Principal Engineer – Network & Cloud Security

Full Time 2 days ago Nairobi, Nairobi

Employment Information

Responsibilities

Health and Safety

  • Uphold the company code of conduct, policies and procedures, ensuring integrity and accountability in every aspect of your work.
  • All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines and procedures in all actions and decisions.

Network & Cloud Security Strategy

  • Define and execute a comprehensive network and cloud security strategy.
  • Align strategy with enterprise Cyber Prevent roadmap and risk posture.
  • Establish security architecture standards for on-premise, hybrid, and multi-cloud environments.
  • Drive Zero Trust Architecture ZTA adoption across network and cloud ecosystems.
  • Lead transformation toward software-defined and cloud-native security models.

Network Security Architecture & Protection

  • Design and implement secure enterprise network architecture.

Enforce controls for: 

  • Perimeter security Next-Gen Firewalls.
  • Intrusion Detection & Prevention Systems IDS/IPS.
  • Secure network segmentation and micro-segmentation.
  • Protect against DDoS, lateral movement, and advanced persistent threats APTs.
  • Establish secure connectivity frameworks VPN, ZTNA, SD-WAN security.
  • Ensure secure integration across enterprise environments, partners, and third parties.

Cloud Security Multi-Cloud & Hybrid

  • Lead security strategy across AWS, Azure, GCP, and private cloud environments.
  • Implement: 
  • Cloud Security Posture Management CSPM.
  • Cloud Workload Protection Platforms CWPP.
  • Cloud Infrastructure Entitlement Management CIEM.
  • Ensure secure cloud configurations, identity models, and access controls.
  • Protect workloads across IaaS, PaaS, and SaaS environments.
  • Drive compliance with cloud security frameworks CIS, NIST, ISO, CSA.

Secure Cloud Architecture & DevSecOps Integration

  • Embed security into cloud-native architectures and application deployment pipelines.
  • Integrate security into CI/CD pipelines and DevSecOps practices.
  • Enable automated security testing.
  • Infrastructure as Code IaC scanning.
  • Container image security scanning.
  • Ensure secure Kubernetes and container environments.
  • Promote shift-left security approach.

Zero Trust & Identity-Aware Networking

  • Implement Zero Trust Network Access ZTNA frameworks.
  • Enforce identity-based access control and authentication mechanisms.
  • Ensure least privilege access across network and cloud environments.
  • Integrate security with IAM and PAM systems.
  • Enable continuous verification of users, devices, and workloads.

Automation & AI-Driven Security Controls
Implement AI/ML-driven threat detection and prevention mechanisms.

  • Drive automation in: 
  • Threat detection and response.
  • Policy enforcement.
  • Configuration management.
  • Reduce manual overhead through security orchestration and automation SOAR.
  • Enable real-time adaptive security controls.

Threat Prevention & Network Monitoring

Establish continuous monitoring for: 

  • Network traffic anomalies.
  • Suspicious behavior patterns.
  • Cloud activity logs.
  • Integrate with SIEM/XDR platforms for centralized visibility.
  • Improve detection of east-west and north-south traffic threats.
  • Enable proactive threat intelligence integration.

Vulnerability Management Integration
Collaborate with vulnerability management teams for: 

  • Network infrastructure vulnerabilities.
  • Cloud misconfigurations.
  • Ensure timely remediation of critical security gaps.
  • Reduce attack surface across network and cloud assets.
  • Maintain continuous risk visibility.

Third-Party & Connectivity Security

  • Secure third-party network connections and integrations.
  • Define and enforce vendor access security policies.
  • Ensure risk visibility across external connections and partner ecosystems.

DDOS protection

  • Configure, optimize and maintain Anti-DDOS systems to protect against all types of DDOS attacks.

Operational Excellence & Service Resilience

  • Ensure always-on availability of network and cloud security controls.
  • Optimize performance of security tools and platforms.
  • Drive standardization, automation, and process maturity.
  • Establish resilient and scalable security architecture.
  • Continuously improve based on threat intelligence and incident learnings.

Compliance, Risk & Governance
Ensure adherence to: 

  • Regulatory standards GDPR, PCI-DSS, etc..
  • Internal security policies.
  • Support risk assessments, audits, and regulatory reporting.
  • Maintain compliance dashboards and metrics.
  • Ensure alignment with enterprise risk management framework.

Core competencies, knowledge and experience:

Business Competencies

  • Strong ability to align security with business transformation and cloud adoption.
  • Stakeholder collaboration across IT, DevOps, and business teams.
  • Risk-based decision-making with business impact awareness.

Functional Competencies

  • Deep expertise in: 
  • Network security architecture.
  • Cloud security frameworks and platforms.
  • Hybrid infrastructure security models.
  • Strong understanding of emerging threats in cloud and network domains.

Technical Skills

  • Zero Trust Architecture implementation.
  • Networking technologies i.e. Firewalls, IPS, WAF, NAC.
  • Container and Kubernetes security.
  • Cloud technologies i.e. AWS, Azure, GCP.

Hands-on Experience:
Perimeter & Border Controls

  • Next Generation Firewalls NGFW.
  • Web Application Firewalls WAF.
  • Bot Management & Account Takeover Protection ATO.
  • Intrusion Prevention Systems IPS.
  • DDoS Mitigation Anti-DDoS.
  • Network Detection and Response NDR.
  • Web & Email Security Gateways WSG/ESG.
  • API Security Gateways

Secure Access & Connectivity

  • Virtual Private Networks VPN.
  • Network Access Control NAC.
  • Zero Trust Network Access ZTNA.
  • Secure Access Service Edge SASE.

Cloud & Container Security

  • Cloud Firewalls / Security Groups.
  • Cloud Access Security Brokers CASB.
  • Cloud Security Posture Management CSPM.
  • Cloud-Native Application Protection Platforms CNAPP.
  • Cloud Workload Protection Platforms CWPP.
  • Container and Kubernetes Security.

Leadership Competencies

  • Strong leadership in driving cross-functional initiatives.
  • Ability to influence enterprise architecture decisions.
  • Innovation mindset with focus on AI and automation adoption.
  • Strong execution, delivery, and transformation leadership.

Qualifications

  • Bachelor’s degree in Cyber Security, IT, Engineering, or related field
  • 5-10+ years of experience in network and/or cloud security
  • Proven experience in enterprise-scale cloud security and network protection

Certifications preferred: 

  • CISSP, CCSP, CISM
  • AWS/Azure/GCP Security Certifications
  • Cisco / Network Security certifications
Wakanda Jobs - Find All Jobs

New Things Will Always
Update Regularly

Wakanda Jobs - Find All Jobs
Your experience on this site will be improved by allowing cookies Cookie Policy