Principal Engineer – Network & Cloud Security at Safaricom Kenya

Responsibilities

Health and Safety

• Uphold the company code of conduct, policies and procedures, ensuring integrity and accountability in every aspect of your work.
• All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines and procedures in all actions and decisions.

Network & Cloud Security Strategy

• Define and execute a comprehensive network and cloud security strategy.
• Align strategy with enterprise Cyber Prevent roadmap and risk posture.
• Establish security architecture standards for on-premise, hybrid, and multi-cloud environments.
• Drive Zero Trust Architecture (ZTA) adoption across network and cloud ecosystems.
• Lead transformation toward software-defined and cloud-native security models.

Network Security Architecture & Protection

• Design and implement secure enterprise network architecture.

Enforce controls for: 

• Perimeter security (Next-Gen Firewalls).
• Intrusion Detection & Prevention Systems (IDS/IPS).
• Secure network segmentation and micro-segmentation.
• Protect against DDoS, lateral movement, and advanced persistent threats (APTs).
• Establish secure connectivity frameworks (VPN, ZTNA, SD-WAN security).
• Ensure secure integration across enterprise environments, partners, and third parties.

Cloud Security (Multi-Cloud & Hybrid)

• Lead security strategy across AWS, Azure, GCP, and private cloud environments.
• Implement: 
• Cloud Security Posture Management (CSPM).
• Cloud Workload Protection Platforms (CWPP).
• Cloud Infrastructure Entitlement Management (CIEM).
• Ensure secure cloud configurations, identity models, and access controls.
• Protect workloads across IaaS, PaaS, and SaaS environments.
• Drive compliance with cloud security frameworks (CIS, NIST, ISO, CSA).

Secure Cloud Architecture & DevSecOps Integration

• Embed security into cloud-native architectures and application deployment pipelines.
• Integrate security into CI/CD pipelines and DevSecOps practices.
• Enable automated security testing.
• Infrastructure as Code (IaC) scanning.
• Container image security scanning.
• Ensure secure Kubernetes and container environments.
• Promote shift-left security approach.

Zero Trust & Identity-Aware Networking

• Implement Zero Trust Network Access (ZTNA) frameworks.
• Enforce identity-based access control and authentication mechanisms.
• Ensure least privilege access across network and cloud environments.
• Integrate security with IAM and PAM systems.
• Enable continuous verification of users, devices, and workloads.

Automation & AI-Driven Security Controls
Implement AI/ML-driven threat detection and prevention mechanisms.

• Drive automation in: 
• Threat detection and response.
• Policy enforcement.
• Configuration management.
• Reduce manual overhead through security orchestration and automation (SOAR).
• Enable real-time adaptive security controls.

Threat Prevention & Network Monitoring

Establish continuous monitoring for: 

• Network traffic anomalies.
• Suspicious behavior patterns.
• Cloud activity logs.
• Integrate with SIEM/XDR platforms for centralized visibility.
• Improve detection of east-west and north-south traffic threats.
• Enable proactive threat intelligence integration.

Vulnerability Management Integration
Collaborate with vulnerability management teams for: 

• Network infrastructure vulnerabilities.
• Cloud misconfigurations.
• Ensure timely remediation of critical security gaps.
• Reduce attack surface across network and cloud assets.
• Maintain continuous risk visibility.

Third-Party & Connectivity Security

• Secure third-party network connections and integrations.
• Define and enforce vendor access security policies.
• Ensure risk visibility across external connections and partner ecosystems.

DDOS protection

• Configure, optimize and maintain Anti-DDOS systems to protect against all types of DDOS attacks.

Operational Excellence & Service Resilience

• Ensure always-on availability of network and cloud security controls.
• Optimize performance of security tools and platforms.
• Drive standardization, automation, and process maturity.
• Establish resilient and scalable security architecture.
• Continuously improve based on threat intelligence and incident learnings.

Compliance, Risk & Governance
Ensure adherence to: 

• Regulatory standards (GDPR, PCI-DSS, etc.).
• Internal security policies.
• Support risk assessments, audits, and regulatory reporting.
• Maintain compliance dashboards and metrics.
• Ensure alignment with enterprise risk management framework.

Core competencies, knowledge and experience:

Business Competencies

• Strong ability to align security with business transformation and cloud adoption.
• Stakeholder collaboration across IT, DevOps, and business teams.
• Risk-based decision-making with business impact awareness.

Functional Competencies

• Deep expertise in: 
• Network security architecture.
• Cloud security frameworks and platforms.
• Hybrid infrastructure security models.
• Strong understanding of emerging threats in cloud and network domains.

Technical Skills

• Zero Trust Architecture implementation.
• Networking technologies i.e. Firewalls, IPS, WAF, NAC.
• Container and Kubernetes security.
• Cloud technologies i.e. AWS, Azure, GCP.

Hands-on Experience:
Perimeter & Border Controls

• Next Generation Firewalls (NGFW).
• Web Application Firewalls (WAF).
• Bot Management & Account Takeover Protection (ATO).
• Intrusion Prevention Systems (IPS).
• DDoS Mitigation (Anti-DDoS).
• Network Detection and Response (NDR).
• Web & Email Security Gateways (WSG/ESG).
• API Security Gateways

Secure Access & Connectivity

• Virtual Private Networks (VPN).
• Network Access Control (NAC).
• Zero Trust Network Access (ZTNA).
• Secure Access Service Edge (SASE).

Cloud & Container Security

• Cloud Firewalls / Security Groups.
• Cloud Access Security Brokers (CASB).
• Cloud Security Posture Management (CSPM).
• Cloud-Native Application Protection Platforms (CNAPP).
• Cloud Workload Protection Platforms (CWPP).
• Container and Kubernetes Security.

Leadership Competencies

• Strong leadership in driving cross-functional initiatives.
• Ability to influence enterprise architecture decisions.
• Innovation mindset with focus on AI and automation adoption.
• Strong execution, delivery, and transformation leadership.

Qualifications

• Bachelor’s degree in Cyber Security, IT, Engineering, or related field
• 5-10+ years of experience in network and/or cloud security
• Proven experience in enterprise-scale cloud security and network protection

Certifications (preferred): 

• CISSP, CCSP, CISM
• AWS/Azure/GCP Security Certifications
• Cisco / Network Security certifications