Principal Engineer – Network & Cloud Security at Safaricom Kenya

Responsibilities

Health and Safety


Uphold the company code of conduct, policies and procedures, ensuring integrity and accountability in every aspect of your work.
All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines and procedures in all actions and decisions.


Network & Cloud Security Strategy


Define and execute a comprehensive network and cloud security strategy.
Align strategy with enterprise Cyber Prevent roadmap and risk posture.
Establish security architecture standards for on-premise, hybrid, and multi-cloud environments.
Drive Zero Trust Architecture (ZTA) adoption across network and cloud ecosystems.
Lead transformation toward software-defined and cloud-native security models.


Network Security Architecture & Protection


Design and implement secure enterprise network architecture.


Enforce controls for:


Perimeter security (Next-Gen Firewalls).
Intrusion Detection & Prevention Systems (IDS/IPS).
Secure network segmentation and micro-segmentation.
Protect against DDoS, lateral movement, and advanced persistent threats (APTs).
Establish secure connectivity frameworks (VPN, ZTNA, SD-WAN security).
Ensure secure integration across enterprise environments, partners, and third parties.


Cloud Security (Multi-Cloud & Hybrid)


Lead security strategy across AWS, Azure, GCP, and private cloud environments.
Implement:
Cloud Security Posture Management (CSPM).
Cloud Workload Protection Platforms (CWPP).
Cloud Infrastructure Entitlement Management (CIEM).
Ensure secure cloud configurations, identity models, and access controls.
Protect workloads across IaaS, PaaS, and SaaS environments.
Drive compliance with cloud security frameworks (CIS, NIST, ISO, CSA).


Secure Cloud Architecture & DevSecOps Integration


Embed security into cloud-native architectures and application deployment pipelines.
Integrate security into CI/CD pipelines and DevSecOps practices.
Enable automated security testing.
Infrastructure as Code (IaC) scanning.
Container image security scanning.
Ensure secure Kubernetes and container environments.
Promote shift-left security approach.


Zero Trust & Identity-Aware Networking


Implement Zero Trust Network Access (ZTNA) frameworks.
Enforce identity-based access control and authentication mechanisms.
Ensure least privilege access across network and cloud environments.
Integrate security with IAM and PAM systems.
Enable continuous verification of users, devices, and workloads.


Automation & AI-Driven Security Controls
Implement AI/ML-driven threat detection and prevention mechanisms.


Drive automation in:
Threat detection and response.
Policy enforcement.
Configuration management.
Reduce manual overhead through security orchestration and automation (SOAR).
Enable real-time adaptive security controls.


Threat Prevention & Network Monitoring

Establish continuous monitoring for:


Network traffic anomalies.
Suspicious behavior patterns.
Cloud activity logs.
Integrate with SIEM/XDR platforms for centralized visibility.
Improve detection of east-west and north-south traffic threats.
Enable proactive threat intelligence integration.


Vulnerability Management Integration
Collaborate with vulnerability management teams for:


Network infrastructure vulnerabilities.
Cloud misconfigurations.
Ensure timely remediation of critical security gaps.
Reduce attack surface across network and cloud assets.
Maintain continuous risk visibility.


Third-Party & Connectivity Security


Secure third-party network connections and integrations.
Define and enforce vendor access security policies.
Ensure risk visibility across external connections and partner ecosystems.


DDOS protection


Configure, optimize and maintain Anti-DDOS systems to protect against all types of DDOS attacks.


Operational Excellence & Service Resilience


Ensure always-on availability of network and cloud security controls.
Optimize performance of security tools and platforms.
Drive standardization, automation, and process maturity.
Establish resilient and scalable security architecture.
Continuously improve based on threat intelligence and incident learnings.


Compliance, Risk & Governance
Ensure adherence to:


Regulatory standards (GDPR, PCI-DSS, etc.).
Internal security policies.
Support risk assessments, audits, and regulatory reporting.
Maintain compliance dashboards and metrics.
Ensure alignment with enterprise risk management framework.


Core competencies, knowledge and experience:

Business Competencies


Strong ability to align security with business transformation and cloud adoption.
Stakeholder collaboration across IT, DevOps, and business teams.
Risk-based decision-making with business impact awareness.


Functional Competencies


Deep expertise in:
Network security architecture.
Cloud security frameworks and platforms.
Hybrid infrastructure security models.
Strong understanding of emerging threats in cloud and network domains.


Technical Skills


Zero Trust Architecture implementation.
Networking technologies i.e. Firewalls, IPS, WAF, NAC.
Container and Kubernetes security.
Cloud technologies i.e. AWS, Azure, GCP.


Hands-on Experience:
Perimeter & Border Controls


Next Generation Firewalls (NGFW).
Web Application Firewalls (WAF).
Bot Management & Account Takeover Protection (ATO).
Intrusion Prevention Systems (IPS).
DDoS Mitigation (Anti-DDoS).
Network Detection and Response (NDR).
Web & Email Security Gateways (WSG/ESG).
API Security Gateways


Secure Access & Connectivity


Virtual Private Networks (VPN).
Network Access Control (NAC).
Zero Trust Network Access (ZTNA).
Secure Access Service Edge (SASE).


Cloud & Container Security


Cloud Firewalls / Security Groups.
Cloud Access Security Brokers (CASB).
Cloud Security Posture Management (CSPM).
Cloud-Native Application Protection Platforms (CNAPP).
Cloud Workload Protection Platforms (CWPP).
Container and Kubernetes Security.


Leadership Competencies


Strong leadership in driving cross-functional initiatives.
Ability to influence enterprise architecture decisions.
Innovation mindset with focus on AI and automation adoption.
Strong execution, delivery, and transformation leadership.


Qualifications


Bachelor's degree in Cyber Security, IT, Engineering, or related field
5-10+ years of experience in network and/or cloud security
Proven experience in enterprise-scale cloud security and network protection


Certifications (preferred):


CISSP, CCSP, CISM
AWS/Azure/GCP Security Certifications
Cisco / Network Security certifications