Principal Officer, Cyber Secure By Design

Reporting to the Senior Manager, Cyber Secure by Design, the position holder will lend support in ensuring all new and existing systems/products/services comply with Safaricom's security policies & standards and other industry best practices e.g. ISO27001, PCI DSS, etc... The officer will also support the Safaricom bug bounty program and take part in driving DevSecOps initiatives in the organization

Job Responsibilities

Key accountabilities and decision ownership

Health And Safety

• Uphold the company code of conduct, policies and procedures, ensuring integrity and accountability in every aspect of your work.
• All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines and procedures in all actions and decisions

Project Assurance (Waterfall & Agile)

• Conduct security reviews of all projects before go-live and ensure remediation of critical/high/Medium risk defects before go-live.
• Timely submission of good quality reports to the project teams and weekly updates to SLT
• Timely and complete handover of all completed projects to cyber Prevent & Defense
• update project folder with all updated project documentation

Bug Bounty Program Management

• Ensure bug bounty reports are validated and awarded within defined SLA
• Follow up on remediation of valid reports within defined SLAs i.e. critical/high risk issues to be closed within 30 days and medium/low risk issues within 90 days
• Provide weekly update on status of open reports in the bug bounty issue tracker for weekly report
• Provide insights into how the program is performing and how to improve in order to improve Safaricom s security posture

Penetration Testing and Red teaming exercise

• Scope and conduct a penetration test and red team exercise on existing systems throughout a financial year
• Timely Submission of good quality reports and presentation of findings to system custodians and blue team
• Follow up with responsible teams on the remediation of critical/high risk issues within 30 days and medium/low risk issues within 90 days
• Provide weekly update on status of open issues in the issue tracker for weekly reporting

Devsecops

• Ensure there is at least 1 security champion in allocated squads
• Ensure all DevOps tools used in allocated squads have been reviewed and approved by security assurance team
• Ensure all security champions in allocated squads attend security chapter meetings
• Ensure all DevOps pipelines used in allocated squads have all recommended security tools for automated testing (use of security approved CI/CD pipelines)
• Ensure at least 80% attendance of developers in allocated squads security chapter boost sessions

Core Competencies, Knowledge And Experience:

Customer Obsession

• Deepen team connection to our customers and communities.
• Foster authentic relationships with customers and partners that build trust.
• Explicitly take customer-centric decisions and take personal ownership to achieve results.
• Simplify processes through digitalisation and promote a digital mindset and digital first customer experience.
• Stay focused on the big priorities, know when to make meaningful trade-offs and demonstrate brilliant execution.

Purpose

• Create an inspiring vision for your team to drive strategy and performance.
• Show ambition and courage, empowering others to go beyond the plan.
• Bold and challenge teams to reimagine how things are done.
• Prompt new thinking and ideas by asking what if questions.
• Use knowledge of the external environment (customers, partners, competition, external bodies) to identify and act on opportunities for growth at pace.

Innovation

• Create psychological safety so everyone can have an impact.
• Fuel innovative ideas from others and test them to enable growth.
• Explore successes and failures with curiosity and resilience; fearlessly recognizing lessons learned.
• Share your ongoing learning and personal purpose with others.
• Learn fast from digital adoption, using learnings to drive simplicity, scale and efficiency.

Collaboration

• Articulate your team s role in making our strategy happen, prioritizing and aligning resources with current and future needs.
• Actively collaborate to break silos and hold your team accountable to do the same.
• Develop others to make the most of their talents and coach them to take ownership to get things done.
• Create an inclusive environment ensuring the safety and wellbeing of others.
• Live our Purpose and demonstrate the highest Standard of integrity.

Must have technical / professional qualifications:

• Degree in Information Security/Computer Forensics/Computer Science/Information Technology or other relevant Technical Degree
• Information security certifications e.g. CEH/CISSP/CISM/CISA/GIAC/CPTP/OSCP
• Advanced Networking certifications: CCNA/CCNP/CCSP/CCIE preferred
• Certifications in Microsoft Windows and Linux/Unix Operating Systems
• Demonstrate competency in the use and administration of ethical hacking tools e.g. KALI Linux, Metasploit, Nexpose, Nessus, Nmap, BurpSuite etc
• Minimum of 5 years working experience in Information Systems Security e.g. Ethical Hacking, Penetration Testing, Vulnerability Assessments, ICT Audits, Pre-and-Post Implementation System Reviews etc
• Minimum of 5 years working experience in Networking and Operating Systems e.g. Cisco, Huawei, Windows (All), Unix, Linux etc
• Minimum of 3 years working experience in Web and Mobile applications technologies e.g. Java, Python, PHP, Javascript, CSS, Apache, Nginx, IIS etc
• Working knowledge of databases e.g. Oracle, MSSQL, MongoDB, Postgress etc.. will be an added advantage
• Working knowledge of Virtualization & Microservices technologies e.g. VMware, Open shift, Kubernetes, Docker etc will be an added advantage
• Working knowledge of Cloud technologies e.g. AWS and Azure will be an added advantage
• Working knowledge and experience in DevSecOps technologies and practices i.e. AGILE, Jenkins, Jira, Github, Gitlab etc will be an added advantage
• Working knowledge of Mobile and GSM technologies e.g. Android, IOS, 2G, 3G, LTE, USSD etc will be an added advantage
• Excellent communication skills and a good team player
• Excellent time management skills i.e. getting things done in a timely manner
• Excellent report writing and presentation skills
• Very analytical and keen on details

How To Apply

If you are up to the challenge and possess the required qualifications and experience, update your candidate profile on the recruitment portal and click Apply. Attach your updated resume.

We are the leading telecommunication company in East Africa. Our purpose is to transform lives by connecting people to people, people to opportunities and people to information. We keep over 42 million customers connected and play a critical role in the society, supporting over one million jobs both directly and indirectly while our total economic value was estimated at KES 362 Billion ($ 3.2 billion) for the 12 months through March 2021. We are listed on the Nairobi Securities Exchange (NSE) and with annual revenues of close to KES 298 Billion ($2.5 billion) as at March 2022. We were founded in 1997 as a fully owned subsidiary of Telkom Kenya before a 40 percent acquisition by Vodafone Group PLC in May 2000, and a public offering of 25 percent shares through the NSE in 2008. Under the management of Vodafone Group PLC, we welcomed Michael Joseph, as our first CEO, a few months later in July of 2000. He led the company’s growth to accommodate 16.71 million subscribers from the previous 20,000, largely owing to innovative products like M-PESA in 2007.