0 Information Security jobs in Kenya
Information System Auditor
Posted today
Job Viewed
Job Description
As a market leader, we are dedicated towards creating and achieving excellence through our people. Together, we share a common set of values rooted in integrity, excellence and a strong team ethic. We provide you with a superior foundation for building a professional career – a place for people to learn, to achieve and to grow. Here is one such opportunity for you to explore.
This is a high visibility role which provides the successful candidate with an opportunity to contribute to the organization's control environment and exposure to many business areas. The successful candidate will also have an ideal opportunity to be an integral part of the organization and to really make a difference.
Reporting to the Chief Internal Auditor, the Information Systems (IS) auditor is responsible for execution of internal audits covering all aspects of business processes, assessing risks on information systems, business operations and evaluating internal controls to provide an independent appraisal of internal control environment across the Group. The role holder will be responsible for the execution of complex projects in accordance with the audit plan, mainly focusing on Information Systems, Operational processes, Credit Division and Departmental audits.
The Role
Specifically, the successful jobholder will be required to:
- Conduct special audits as required, leveraging on Computer-Assisted Audit Tools (CAATs) such as, Python, ACL, and SQL Developer to efficiently extract, transform, and analyze large volumes of data
- Identify opportunities to automate audit procedures and develop scripts to enhance Robotic Process Automation (RPA) for improved efficiency and accuracy.
- Design, implement, and maintain data analytics models and scripts to support continuous auditing and monitoring activities.
- Collaborate closely with audit teams to understand specific audit requirements and translate them into effective data analytics and automation solutions
- Conduct comprehensive penetration tests on the bank's web, mobile banking, and other operational applications, networks, and ICT systems to evaluate the effectiveness of the implemented cybersecurity framework.
- Evaluate compliance with IT security policies, standards, and regulatory requirements across business units and ICT infrastructure.
- Stay up to date with emerging cyber threats, vulnerabilities, and regulatory developments in the cybersecurity landscape.
- Perform independent threat and vulnerability assessment tests and report on cyber risks and controls of the ICT systems within the bank and other related third-party connections.
- Test the adequacy and effectiveness of control measures on information systems, operational processes, credit, department operations and recommend corrective measures to be undertaken in areas of weakness.
- Utilize extensive understanding of business activities to recommend scope and objectives of assigned audits, execute audit procedures, perform detailed analyses, reach sound conclusions, and document results for assigned audit activities.
- Ensure that all instances of significant risk or lack of control are properly identified, all findings are factually based& reported, with pragmatic & balanced recommendations & reports delivered in a timely manner.
- Actively participate in discussing audit findings and recommendations with line managers of the areas under review.
- Facilitate the communication of audit results and special projects via written reports and oral presentations to management.
- Assist in the annual risk assessment process and generation of annual audit plan.
- Assist in training/mentoring staff and develop and maintain the skills, knowledge and expertise to make valuable contribution to the internal audit team.
Skills, Competencies and Experience
The successful candidate will be required to have the following skills and competencies:
- Bachelor's degree in information systems or computer science from a recognized university. Possession of an MSc or other relevant postgraduate qualifications will be an added advantage.
- Experience with intelligent technology integration, including machine learning (ML) using Python or R, AI and natural language processing (NLP) and familiarity with audit automation tools such as ACL Robotics.
- Professional certification in IT Audit, Risk and Security e.g. CISM, CISSP, CISA, CRISC
- Excellent understanding of auditing concepts and practices with a minimum of 3 years' experience in management role in IT and operations or IT and operation audit.
- Skilled in project management and maintaining composure under pressure while meeting multiple deadlines.
- Demonstrable knowledge in risk assessment and control concepts/methodologies.
- Skilled in negotiation and conflict management to resolve problems that may arise during an audit.
- Excellent oral and written skills; a strong verbal communicator, analytical writer and able to clearly and concisely convey personal observations of processes, risks and controls.
- Excellent analytical ability both qualitative and quantitative to draw sound conclusions coupled with demonstrated knowledge and proper application of sampling techniques.
- Excellent attention to details and organizational skills.
Senior Information Security Engineer
Posted today
Job Viewed
Job Description
Job Role: Information Security Engineer
Exp Required: Atleast 3+ Years of relevant work experience as Information Security engineer
Job type: Full time - Permanent
Job Location: Nairobi, Kenya
***KINDLY DO NOT APPLY IF YOU HAVE LESS THAN 3+ YEARS OF RELEVANT WORK EXPERIENCE IN INFORMATION SECURITY ENGINEER ROLE ***
***KINDLY DO NOT APPLY IF YOU ARE A NON KENYAN CITIZEN***ONLY KENYA CITIZENS WILL BE PREFERRED/CONSIDERED***
Job Summary:
Roles and responsibilities:
Security Architecture & Design
Develop, document, and maintain the enterprise security architecture, ensuring alignment with business goals and IT strategy.
Design security controlsand solutions for infrastructure, applications, networks, and cloud environments.
Evaluate new technologies and recommend secure integration into existing systems.
Implementation & Operations
Configure, deploy, and maintain securitytools (e.g., firewalls, IDS/IPS, SIEM, endpoint protection, vulnerability management).
Lead security configurations for servers, databases, applications, and network devices. Conduct regular vulnerability assessments, penetration testing, and remediation activities.
Governance, Risk, and Compliance
Assist in the development and enforcement of IT security policies, standards, and procedures.
Ensure compliance with applicable regulatory requirements (e.g., GDPR, PCI DSS, ISO 27001, Data Protection Act).
Support risk assessments and the creationof mitigation plans. Prepares the Governance, Risk, and Compliance reports
Incident Response & Monitoring
Act as a key technicallead in the detection, response, and recovery from security incidents.
Maintain and improvethe incident responseplaybook in collaboration with the outsourced CISO.
Conduct post-incident analysis to strengthen defences.
Collaboration & Reporting
Work closely with the outsourced CISO to align on security strategy and initiatives. Provide security status updates, risk assessments, and recommendations to the CIO. Partner with IT operations, development teams, and business units to embed security in all projects.
Qualifications:
- Bachelor's degreein Computer Science,Information Technology, Cybersecurity, or related field. Security certifications preferred (e.g., CISSP, CISM, CEH, CompTIA Security+, CCSP).
- Atleast 3+ years of relevant work experience as information security roles, with strong exposure to security architecture or engineering.
- Hands-on experience with security technologies (firewalls, SIEM, endpoint security, vulnerability scanners).
- Knowledge of cloud security (AWS, Azu1'e), network security, and application security best practices.
- Proven track record of working within a governance and compliance framework. Skills:
- Strong analytical, problem-solving, and troubleshooting skills. Excellent communication and documentation abilities.
- Ability to work independently and collaboratively in a hybrid oversight model.
- Technical depth in cybersecurity tools and architecture design.
- Strong understanding of IT infrastructure and software development lifecycle. Risk-based decision-making.
- Business acumen with the ability to balance security with operational needs.
- Strong communication skills
- We are looking for people who can join immediately to 30 days of notice period
Technical Skills Required: (Mandatory)
- Atleast 3+ years of relevant work experience in information security, with strong exposure to security architecture or engineering.
- Atleast 3+ Years of relevant work experience in information security roles with strong exposure to security architecture or engineering.
- Atleast 3+ Years of relevant work experience with security technologies (firewalls, SIEM, endpoint security, vulnerability scanners).
- Knowledge of cloud security (AWS, Azure), network security, and application security best practices.
- Technical depth in cybersecurity tools and architecture design.
- Strong understanding of IT infrastructure and software development lifecycle
Note:
This is a permanent full time role
Interested candidates can share your updated resume to with the below details
Name -
Tot Exp -
Rel years of wok exp as Internet Security Engineer (IT) -
Rel years of work exp in Information Security Engineering -
Rel years of work exp in Information security -
Rel years of work exp in security architecture or engineering -
Rel years of work exp in security technologies (firewalls, SIEM, endpoint security, vulnerability scanners) -
Rel years of work exp in cloud security (AWS, Azure) -
Rel years of work exp in network security -
Rel years of work exp in application security -
Rel years of work exp in cybersecurity tools -
Rel years of work exp in IT infrastructure-
Rel years of work exp in software development lifecycle -
Rel years of work exp in architecture design -
Notice period (in days) -
Current location -
Mob No -
Email id -
Current salary (in per month Kenyan Shillings) -
Expected salary ECTC (In per month Kenyan Shillings) -
Any offers on hand -
Certification if any -
Reason for leaving or job change -
Nationality -
Kenya ID No/PR ID No -
Date of Birth -
WHY INDSAFRI:
We believe anything is possible We humans have the potential to create and build anything we can imagine. we have walked the entire planet, climbed the greatest mountains, sailed once infinite oceans, inspired by birds we decided to fly, in our once impossible quest for space, now we even float in the outer space. Everything started with a simple belief that something is possible, from simple beginnings, we have come a long way, to building technology that is indistinguishable from magic. And we believe that technology is at its best when it can make people smile. If we do it with all our passion & intelligence, together nothing is impossible. How do we do it? In the future, every business will be a technology company, & the future is now. From food to finance every business is rapidly transforming & embracing cutting-edge technology at its core & good humanistic design at its heart. Indsafri can transform your business for growth, as we have done for numerous organizations big and small, by working as your trusted technology partner and bringing our deep industry experience. If you have a challenging business problem we believe there is always a solution, with the right process, talents & technology anything is possible. The Impact we create: We work with some of the Best Organizations around the world, with a distributed global network of Partners & Talents, using state-of-the-art cutting-edge Technology & High-end Human-Centered Design.
Website
ICITAP Digital Forensic Advisor - Kenya

Posted 6 days ago
Job Viewed
Job Description
Amentum is supporting the U.S. Department of Justice (DOJ) in providing specialized training, advisory and mentoring services to host nations under the Criminal Division's International Criminal Investigative Training and Assistance Program (ICITAP). is a cornerstone of America's global strategy for combating transnational crime, terrorism, countering trafficking in persons, establishing rule of law and enhancing human rights in developing countries. Amentum is the contract service provider to the DOJ ICITAP and Overseas Prosecutorial Development, Assistance and Training (OPDAT) programs.
**Please Note: This is an Independent Contractor position with Amentum, it should not be considered an employment relationship with Amentum.**
**POSITION SUMMARY:**
Amentum is currently seeking a qualified candidate to serve as Digital Forensic Advisor in Nairobi, Kenya. This position will be responsible for mentoring host-country experts on training, techniques and procedures in the area of digital forensics
**JOB DUTIES AND RESPONSIBILITIES:**
The Forensic Digital Evidence Advisor is the principal subject matter expert in mobile digital and computer evidentiary analysis. The advisor mentors host-country experts on training, techniques and procedures used in the collection, preservation, examination, analysis, and court production of digital evidence with an emphasis on ISO/IEC 17020 and/or 17025 accreditation requirements. The advisor will mentor host-country experts on understanding operating systems such as Windows, Macintosh, Linux or UNIX, and DOS and conducting examinations on compromised computers and servers. The advisor will train on information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems, such as Exchange; Microsoft Office applications; intrusion tools; and computer forensic tools. The advisor may be required to conduct advanced training related to conducting security assessments, penetration testing, link analysis, and ethical hacking. The advisor will also advise host country officials on the use, calibration, maintenance and testing of equipment associated with digital or computer analysis (such as EnCase, Access Data, Cellebrite, and FTK) as well as best practices for digital or computer evidence exploitation, database, analysis reports and chain of custody records management. The advisor will also work with various US officials from Departments of State (DoS) and Justice (DOJ). Duties also include facilitating meetings; leading working groups; developing reports and specialized papers; reviewing and editing policies; and conducting briefings.
**REQUIRED SKILLS AND QUALIFICATIONS:**
(Superior experience in critical areas may be substituted for other areas at DOJ discretion)
+ Minimum of 10 years of criminal justice experience progressively increasing responsibilities involving complex cases;
+ Minimum of 5 years of related digital evidence/cybercrime experience;
+ Bachelor's degree from a US Department of Education recognized institution;
+ Ability to obtain and maintain a Public Trust certification from the U.S. DOJ.
**DESIRED QUALIFICATIONS:**
+ Certified Computer Forensic Examiner (CCFE) through the Information Assurance Certification Review Board (IACRB), or equivalent;
+ Experience supervising or managing digital evidence activities;
+ Demonstrated experience in QA/QC inspections and validation for forensic facilities or working in an ISO 17025 or 17020 accredited facility;
+ Continuing education demonstrated through publications, presentations, coursework, internships, or certifications; and,
+ Language and foreign service skills/experience;
+ Experience training or advising foreign officials;
Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters ( .
Principal Security Operations Center (SOC) Analyst
Posted 1 day ago
Job Viewed
Job Description
Key responsibilities include leading the analysis of security alerts generated by SIEM, IDS/IPS, EDR, and other security tools. You will perform forensic analysis of security incidents, identify root causes, and develop remediation plans. This role involves developing and refining threat detection rules, playbooks, and incident response procedures. You will also mentor and guide junior SOC analysts, conduct threat hunting exercises, and stay abreast of the latest cybersecurity threats, vulnerabilities, and mitigation strategies. Collaboration with IT infrastructure, application development, and compliance teams is essential to ensure a holistic approach to security. Experience in creating detailed incident reports and presenting findings to senior management is required.
The ideal candidate will possess a Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related field, with a minimum of 7 years of experience in security operations, incident response, or threat intelligence. Extensive experience with SIEM platforms (e.g., Splunk, QRadar, Azure Sentinel), EDR solutions, and network security monitoring tools is mandatory. Certifications such as CISSP, GSEC, GCIA, or equivalent are highly desirable. Proven experience in digital forensics, malware analysis, and advanced persistent threat (APT) investigation techniques is required. Strong scripting skills (e.g., Python, PowerShell) for automation and analysis are a significant advantage. Excellent analytical, problem-solving, and communication skills are essential for this leadership role in a remote setting. This position allows you to make a significant impact from Nairobi, Nairobi, KE .
Remote Senior Information Security Analyst - Threat Intelligence
Posted 1 day ago
Job Viewed
Job Description
Responsibilities:
- Monitor and analyze global threat intelligence feeds, identifying emerging threats, vulnerabilities, and attack vectors.
- Develop and maintain comprehensive threat intelligence reports, providing actionable insights to security operations and incident response teams.
- Conduct in-depth research on threat actors, their tactics, techniques, and procedures (TTPs).
- Utilize various security tools and platforms (SIEM, EDR, TIP) to detect and analyze malicious activity.
- Develop and implement threat hunting strategies to proactively identify and neutralize threats within the network.
- Create and refine security alerts and detection rules based on threat intelligence findings.
- Collaborate with incident response teams to provide context and support during security incidents.
- Contribute to the development and improvement of security policies, procedures, and standards.
- Stay current with the latest cybersecurity trends, threats, and technologies.
- Present findings and recommendations to technical and non-technical stakeholders.
- Mentor junior security analysts and share knowledge across the team.
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
- Minimum of 7 years of experience in information security, with a strong focus on threat intelligence and analysis.
- In-depth knowledge of cybersecurity principles, attack methodologies, and threat actor TTPs.
- Proficiency with threat intelligence platforms, SIEM tools, EDR solutions, and other security technologies.
- Experience with scripting languages (e.g., Python) for automation is a plus.
- Strong analytical, research, and problem-solving skills.
- Excellent written and verbal communication skills, with the ability to produce clear and concise reports.
- Ability to work independently and manage multiple priorities effectively in a remote setting.
- Relevant security certifications such as CISSP, GIAC, or CEH are highly desirable.
Remote Senior Penetration Tester - Application Security
Posted 1 day ago
Job Viewed
Job Description
Responsibilities:
- Conduct thorough penetration tests on web applications, APIs, and mobile applications to identify security vulnerabilities.
- Develop and execute comprehensive test plans, methodologies, and scripts.
- Utilize a variety of security tools and techniques to simulate attacks and exploit vulnerabilities.
- Perform security code reviews and analyze application architecture for potential security flaws.
- Document findings meticulously, including the severity of vulnerabilities, potential impact, and detailed remediation recommendations.
- Communicate technical findings effectively to both technical and non-technical audiences through written reports and presentations.
- Stay abreast of the latest application security threats, vulnerabilities, and testing techniques.
- Collaborate with development teams to advise on secure coding practices and assist in the remediation process.
- Contribute to the continuous improvement of the penetration testing program and methodologies.
- Mentor junior penetration testers and share knowledge across the security team.
- Maintain ethical standards and confidentiality in all testing activities.
- Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
- Minimum of 7 years of experience in application security penetration testing.
- Proven expertise in identifying and exploiting common web application vulnerabilities (e.g., OWASP Top 10).
- Proficiency with penetration testing tools such as Burp Suite, OWASP ZAP, Nmap, Metasploit, and others.
- Strong understanding of application security principles, secure coding practices, and common development frameworks.
- Experience with API security testing and mobile application security assessments.
- Excellent analytical, problem-solving, and reporting skills.
- Ability to work independently, manage time effectively, and meet project deadlines in a remote environment.
- Relevant security certifications such as OSCP, CEH (with AppSec focus), or GWAPT are highly desirable.
Senior Information Security Architect (Remote)
Posted 1 day ago
Job Viewed
Job Description
Key Responsibilities:
- Design, develop, and maintain secure enterprise-level architectures for networks, applications, and cloud environments.
- Develop and enforce security policies, standards, and best practices across the organization.
- Conduct comprehensive security risk assessments, vulnerability analyses, and penetration testing.
- Evaluate and recommend security technologies, tools, and services to enhance the organization's security posture.
- Develop security roadmaps and strategic plans to address current and future threats.
- Collaborate with IT and business teams to integrate security considerations into the system development lifecycle (SDLC) and project planning.
- Lead incident response planning and contribute to incident management activities.
- Provide expert guidance on data protection, privacy regulations (e.g., GDPR, CCPA), and compliance frameworks.
- Mentor junior security professionals and contribute to the development of a strong security culture.
- Stay current with the latest cybersecurity threats, trends, and mitigation strategies.
- Develop and deliver security awareness training programs.
Qualifications:
- Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field.
- Minimum of 8 years of progressive experience in information security, with a strong focus on security architecture and design.
- Extensive knowledge of network security, application security, cloud security (AWS, Azure, GCP), endpoint security, and cryptography.
- Proficiency in security frameworks such as NIST, ISO 27001, and CIS Controls.
- Experience with security assessment tools and techniques.
- Relevant security certifications such as CISSP, CISM, or SANS GIAC certifications are highly desirable.
- Excellent analytical, problem-solving, and strategic thinking skills.
- Superior communication and presentation skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
- Proven ability to work independently and lead projects in a remote environment.
- Experience in threat modeling and risk management.
Be The First To Know
About the latest Information security Jobs in Kenya !
Remote Information Security Analyst
Posted 1 day ago
Job Viewed
Job Description
Key Responsibilities:
- Monitor security alerts and logs to detect and respond to potential security threats and incidents.
- Conduct regular vulnerability assessments and penetration testing on systems and applications.
- Develop and implement security policies, procedures, and best practices.
- Investigate security breaches and other cybersecurity incidents, performing root cause analysis.
- Recommend and implement security controls and solutions to mitigate identified risks.
- Stay up-to-date with the latest cybersecurity threats, trends, and technologies.
- Develop and deliver security awareness training to employees.
- Manage and maintain security tools and technologies (e.g., firewalls, intrusion detection systems).
- Collaborate with IT teams to ensure secure system configurations and network architecture.
- Document security procedures, incident response plans, and system configurations.
- Bachelor's degree in Information Security, Computer Science, or a related field. Relevant certifications (e.g., CISSP, CompTIA Security+) are highly valued.
- Minimum of 4 years of experience in information security, cybersecurity, or a related role.
- Strong understanding of network security, system security, cryptography, and risk management.
- Experience with security tools such as SIEM, IDS/IPS, firewalls, and endpoint security solutions.
- Proficiency in analyzing security logs and identifying suspicious activity.
- Excellent problem-solving and analytical skills.
- Strong written and verbal communication skills, with the ability to explain technical concepts clearly.
- Ability to work independently and manage time effectively in a remote environment.
- Knowledge of security frameworks and compliance standards (e.g., ISO 27001, NIST).
Principal Information Security Engineer
Posted 1 day ago
Job Viewed
Job Description
Responsibilities:
- Design, implement, and manage advanced information security systems and solutions to protect organizational assets from cyber threats.
- Develop and maintain the company's information security strategy, policies, and procedures.
- Conduct comprehensive risk assessments and vulnerability analyses, identifying potential security weaknesses.
- Lead incident response efforts, including investigation, containment, eradication, and recovery from security breaches.
- Evaluate and implement security technologies such as firewalls, intrusion detection/prevention systems, SIEM, and endpoint protection.
- Develop and deliver security awareness training programs to employees.
- Ensure compliance with relevant industry regulations and standards (e.g., ISO 27001, GDPR).
- Collaborate with IT and other departments to integrate security into all aspects of system design and development.
- Stay abreast of the latest cybersecurity threats, vulnerabilities, and mitigation techniques.
- Provide expert guidance and mentorship to junior security engineers and IT staff.
- Manage relationships with security vendors and service providers.
- Develop and execute security architecture reviews and penetration testing programs.
Qualifications:
- Master's degree in Computer Science, Information Security, or a related field.
- Minimum of 8 years of progressive experience in information security engineering and management.
- In-depth knowledge of network security, application security, cloud security, and cryptography.
- Proven experience in designing and implementing robust security architectures.
- Hands-on experience with various security tools and technologies (e.g., SIEM, EDR, vulnerability scanners).
- Strong understanding of incident response procedures and forensic analysis.
- Excellent analytical, problem-solving, and critical thinking skills.
- Exceptional communication and leadership abilities.
- Ability to work independently and manage complex projects in a remote setting.
- Relevant security certifications such as CISSP, CISM, OSCP are highly preferred.
- Experience in the Information Security sector is paramount.
Senior Information Security Analyst - Remote
Posted 1 day ago
Job Viewed
Job Description
Responsibilities:
- Monitor and analyze security alerts from various security tools (SIEM, IDS/IPS, EDR).
- Identify, investigate, and respond to security incidents and breaches.
- Conduct vulnerability assessments, penetration testing, and security audits.
- Develop, implement, and maintain security policies, procedures, and standards.
- Recommend and implement security enhancements and controls.
- Manage security awareness training programs for employees.
- Stay updated on the latest cybersecurity threats, vulnerabilities, and trends.
- Collaborate with IT teams to ensure secure system configurations and network infrastructure.
- Participate in security architecture reviews and provide input on new technologies.
- Assist in the development and testing of the organization's disaster recovery and business continuity plans.
- Bachelor's degree in Information Security, Computer Science, IT, or a related field.
- Minimum of 5 years of experience in information security, cybersecurity operations, or incident response.
- Strong knowledge of network security, endpoint security, cloud security, and cryptography.
- Experience with SIEM, IDS/IPS, EDR, and vulnerability management tools.
- Understanding of security frameworks such as NIST, ISO 27001, or SOC 2.
- Relevant certifications such as CISSP, CISM, CEH, or Security+ are highly desirable.
- Excellent analytical, problem-solving, and critical thinking skills.
- Strong communication, documentation, and reporting abilities.
- Ability to work effectively both independently and as part of a team.