Vacancies at PesaLink

Role Summary:

The Security Engineer will be responsible for designing, implementing, and maintaining security measures to protect IPSL’s payment infrastructure. This includes end-to-end network and application security assessments, integrating security into the software development lifecycle (DevSecOps), ensuring compliance with industry regulations (e.g., CBK Cybersecurity Guidelines, PCI DSS), and optimizing security tools for maximum eectiveness across both on-premises and cloud environments.

Key Responsibilities:
Security Architecture & Design

• Develop secure architectures for new systems and services, ensuring alignment with best practices (e.g., Zero Trust principles, micro-segmentation) and regulatory requirements.
• Design and enforce cloud security controls (AWS, Azure, GCP) to protect resources, data, and services.

Endpoint Protection Management

• Configure and manage endpoint protection solutions on all laptops and devices to prevent malware, viruses, shadow IT, and other security threats.
• Configure, monitor, and tune security tools (e.g., SIEM, EDR, WAF, IAM solutions) to ensure optimal coverage and timely threat detection.
• Evaluate emerging security technologies and make recommendations for improvements or replacements.

Secure Access Management

• Deploy and manage Zero Trust Network Access (ZTNA) controls to provide secure access to applications and data, both on-prem and cloud, following identity management models such as least privilege and role-based access.
• Implement privileged access management (PAM) solutions to enforce least privilege principles and control access to sensitive systems and resources.

 Enterprise Applications / Infrastructure

• Finetune and operate vulnerability scanning tools, interpret reports, and prioritize remediation eorts. This will include coordinating patch management activities with system owners and track remediation progress to closure.
• Perform security hardening of the Google Workspace environment, including configuration of security settings, access controls, mobile device management, and data protection measures.

. Network and Data Security

• Secure data at rest by implementing secure key management practices, encryption algorithms, and access controls to protect sensitive information. This includes implementation and management of secure key management solutions to safeguard cryptographic keys used for encryption and decryption.
• Manage security certificate lifecycle, including issuance, renewal, and revocation, to ensure the
• integrity and authenticity of digital certificates used for authentication and encryption.
• Collaborate with infrastructure teams to ensure network devices are hardened and monitored.

Secure Coding (DevSecOps):

• Collaborate with DevOps teams to integrate security practices into the software development lifecycle (DevSecOps), including secure coding practices, code review, and automated security testing.
• Perform API and application security assessments; work closely with developers to integrate secure coding practices, conduct threat modeling, and perform code reviews.
• Collaborate with cross-functional teams to integrate security requirements into software development and infrastructure deployment processes.

 Continuous Improvement

• Stay updated on the latest security trends, threats, and technologies.
• Identify and lead initiatives that enhance Pesalink’s overall security posture and resilience.

Required skills:

• In-depth knowledge and understanding of network security concepts (firewalls, routing, network segmentation)
• Proficiency in security tools and technologies (IDS/IPS, SIEM, vulnerability scanners)
• Familiarity with DevSecOps tools and processes (CI/CD pipelines, containerization, automation scripting).
• Understanding of modern application security (OWASP Top 10, API security, secure coding practices).
• Knowledge of operating systems (Windows, Linux) and scripting languages e.g., Python, Bash etc.
• Excellent communication, collaboration, and documentation skills for cross-functional teamwork.

Qualifications & Experience:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 5+ years of experience in cybersecurity, preferably within payments, fintech, or financial services.
• Practical experience integrating security tools (SIEM, IDS/IPS, EDR) and frameworks (PCI DSS, ISO 27001, NIST).
• Expertise in security assessments, vulnerability management, and DevSecOps.
• Hands-on experience with cloud security (AWS, GCP or Azure).
• Strong knowledge of security tools (SIEM, IDS/IPS, EDR, WAF, IAM).
• Certifications such as CISSP, CEH, CISM, or OSCP are a plus.
• Knowledge of Kenyan regulatory requirements (CBK Cybersecurity Guidelines) and Data Protection Laws is highly advantageous.

go to method of application »

Role Summary:

The SOC Lead Analyst serves as the primary liaison between IPSL and its SOC-as-a-Service provider. They ensure eective 24/7 security monitoring, swift incident response, and ecient threat intelligence sharing. This role is also responsible for leading Level 3 incident response, refining detection use cases, optimizing SIEM rules, and driving continuous improvements in security operations and processes.

Key Responsibilities:
SOC Operations Management

• Oversee day-to-day SOC functions, ensuring that security events are logged, triaged, analyzed, and escalated appropriately.
• Define and maintain service-level agreements (SLAs) with the SOC provider, reviewing
• monthly/quarterly performance and reporting metrics.

Incident Response & Escalation

• Serve as the first point of escalation for complex or critical security incidents, conducting in-depth investigations and coordinating containment, eradication, and recovery activities.
• Perform threat hunting, malware analysis, and forensic reviews when unusual behaviors or advanced threats are suspected.

 SIEM & Security Tools Management

• Manage, tune, and optimize the SIEM platform and other relevant security controls (IDS/IPS, endpoint security, vulnerability scanners, DLP, etc.).
• Develop and refine detection use cases, correlation rules, dashboards, and alerts to minimize false positives and enable rapid detection of threats.

Threat Intelligence & Collaboration

• Integrate threat intelligence feeds and collaborate with external agencies, information sharing groups (ISACs), or regional security bodies to stay ahead of emerging threats.
• Translate threat intelligence into actionable controls or detection rules within the SOC environment.

Process & Procedure Development

• Create and update SOC operational guidelines, playbooks, runbooks, and standard operating procedures (SOPs).
• Streamline incident handling workflows, ensuring consistency in detection, escalation, and response processes.

Continuous Improvement

• Conduct post-incident reviews and root cause analyses to identify opportunities for process enhancements, tool improvements, or control optimizations.

 Team Leadership & Mentoring

• Provide guidance and mentorship to L1/L2 analysts within the SOC-as-a-Service team, ensuring they are developing and applying best practices in threat analysis and incident response.
• Champion knowledge-sharing sessions, training, and tabletop exercises to maintain high readiness levels.

Regulatory & Compliance Alignment

• Ensure SOC processes align with relevant cybersecurity frameworks, standards, and regulations (PCI DSS, ISO 27001, NIST CSF, CBK Cybersecurity Guidelines).
• Produce periodic reports demonstrating compliance and the eectiveness of security controls.

Required skills:

• Skilled at configuring, managing, and tuning SIEM platforms, IDS/IPS, endpoint security tools, and vulnerability management solutions to detect malicious activity eciently.
• Capable of performing in-depth investigations of security incidents, including root cause analysis, containment, eradication, and recovery.
• Ability to consume and correlate threat intelligence feeds and reports to proactively identify and mitigate emerging threats.
• Skilled at planning and executing threat-hunting activities to uncover hidden or sophisticated attacks.
• Deep understanding of common threat vectors (phishing, ransomware, DDoS, web application exploits) and attacker tactics, techniques, and procedures (TTPs). Ability to map incidents and detection eorts against frameworks like MITRE ATT&CK.
• Experience developing and maintaining SOC playbooks, operational guidelines, and standard operating procedures for incident handling, escalation, and reporting.
• Competence in leading or participating in post-incident reviews, root cause analyses, and continuous improvement initiatives.
• Strong communication skills to collaborate eectively with internal teams (e.g., Infrastructure, DevOps, Compliance) and external stakeholders (managed SOC providers, law enforcement).
• Ability to produce compliance reports and address audit requirements.
• Keen analytical skills to interpret complex security logs, correlate events across multiple platforms, and draw meaningful insights.

Qualifications & Experience:

• Bachelor's degree in Information Security, Cybersecurity, or related field.
• 5+ years of experience in cybersecurity, with at least 3 years in a SOC environment.
• Strong knowledge of SIEM, threat intelligence, incident response, and forensic analysis.
• Experience with payment security, fraud monitoring, and financial sector threats.
• Certifications such as CISSP, GIAC GCIA/GCIH, or OSCP are a plus.