Thursday, 9 September 2021

Senior Security Engineer at Sendy Limited

At Sendy, we specialize in connecting on-demand, trusted, and transparent service providers with individuals and businesses looking to move packages. Thus, we believe it’s a natural extension of our core expertise to also connect our users to quality certified transportation providers. As of today, Sendy users can now request a package DELIVERY using a motorcycle, van, pickup, or 3 ton truck, or a passenger RIDE with a boda boda or cab – all from within the same SENDY mobile app (available on Android and iOS) and web platform. All DELIVERY and RIDE services are available 24 hours a day, 7 days a week and can be paid for using cash, MPesa, or card.

About The Role

Security Engineers are tasked with building and maintaining security infrastructure for Sendy’s application platforms. They work closely with the engineering teams responsible for running and maintaining our infrastructure.

Key Duties and Responsibilities

  • Plan, scope and budget individual cyber review assignments including continuous cyber security scans of the Company’s technical environment.
  • Lead the planning process of cyber reviews in conjunction with the Head of Information Technology.
  • Coordinate control related activities together with related IT governance functions including cyber security  assessment and related findings and provide input to the management committee.
  • Develop cyber assessment plans of assigned cyber assurance and advisory services based on the annual cyber security based plan focusing on the key critical risk areas.
  • Execute cyber security as per the set plans and in accordance with policies, procedures and best practice as might be necessary.
  • Manage and align assignment resources, efforts and goals; identify and remove barriers in order to achieve optimal results.
  • Review working papers in line with recommended cyber security standards ensuring proper identification, development, and documentation of cyber security issues and recommendations using independent judgment.
  • Review and draft timely cyber security reports for senior management ensuring all the conclusions provide high-level assurance, reduce risk and/or create positive change.
  • Liaise with departmental heads to ensure findings and recommendations are accepted and implemented
  • Provide consultancy services to project teams on cyber risks, system controls and best practices while maintaining independence.
  • Provide advice and effective challenge to internal stakeholders regarding the implications on the IT control environment on business strategy and operating environment.
  • Undertake to assist in investigation of cases of internal and external cyber frauds, as requested.
  • Strong collaboration with other lines of cyber defence to provide integrated assurance.
  • Review procedures, processes and records to ensure they are in line with the cyber security objectives and appraise policies and plans of activities, departments and functions under review.
  • Oversee cyber secrity and inspection plans, schedule and review of work-papers.
  • Develop sustainable and re-useable data analytics models and programs to improve the efficiency of the cyber security program and to improve coverage.
  • Build and maintain dashboards and common data sets regularly required by audit delivery teams.
  • Liaise with external cyber security consultants and other regulatory monitoring agencies and implement recommendations to improve technological controls, promote growth and ensure compliance with the law, applicable legislation and regulatory framework.
  • Strong relationships and communications with Senior management to ensure concerns are addressed and expectations met.
  • Provide ongoing coaching and feedback to direct reports.
  • Identify development and training needs and develop plans to satisfy areas identified.

About You

  • Knowledgeable on cyber security frameworks such as NIST and ISO27000 series.
  • Hands on cyber security assessments including vulnerability management penetration testing, cyber incident management and system recovery.
  • Experience with cyber security tools including but not limited to vulnerability managers, SIEM, SOAR, exploitation suites, IPS/IDS database activity monitoring tools, malware management tools among others.
  • Experience in cyber security regulations and guideline.
  • Experience in cyber security policy formulation.
  • Experience with cloud security architectures and technologies
  • Experience identifying and mitigating security issues in production services and in pre-production planning
  • Experience working on highly distributed and scalable systems
  • Experience designing, deploying, and managing tools that automate security functions.

Technical Competencies

  • 5+ years of relevant work experience in a busy IT Environment with clear understanding of every field of IT and an appreciation for emerging Technologies.
  • Experience with Cloud security (AWS, GCP,, etc.)
  • DevOps and configuration management with tools like Terraform, Ansible, etc.
  • Relevant certifications in information security knowledge areas, such as Information Systems Audit, Information Security Management and Ethical Hacking.
  • Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk.
  • Experience with IPS/IDS, SIEM, DLP, Active Directory and other security technologies.
  • In-depth familiarity with security policies based on industry standards and best practices
  • Knowledge of: Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM)
  • Identity and Access Management policy application and enforcement
  • Advanced knowledge of Linux, MacOS, Windows operating systems
  • Experience hardening operating systems
  • Advanced programming experience (Java, Python, Golang, Bash, etc.)
  • Experience with the Linux kernel and Linux software packaging
  • Project management skills preferred.
  • Passionate and eager to learn.

What we offer

  • Comprehensive health insurance – Inpatient / Outpatient / Dental / Optical.
  • Flexible vacation.
  • All risk Insurance
  • Office lunch
  • Opportunity for company stock options

The post Senior Security Engineer at Sendy Limited appeared first on Jobs in Kenya - http://jobwebkenya.com/.



The post Senior Security Engineer at Sendy Limited is republished from Jobs – Jobs in Kenya – http://jobwebkenya.com/