Security Engineer at PesaLink

Role Summary:

The Security Engineer will be responsible for designing, implementing, and maintaining security measures to protect IPSL’s payment infrastructure. This includes end-to-end network and application security assessments, integrating security into the software development lifecycle (DevSecOps), ensuring compliance with industry regulations (e.g., CBK Cybersecurity Guidelines, PCI DSS), and optimizing security tools for maximum eectiveness across both on-premises and cloud environments.

Key Responsibilities:
Security Architecture & Design

• Develop secure architectures for new systems and services, ensuring alignment with best practices (e.g., Zero Trust principles, micro-segmentation) and regulatory requirements.
• Design and enforce cloud security controls (AWS, Azure, GCP) to protect resources, data, and services.

Endpoint Protection Management

• Configure and manage endpoint protection solutions on all laptops and devices to prevent malware, viruses, shadow IT, and other security threats.
• Configure, monitor, and tune security tools (e.g., SIEM, EDR, WAF, IAM solutions) to ensure optimal coverage and timely threat detection.
• Evaluate emerging security technologies and make recommendations for improvements or replacements.

Secure Access Management

• Deploy and manage Zero Trust Network Access (ZTNA) controls to provide secure access to applications and data, both on-prem and cloud, following identity management models such as least privilege and role-based access.
• Implement privileged access management (PAM) solutions to enforce least privilege principles and control access to sensitive systems and resources.

 Enterprise Applications / Infrastructure

• Finetune and operate vulnerability scanning tools, interpret reports, and prioritize remediation eorts. This will include coordinating patch management activities with system owners and track remediation progress to closure.
• Perform security hardening of the Google Workspace environment, including configuration of security settings, access controls, mobile device management, and data protection measures.

. Network and Data Security

• Secure data at rest by implementing secure key management practices, encryption algorithms, and access controls to protect sensitive information. This includes implementation and management of secure key management solutions to safeguard cryptographic keys used for encryption and decryption.
• Manage security certificate lifecycle, including issuance, renewal, and revocation, to ensure the
• integrity and authenticity of digital certificates used for authentication and encryption.
• Collaborate with infrastructure teams to ensure network devices are hardened and monitored.

Secure Coding (DevSecOps):

• Collaborate with DevOps teams to integrate security practices into the software development lifecycle (DevSecOps), including secure coding practices, code review, and automated security testing.
• Perform API and application security assessments; work closely with developers to integrate secure coding practices, conduct threat modeling, and perform code reviews.
• Collaborate with cross-functional teams to integrate security requirements into software development and infrastructure deployment processes.

 Continuous Improvement

• Stay updated on the latest security trends, threats, and technologies.
• Identify and lead initiatives that enhance Pesalink’s overall security posture and resilience.

Required skills:

• In-depth knowledge and understanding of network security concepts (firewalls, routing, network segmentation)
• Proficiency in security tools and technologies (IDS/IPS, SIEM, vulnerability scanners)
• Familiarity with DevSecOps tools and processes (CI/CD pipelines, containerization, automation scripting).
• Understanding of modern application security (OWASP Top 10, API security, secure coding practices).
• Knowledge of operating systems (Windows, Linux) and scripting languages e.g., Python, Bash etc.
• Excellent communication, collaboration, and documentation skills for cross-functional teamwork.

Qualifications & Experience:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 5+ years of experience in cybersecurity, preferably within payments, fintech, or financial services.
• Practical experience integrating security tools (SIEM, IDS/IPS, EDR) and frameworks (PCI DSS, ISO 27001, NIST).
• Expertise in security assessments, vulnerability management, and DevSecOps.
• Hands-on experience with cloud security (AWS, GCP or Azure).
• Strong knowledge of security tools (SIEM, IDS/IPS, EDR, WAF, IAM).
• Certifications such as CISSP, CEH, CISM, or OSCP are a plus.
• Knowledge of Kenyan regulatory requirements (CBK Cybersecurity Guidelines) and Data Protection Laws is highly advantageous.