About Our Client:
Our Client is an alternative investments management firm with offices in Nairobi - Kenya and the D.C. Metro Area in the US. And is a respected technology solutions provider that offers innovative, differentiated and efficient technology products and support, web-based solutions and integrated business solutions.
Cyber Security Engineer:
Our Client is an independent investment management firm, with offices in Nairobi - Kenya and D.C. Metro - U.S. And is primarily focused on offering alternative investment solutions to individual high net-worth investors, global and institutional investors and Kenyans in the diaspora interested in the high-growth East-African region. We currently have over Kshs. 73 billion of investments and projects under mandate, mainly in real estate.
To manage our growing Technology needs, the firm is inviting applications from talented Cyber Security Engineers to join its competitive team of engineers.
The successful candidate will have an opportunity to participate in our share ownership plan.
Cyber Threat Engineer will work on all systems and/or projects within the organization responsible for providing Cyber Security Threat detection utilizing network and host based Computer Security tools, appliances and end point products
Perform static code analysis (SCA) on applications to identify vulnerabilities and report to software engineers for fixing
Set up and monitor applications for intrusion detection and protect applications against common vulnerabilities
Secure application infrastructure (servers and databases) against intrusion, ensuring they’re regularly patched against known vulnerabilities
Manage vulnerability reporting in all applications and systems, including open source software that the applications run on
Perform analysis of all security systems log files, review and keep track of triggered events, research current and future cyber threats, reconcile correlated cyber security events, develop and modify new and current cyber security correlation rule sets, and operate security equipment and technology
Document security incidents as identified in the incident response rules and escalate to management as required
Bachelor's degree in Computer Science, Information Systems or specialized training/certification. Or equivalent work experience.
Typically requires 1 or more year of related technical experience.
Experience in application security, preferably a software security role
Expertise with browser security controls (CSP, XFO, HSTS), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
Knowledgeable with back end security topics such as secret management and service authentication
Experience building tools and processes to reliably identify security issues such as SQL injection, XSS, CSRF, and business logic flaws across large code bases
Experience supporting a major system.
Good understanding of IT and Risk Management Framework a plus. Certified Information Systems Security Professional (CISSP)
Expert skills in data analysis and data mining.
Must be well versed in Cyber Security Tools, network topologies, intrusion detection, PKI, and secured networks
Experience leading teams
Should be good in intrusion prevention and detection systems and configuring them in firewalls.
Should be good in network design and development and network hardening to avert security threats.