JOB TITLE

 

CYBER SECURITY/QUALITY ASSURANCE ENGINEER

NATURE OF JOB

FULL TIME

INDUSTRY

INFORMATION TECHNOLOGY SERVICES

SALARY

ATTRACTIVE

JOB LOCATION

NAIROBI

 

DUTIES AND RESPONSIBILITIES

Vulnerability Assessment & Penetration Testing

  • Perform regular vulnerability assessments on web applications, APIs, and infrastructure components using both automated tools and manual testing techniques.
  • Conduct penetration testing (pen-testing) to identify security gaps and weaknesses, simulating real-world attack scenarios.
  • Analyze test results to prioritize vulnerabilities based on risk impact and likelihood.
  • Prepare detailed reports and communicate findings to development and management teams, along with actionable remediation steps.
  • Collaborate with IT and development teams to verify fixes and retest vulnerabilities post-remediation.

Security Testing Integration & Automation

  • Lead the integration of Static Application Security Testing (SAST) tools (e.g., SonarQube, Checkmarx) and Dynamic Application Security Testing (DAST) tools (e.g., OWASP ZAP, Burp Suite) into CI/CD pipelines.
  • Develop and maintain automated security test scripts and frameworks to ensure continuous security validation during the software delivery process.
  • Work closely with DevOps teams to embed security checkpoints that enforce compliance with security policies and coding standards.
  • Monitor security testing outputs to detect regression or introduction of new vulnerabilities during product releases.

Quality Assurance & Compliance

  • Design and implement comprehensive automated QA test cases covering functional, regression, and security aspects.
  • Establish and enforce quality standards and best practices throughout the SDLC with a focus on secure coding and compliance.
  • Continuously evaluate and improve QA processes to increase test coverage, reduce manual efforts, and improve product quality.
  • Track and report on QA and security KPIs, such as defect density, vulnerability counts, remediation times, and compliance rates.

Risk Analysis & Incident Handling

  • Perform risk assessments related to new features, third-party components, or changes to infrastructure.
  • Participate in incident response activities related to software vulnerabilities or breaches, assisting in root cause analysis and post-mortem reporting.
  • Provide security recommendations to mitigate risks early in the development lifecycle.
  • Collaborate with security operations and governance teams to align on risk management and compliance strategies.

Collaboration & Training

  • Work closely with developers, product owners, and system architects to embed security and quality into the design and development phases.
  • Mentor junior QA engineers and security analysts on security testing methodologies and tools.
  • Conduct training sessions or workshops to raise awareness on secure coding practices, vulnerability management, and compliance requirements.
  • Stay updated with the latest security threats, vulnerabilities, and QA tools/techniques, sharing knowledge across the team.

Documentation & Reporting

  • Maintain detailed documentation of testing procedures, security policies, compliance checklists, and remediation workflows.
  • Prepare periodic security and quality assurance reports for management and audit purposes.
  • Document lessons learned from security incidents, testing failures, and audits to continuously improve processes.

KEY REQUIREMENT SKILLS AND QUALIFICATION

  • MBA degree preferred, with a focus on Information Security, Technology Management, or related field
  • Minimum 5 years of relevant experience in cybersecurity and/or quality assurance roles
  • Proven experience in vulnerability assessment and penetration testing
  • Hands-on experience with security certifications such as CompTIA Security+ or CSSLP (Certified Secure Software Lifecycle Professional)
  • Experience integrating SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools into development pipelines.
  • Familiarity with automated testing frameworks, CI/CD tools, and compliance automation
  • Strong understanding of secure software development lifecycle (SDLC) practices.
  • Knowledge of regulatory frameworks and compliance standards relevant to the industry

 

HOW TO APPLY

  • If you meet the above qualifications, skills and experience share CV on This email address is being protected from spambots. You need JavaScript enabled to view it.
  • Interviews will be carried out on a rolling basis until the position is filled.
  • Only the shortlisted candidates will be contacted.