progressive experience in information security engineering and management.
• In-depth knowledge of network security, application security, cloud security, and cryptography.
• Proven experience in designing and implementing robust security architectures.
• Hands-on experience with various security tools and technologies (e.g., SIEM, EDR, vulnerability scanners).
• Strong understanding of incident response procedures and forensic analysis.
• Excellent analytical, problem-solving, and critical thinking skills.
• Exceptional communication and leadership abilities.
• Ability to work independently and manage complex projects in a remote setting.
• Relevant security certifications such as CISSP, CISM, OSCP are highly preferred.
• Experience in the Information Security sector is paramount.

• Monitor and analyze security alerts from various security tools (SIEM, IDS/IPS, EDR).
• Identify, investigate, and respond to security incidents and breaches.
• Conduct vulnerability assessments, penetration testing, and security audits.
• Develop, implement, and maintain security policies, procedures, and standards.
• Recommend and implement security enhancements and controls.
• Manage security awareness training programs for employees.
• Stay updated on the latest cybersecurity threats, vulnerabilities, and trends.
• Collaborate with IT teams to ensure secure system configurations and network infrastructure.
• Participate in security architecture reviews and provide input on new technologies.
• Assist in the development and testing of the organization's disaster recovery and business continuity plans.

• Bachelor's degree in Information Security, Computer Science, IT, or a related field.
• Minimum of 5 years of experience in information security, cybersecurity operations, or incident response.
• Strong knowledge of network security, endpoint security, cloud security, and cryptography.
• Experience with SIEM, IDS/IPS, EDR, and vulnerability management tools.
• Understanding of security frameworks such as NIST, ISO 27001, or SOC 2.
• Relevant certifications such as CISSP, CISM, CEH, or Security+ are highly desirable.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication, documentation, and reporting abilities.
• Ability to work effectively both independently and as part of a team.