126 Senior Penetration Tester Cloud Security jobs in Kenya

Our client is seeking a highly skilled and experienced Senior Penetration Tester with a specialized focus on cloud security to join their elite security team in a fully remote capacity. This critical role involves proactively identifying vulnerabilities and security weaknesses within our client's cloud infrastructure, applications, and systems. You will conduct comprehensive penetration tests, ethical hacking exercises, and security assessments to simulate real-world attacks and provide actionable recommendations for enhancing security posture. The ideal candidate will possess a deep understanding of cloud security principles (AWS, Azure, GCP), network security, application security, and various penetration testing methodologies and tools. You should have a proven track record of identifying complex vulnerabilities and demonstrating their impact. Excellent reporting skills are essential to clearly communicate findings and remediation strategies to technical and non-technical stakeholders. This is a challenging and rewarding opportunity to contribute to the robust security of our client's digital assets from a remote location. Responsibilities include:

• Conducting comprehensive penetration tests against cloud environments (AWS, Azure, GCP).
• Performing vulnerability assessments and security audits of web applications, APIs, and infrastructure.
• Simulating advanced attack scenarios to identify security flaws.
• Developing and executing exploitation techniques to demonstrate the impact of vulnerabilities.
• Analyzing security findings and providing detailed, actionable remediation recommendations.
• Writing professional and clear penetration testing reports.
• Collaborating with security and development teams to ensure vulnerabilities are addressed effectively.
• Staying current with the latest penetration testing techniques, tools, and threat landscapes.
• Contributing to the development and improvement of penetration testing methodologies and tools.
• Mentoring junior penetration testers and sharing expertise.

Qualifications: Bachelor's degree in Computer Science, Cybersecurity, or a related field; relevant industry certifications (e.g., OSCP, CEH, CISSP) are highly preferred. Minimum of 7 years of experience in penetration testing and vulnerability assessment, with a strong focus on cloud security. Hands-on experience with cloud platforms (AWS, Azure, GCP) and their security services. Proficiency in using a wide range of penetration testing tools (e.g., Metasploit, Burp Suite, Nmap). Strong understanding of network protocols, operating systems, and application security principles. Proven ability to identify and exploit complex vulnerabilities. Excellent analytical, problem-solving, and report-writing skills. Ability to work independently and manage multiple engagements effectively in a remote setting. Strong communication and interpersonal skills. This role is fully remote, supporting the security needs of our client with an operational context relevant to Mlolongo, Machakos, KE .

Our client is seeking a highly skilled and motivated Senior Penetration Tester to join their elite information security team. This is a crucial, fully remote role focused on identifying vulnerabilities in our cloud infrastructure and web applications before malicious actors can exploit them. You will conduct comprehensive security assessments, simulate real-world attacks, and provide actionable recommendations to strengthen our security posture. The ideal candidate possesses a deep understanding of common attack vectors, security tools, and a passion for uncovering complex security flaws across diverse technological environments.

Responsibilities:

• Conduct in-depth penetration tests against web applications, APIs, cloud environments (AWS, Azure, GCP), and internal/external networks.
• Perform vulnerability assessments and exploit findings to demonstrate potential impact.
• Develop and maintain custom scripts, tools, and techniques to aid in penetration testing activities.
• Analyze test results, document findings clearly and concisely, and provide practical, prioritized remediation recommendations.
• Collaborate with development and operations teams to ensure security best practices are implemented throughout the software development lifecycle (SDLC).
• Stay current with the latest security threats, vulnerabilities, and exploitation techniques.
• Participate in security architecture reviews and provide input on secure design principles.
• Mentor junior penetration testers and contribute to the continuous improvement of the security testing program.
• Prepare detailed reports summarizing testing methodologies, findings, and remediation strategies for both technical and executive audiences.
• Respond to and investigate security incidents as needed.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Minimum of 5 years of experience in professional penetration testing and vulnerability assessment.
• Demonstrated expertise in testing cloud infrastructure (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Proficiency in testing web applications, including understanding of OWASP Top 10 vulnerabilities and exploitation techniques.
• Experience with common penetration testing tools such as Burp Suite, Metasploit, Nmap, and Wireshark.
• Strong understanding of networking protocols, operating systems (Windows, Linux), and security concepts.
• Excellent analytical, problem-solving, and reporting skills.
• Relevant security certifications such as OSCP, CISSP, CEH, or GIAC certifications are highly desirable.
• Ability to work independently and manage time effectively in a fully remote work environment.
• Strong communication skills, with the ability to clearly articulate complex technical issues to diverse audiences.
• Experience with scripting languages (Python, Bash) for automation is a plus.

Join our dedicated security team and make a tangible difference in protecting our organization from evolving cyber threats. This fully remote role offers significant professional growth and the opportunity to work on challenging security projects.

Introduction:

Amref Health Africa, on behalf of the Kenya Ministry of Health, State Department for Public Health and Professional Standards, invites proposals from eligible candidates for consultancy to conduct Kenya's Climate Change and Health Vulnerability and Adaptation Assessment (CHVA).

Background and Context:

Climate change is significantly increasing health risks in Kenya, amplifying existing challenges and threatening Universal Health Coverage (UHC). The country faces a rise in vector- and waterborne diseases (like malaria, dengue, and cholera due to increased vector suitability, higher temperatures, rainfall changes, and impacts on water quality). Extreme weather events (flash floods and prolonged droughts) further worsen water and air quality (leading to respiratory issues) and increase cases of heat-related illness, food insecurity, mental health challenges, injuries, and deaths. These impacts disproportionately affect vulnerable groups (children, women, and the elderly in poor rural areas). Kenya's already strained health system is ill-equipped to handle this growing demand, making proactive intervention critical.

Kenya's commitment under the COP26 Health Programme includes conducting a Climate Change and Health Vulnerability and Adaptation Assessment, which is to inform the country's first Health National Adaptation Plan (HNAP). This RfP therefore aims to support Kenya's Ministry of Health to complete a comprehensive Climate Change and Health Vulnerability and Adaptation Assessment (CHVA).

Expected profiles of the eligible entities:

The applicants should demonstrate the following;

• Proven Experience: Minimum 7–10 years in conducting public health consultancies in the areas of HIA, ESIAs, climate health modelling, preferably with climate health projects financed by the Dutch government, World Health Organization, World Bank, IFC, UNICEF or other multilateral institutions.
• Proven track record of completing public health and climate health consultancies, with particular focus in assessing public health impacts and developing health impact assessment and management plans and climate change vulnerability and adaptation assessments in low- and middle-income countries, particularly in sub-Saharan Africa.
• Experience with projects funded by international financial institutions, such as the World Bank, World Health Organization, Global Fund and familiarity with the WHO's guide on climate vulnerability and adaptation assessments and the World Bank's Environmental and Social Framework (ESF), among other global best frameworks.
• Regulatory Compliance: Familiarity with: World Bank ESF (ESS1-ESS10), WHO climate change and health vulnerability Assessment Guidelines.
• Kenyan health, environmental and climate change laws (e.g., Public Health Act, Health Act, Climate Change Act, County health laws).
• Technical Expertise: Consultancy team to have experience in health impact assessment, environmental health and climate change specialization.
• Knowledge of Good Best Practices in the development of health policies and undertaking of health impact assessment in the African Region.
• Stakeholder Engagement: Demonstrated ability to conduct public consultations with affected communities, government agencies, and civil society.
• Communication skills: to manage the project's visibility and media relations.
• Preferred credentials: Past Projects: Examples of completed HIA/CHVA/C-HNAP or any health project or policy impact assessment reports.

Submission of Full Proposal:

Completed proposals are to be enclosed in a plain sealed envelope(s) clearly marked with the RFP name and RFP reference number and should be addressed to the following address:

Group Financial Resources Director

Amref Health Africa in Kenya

P.O. Box ,

NAIROBI

Or be deposited at the
Amref Health Africa - Tender Box
at the
Main Reception
so as to be received on or before
Monday, October 27, 2025
, at
12:00 noon EAT.
Electronic bidding will not be permitted. Late applications will be rejected.

Interested eligible bidders are also invited to a virtual pre-tender conference on
Thursday, October 16, 2025,
at
10:00 AM (EAT)
. Register in advance for this meeting through the link below:

After registering, you will receive a confirmation email containing information about joining the meeting.

Amref reserves the right to accept or reject any or all bids and is not bound to give reasons for its decision.

Introduction:

Amref Health Africa, on behalf of the Kenya Ministry of Health, State Department for Public Health and Professional Standards, invites proposals from eligible candidates for consultancy to conduct Kenya’s Climate Change and Health Vulnerability and Adaptation Assessment (CHVA).

Background and Context:

Climate change is significantly increasing health risks in Kenya, amplifying existing challenges and threatening Universal Health Coverage (UHC). The country faces a rise in vector- and waterborne diseases (like malaria, dengue, and cholera due to increased vector suitability, higher temperatures, rainfall changes, and impacts on water quality). Extreme weather events (flash floods and prolonged droughts) further worsen water and air quality (leading to respiratory issues) and increase cases of heat-related illness, food insecurity, mental health challenges, injuries, and deaths. These impacts disproportionately affect vulnerable groups (children, women, and the elderly in poor rural areas). Kenya's already strained health system is ill-equipped to handle this growing demand, making proactive intervention critical.

Kenya's commitment under the COP26 Health Programme includes conducting a Climate Change and Health Vulnerability and Adaptation Assessment, which is to inform the country's first Health National Adaptation Plan (HNAP). This RfP therefore aims to support Kenya’s Ministry of Health to complete a comprehensive Climate Change and Health Vulnerability and Adaptation Assessment (CHVA).

Expected profiles of the eligible entities:

The applicants should demonstrate the following;





Proven Experience: Minimum 7–10 years in conducting public health consultancies in the areas of HIA, ESIAs, climate health modelling, preferably with climate health projects financed by the Dutch government, World Health Organization, World Bank, IFC, UNICEF or other multilateral institutions.

Proven track record of completing public health and climate health consultancies, with particular focus in assessing public health impacts and developing health impact assessment and management plans and climate change vulnerability and adaptation assessments in low- and middle-income countries, particularly in sub-Saharan Africa.

Experience with projects funded by international financial institutions, such as the World Bank, World Health Organization, Global Fund and familiarity with the WHO's guide on climate vulnerability and adaptation assessments and the World Bank’s Environmental and Social Framework (ESF), among other global best frameworks.

Regulatory Compliance: Familiarity with: World Bank ESF (ESS1-ESS10), WHO climate change and health vulnerability Assessment Guidelines.

Kenyan health, environmental and climate change laws (e.g., Public Health Act, Health Act, Climate Change Act, County health laws).

Technical Expertise: Consultancy team to have experience in health impact assessment, environmental health and climate change specialization.

Knowledge of Good Best Practices in the development of health policies and undertaking of health impact assessment in the African Region.

Stakeholder Engagement: Demonstrated ability to conduct public consultations with affected communities, government agencies, and civil society.

Communication skills: to manage the project’s visibility and media relations.

Preferred credentials: Past Projects: Examples of completed HIA/CHVA/C-HNAP or any health project or policy impact assessment reports.





How to apply

Interested eligible applicants may download the complete Request for Proposal document from the Amref Health Africa website at: of Full Proposal:

Completed proposals are to be enclosed in a plain sealed envelope(s) clearly marked with the RFP name and RFP reference number and should be addressed to the following address:

Group Financial Resources Director

Amref Health Africa in Kenya

P.O. Box ,

NAIROBI

Or be deposited at the Amref Health Africa - Tender Box at the Main Reception so as to be received on or before Monday, October 27, 2025, at 12:00 noon EAT. Electronic bidding will not be permitted. Late applications will be rejected.

Interested eligible bidders are also invited to a virtual pre-tender conference on Thursday, October 16, 2025, at 10:00 AM (EAT). Register in advance for this meeting through the link below:

>> registering, you will receive a confirmation email containing information about joining the meeting.

Amref reserves the right to accept or reject any or all bids and is not bound to give reasons for its decision.

Our client, a global leader in technology services, is seeking a highly skilled and experienced Senior Cloud Security Architect with deep expertise in AWS and Azure environments. This is a fully remote position, allowing you to shape the security posture of critical cloud infrastructure from anywhere. You will be responsible for designing, implementing, and maintaining robust cloud security solutions that protect our client's sensitive data and applications. This involves developing and enforcing security best practices, policies, and standards for cloud deployments. You will conduct security assessments of cloud architectures, identify vulnerabilities, and recommend appropriate mitigation strategies. Key responsibilities include designing secure network architectures, implementing identity and access management (IAM) controls, and deploying security monitoring and logging solutions. You will work closely with development and operations teams to ensure security is integrated into the CI/CD pipeline and infrastructure as code (IaC) deployments. Experience with security automation tools, threat detection, and incident response planning in cloud environments is essential. You will also be responsible for ensuring compliance with relevant industry regulations and standards (e.g., ISO 27001, SOC 2, GDPR). Staying ahead of emerging cloud security threats and vulnerabilities and proactively adapting security measures is a core requirement. The ideal candidate will possess a Bachelor's degree in Computer Science, Information Security, or a related field, with relevant cloud security certifications (e.g., AWS Certified Security - Specialty, Microsoft Certified: Azure Security Engineer Associate). A minimum of 7 years of experience in information security, with at least 5 years focused on cloud security architecture and implementation, is required. Proven expertise in securing AWS and/or Azure environments, including services like VPC, IAM, Security Groups, KMS, Azure AD, Azure Security Center, is mandatory. Strong knowledge of scripting languages (e.g., Python, PowerShell) for automation and experience with container security (Docker, Kubernetes) are highly desirable. Excellent analytical, problem-solving, and communication skills are critical. If you are a visionary security leader passionate about building secure cloud platforms and prefer a remote working arrangement, we encourage you to apply. Our client offers a stimulating and collaborative work environment.

Our client is seeking a seasoned Information Security Manager to oversee their cloud security initiatives in **Ruiru, Kiambu, KE**. This is a critical on-site role responsible for developing, implementing, and managing comprehensive security strategies for our cloud environments. You will lead a team of security professionals, ensuring the confidentiality, integrity, and availability of our data and systems hosted on various cloud platforms. Responsibilities include designing and implementing cloud security architectures, establishing robust security policies and procedures, and conducting regular risk assessments and penetration tests. You will be instrumental in managing cloud security configurations, access controls, and compliance requirements, ensuring adherence to relevant regulations and industry best practices. This role demands a deep understanding of cloud security frameworks (e.g., AWS, Azure, GCP), security best practices for cloud-native applications, and experience with security tools such as firewalls, intrusion detection/prevention systems, and SIEM solutions. You will lead incident response efforts related to cloud security incidents, coordinate with internal and external stakeholders, and conduct post-incident analysis to prevent recurrence. Proactive threat hunting and vulnerability management within the cloud infrastructure will be a key focus. The ideal candidate will possess strong leadership capabilities, excellent communication skills, and the ability to mentor and develop a high-performing security team. You will collaborate closely with IT operations, development teams, and other business units to integrate security seamlessly into all aspects of cloud operations. A strategic mindset with the ability to translate complex security challenges into actionable plans is essential. Join our client to play a pivotal role in safeguarding their digital assets in the cloud.

Key Responsibilities:

• Develop and execute cloud security strategies and roadmaps.
• Manage and mentor the cloud security team.
• Design, implement, and maintain security controls for cloud environments (AWS, Azure, GCP).
• Oversee cloud access management, identity and access management (IAM), and data loss prevention (DLP).
• Conduct regular security audits, risk assessments, and vulnerability assessments.
• Lead cloud security incident response and forensic investigations.
• Ensure compliance with relevant security standards and regulations.
• Collaborate with DevOps and engineering teams to implement DevSecOps practices.
• Stay current with emerging cloud security threats and technologies.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• Minimum of 8 years of experience in information security, with at least 4 years in a management or lead role focused on cloud security.
• Extensive knowledge of cloud security principles, best practices, and frameworks (AWS, Azure, GCP).
• Hands-on experience with cloud security tools and technologies.
• Proven experience in developing and implementing security policies and procedures.
• Strong understanding of network security, endpoint security, and application security.
• Excellent leadership, communication, and interpersonal skills.
• Relevant certifications such as CISSP, CCSP, or cloud-specific security certifications are highly desirable.

Our client is seeking a highly experienced and proactive Lead Information Security Analyst with a specialization in Cloud Security to join our entirely remote workforce. This critical role will be instrumental in safeguarding our digital assets, ensuring the confidentiality, integrity, and availability of our cloud infrastructure and sensitive data. You will be responsible for designing, implementing, and managing robust security measures across our cloud environments (AWS, Azure, GCP), conducting threat assessments, and responding to security incidents. The ideal candidate will possess a deep understanding of cloud security principles, modern threat landscapes, and best practices for securing distributed systems. This is a senior position requiring leadership qualities and the ability to mentor junior security professionals.

Responsibilities:

• Develop, implement, and maintain comprehensive cloud security policies, standards, and procedures.
• Architect and manage security controls for cloud platforms, including identity and access management (IAM), network security, data encryption, and vulnerability management.
• Conduct regular security assessments, penetration testing, and vulnerability scans to identify and remediate potential risks.
• Monitor cloud environments for security threats, anomalies, and policy violations, and respond effectively to security incidents.
• Implement and manage security solutions such as WAFs, IDS/IPS, SIEM, and DLP within cloud infrastructure.
• Collaborate with development and operations teams to ensure security is integrated into the CI/CD pipeline (DevSecOps).
• Provide expert guidance on cloud security best practices and regulatory compliance (e.g., GDPR, ISO 27001).
• Develop and deliver security awareness training to employees.
• Lead incident response efforts, including investigation, containment, eradication, and recovery.
• Mentor and guide junior security analysts, fostering a culture of continuous learning and improvement within the team.
• Stay current with emerging cloud security threats, technologies, and best practices.

This position is 100% remote, allowing you to work from any location. While the company is registered in Thika, Kiambu, KE , your physical presence in Thika is not required. You must be a self-starter with exceptional communication and problem-solving skills, capable of working independently and as part of a distributed team. Proven experience in securing large-scale cloud deployments is essential.

Our client is seeking an experienced and visionary Lead Information Security Architect specializing in Cloud Security to join their elite, fully remote cybersecurity team. This critical role will involve designing, implementing, and managing robust security architectures for our client's cloud-based infrastructure and services. You will be at the forefront of protecting sensitive data and ensuring the integrity and availability of our client's digital assets against evolving threats. Your expertise will guide the development of secure cloud solutions across various platforms and services.

Key Responsibilities:

• Develop and maintain comprehensive cloud security architectures, policies, and standards.
• Design and implement security controls for cloud environments (e.g., AWS, Azure, GCP).
• Evaluate and select appropriate security technologies and solutions for cloud deployments.
• Conduct security risk assessments and penetration testing for cloud infrastructure.
• Develop incident response plans and procedures for cloud-related security events.
• Collaborate with engineering and development teams to ensure security is integrated into the cloud application lifecycle (DevSecOps).
• Provide expert guidance on cloud security best practices, compliance, and regulatory requirements.
• Monitor cloud security posture and implement continuous security improvements.
• Lead and mentor junior security architects and analysts.
• Stay current with emerging cloud security threats and vulnerabilities.

The ideal candidate will possess a Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, along with a minimum of 8 years of experience in information security, with a strong emphasis on cloud security architecture. Proven experience designing and implementing security solutions for major cloud platforms (AWS, Azure, GCP) is essential. Relevant certifications such as CISSP, CCSP, or cloud-specific security certifications are highly desirable. Exceptional analytical, problem-solving, and communication skills are required. This role demands a self-starter capable of thriving in an autonomous, remote-first environment, working collaboratively with distributed teams. If you are a seasoned security professional passionate about securing the cloud landscape, we encourage you to apply. This role supports our operations associated with Nakuru, Nakuru, KE , but is performed entirely remotely.

Our client, a growing technology firm committed to safeguarding digital assets, is seeking a vigilant and skilled Information Security Analyst with a specialization in cloud security. This role is fully remote, allowing you to protect critical data and systems from your home office. You will be responsible for identifying, assessing, and mitigating security risks across cloud environments, implementing robust security controls, and responding to security incidents. The ideal candidate will have a strong foundation in cybersecurity principles, hands-on experience with cloud security best practices (AWS, Azure, GCP), and a deep understanding of threat detection, vulnerability management, and incident response. You should be adept at analyzing security logs, conducting risk assessments, and developing security policies and procedures. This position requires a proactive and detail-oriented professional dedicated to maintaining the confidentiality, integrity, and availability of information assets in a remote setting.

Responsibilities:

• Monitor and analyze security alerts and events from various cloud platforms and security tools.
• Conduct regular vulnerability assessments and penetration testing to identify and address security weaknesses.
• Implement and manage cloud security controls, including identity and access management (IAM), network security, and data encryption.
• Develop, maintain, and enforce information security policies, standards, and procedures.
• Respond to and investigate security incidents, performing root cause analysis and implementing remediation measures.
• Collaborate with IT and development teams to ensure security is integrated into cloud infrastructure and application designs.
• Stay abreast of the latest security threats, vulnerabilities, and industry best practices, particularly in cloud environments.
• Develop and deliver security awareness training to employees.
• Assist in maintaining compliance with relevant security regulations and standards (e.g., GDPR, ISO 27001).
• Evaluate and recommend new security technologies and solutions to enhance the organization's security posture.
• Manage security-related documentation and reporting.

Qualifications:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field. Relevant security certifications (e.g., CISSP, CompTIA Security+, CCSP) are highly desirable.
• Minimum of 5 years of experience in information security, with a significant focus on cloud security.
• Hands-on experience securing major cloud platforms such as AWS, Azure, or Google Cloud.
• Proficiency in security monitoring tools, SIEM solutions, and endpoint detection and response (EDR) technologies.
• Strong understanding of network security, cryptography, and common attack vectors.
• Experience with incident response, forensics, and malware analysis is a plus.
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong communication and interpersonal skills, with the ability to explain technical security concepts to both technical and non-technical audiences.
• Ability to work independently, manage multiple priorities, and perform effectively in a fully remote work environment.
• A proactive and vigilant approach to identifying and mitigating security risks.

This is an essential role protecting digital assets from a remote location. The specified location for this role is Meru, Meru, KE , however, the work is performed entirely remotely.