Cyber Security Assurance at Safaricom Kenya

We are pleased to announce the following vacancy in the Technology Security Department within the Corporate Security Division.   In keeping with our current business needs, we are looking for a person who meets the criteria indicated below.

Reporting to the Senior Manager, Technology Security – Architecture, Design & Assurance, the position holder will support the Technology Security Assurance as required by the business.

Responsibilities

• Conduct periodic security reviews, vulnerability assessments & penetration tests across all of Safaricom’s systems/infrastructure
• Ensure all new and existing systems/products/services comply with Safaricom’s security policies & standards and other industry best practices e.g. ISO27001, PCI, GDPR etc.
• Provide timely and quality security assurance reports and advice to the business when required even with very tight deadlines
• Do regular follow ups with system custodians/owners to ensure any security risks identified are addressed within the agreed timelines
• Define technology security metrics and report periodically on security compliance across all networks/systems
• Develop a monthly scorecard for each department based on how well they are performing in terms of Technology Security compliance
• Research on new threats/technologies/vulnerabilities/security design principles etc.

Qualifications

• Minimum of 5 years’ working experience in Information Systems Security – e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, Pre-and-Post Implementation System Reviews, etc.
• Minimum of 5 years’ working experience in Networks and Operating Systems e.g.  Cisco, Windows (All), Unix, Linux etc.
• Minimum of 5 years’ working experience in programming and various Web application technologies e.g. cPanel, ModSecurity, Apache, Java, PHP, ASP, CMS, Joomla, WordPress etc. will be an added advantage
• Working knowledge of Virtualization Technologies e.g. VMware, Microsoft HyperV, etc. will be an added advantage
• Working knowledge and experience in DevOps and Microservices technologies i.e. Docker, Kubernetes, Jenkins, Gitlab/Github etc…
• Working knowledge of Mobile and GSM technologies e.g. Android, IOS, 2G, 3G, LTE, USSD etc
• Degree in Electrical Eng/Computer Science/Information Technology or other relevant technical degree
• Advanced professional information security certifications e.g. CISSP/CISM/CISA/GIAC/CEH/CPTP/OSCP are preferred
• Advanced Networking certifications: CCNA/CCNP/CCSP/CCIE are also preferred
• Certifications in Microsoft Windows and Linux/Unix Operating Systems
• Certifications in the use and administration of security tools e.g. Firewalls/IDS/Antivirus/Ethical Hacking tools
• Certifications in Virtualization Technologies e.g. VMware, HyperV, EMC, Cisco UCS