Cybersecurity Engineering Lead
Posted:
Company Details
Industry:
Non-Profit Organization Management
Website:
http://www.msf.org/en/
Description:
Médecins sans frontières (MSF) or Doctors Without Borders, is an international humanitarian-aid non-governmental organization (NGO) and Nobel Peace Prize laureate, best known for its projects in war-torn regions and developing countries facing endemic diseases. It was founded in France in response t…
View more
Job Details
Job Type:
Full Time
Workplace Type:
On-site
Qualification:
Diploma
Job Experience:
Mandatory
Job Location:
Nairobi County, Kenya
Closing Date:
Undisclosed
Salary:
Undisclosed
Other Pay:
Benefits
Job Category:
Information Technology
Job Description
- As the Cybersecurity Engineering Lead, you design, implement and enhance security and privacy controls across on‑premise, cloud and application environments. In this role, you report to the Head of Cybersecurity and supervise two Mobile Implementation Officers (MIOs). You also provide technical support for compliance activities, audits, vulnerability remediation and third‑party security, ensuring that cybersecurity and compliance requirements are delivered consistently in line with MSF OCB standards.
- You ensure that security controls and configurations are properly built, hardened and maintained over time. Your work strengthens MSF’s trustworthiness for patients, staff, donors and partners by establishing and sustaining robust, well‑evidenced security measures. You collaborate closely with key stakeholders, including the Cybersecurity Team, the Data Protection Officer, infrastructure and cloud teams, DevOps, staff in countries of operation, Data and Analytics, procurement and legal, to embed strong security and privacy controls across MSF’s technology landscape.
MAIN RESPONSIBILITIES
Cybersecurity control implementation & hardening
- Implement and maintain technical security controls across MSF’s infrastructure and cloud (Azure AD / Entra ID, M365, Defender, Sentinel, firewalls, VPN, endpoint protection)
- Implement Zero Trust and secure-by-default principles, apply secure configuration baselines and hardening standards (servers, endpoints, cloud, identities) using applicable frameworks such as CIS and Microsoft baselines
Secure software delivery & privacy by design
- Work with relevant teams to embed security checks (such as SAST/DAST, dependency scanning, secrets management) into CI/CD workflows and support secure solution designs
- Implement and support technical measures for privacy-by-design and privacy-by-default (data minimisation, role-based access, encryption, logging and retention for personal data)
- Provide technical input to DPIAs and help implement privacy-related controls (e.g. retention policies, consent/preference handling, restricted debug logging) together with application owners and the DPO
Vulnerability remediation & testing
- Collaborate with the Information Security Operations Specialist and system owners to remediate vulnerabilities, focusing on structural fixes (baseline changes, configuration hardening, architectural improvements)
- Support planning and follow-up of penetration tests / red-team exercises and lead or assist in implementing remediation actions
- Provide the technical view of remediation progress and recurring weaknesses, and propose improvements to controls and baselines
Third-party / vendor technical security
- Perform technical security and risk due diligence on vendors and third parties during procurement and renewals (cloud services, SaaS, tools, MSPs).
- Review vendor security documentation, certifications and data-protection terms, identify gaps and recommend technical mitigations.
- Define and support implementation of technical requirements in contracts, SLAs, DPAs and SoWs (e.g. encryption, logging, incident notification, access control, patching, data location and retention).
Collaboration, Compliance, frameworks & incident support
- Coordinate the technical collection, consolidation and secure transfer of required logs and artefacts (SIEM, endpoints, network, cloud, applications)
- Support technical analysis during incidents or suspected data breaches (config checks, cloud/integration review)
- Maintain clear technical documentation (baselines, reference architectures, vendor assessments, privacy controls, remediation plans) to support operations and audits
- Stay current with emerging threats, tools and vendor capabilities in cloud, identity, application security, vulnerability management, privacy-enhancing technologies and third-party risk, and propose pragmatic improvements to MSF’s security posture
REQUIREMENTS
Education & Experience
- Education: Master's Degree (or equivalent) in information security, Cybersecurity, Computer Science, Information Technology, Cybersecurity, or a related area of study
- Professional Certifications: Relevant certifications such as CEH, CISA, CISM, CISSP, CompTIA Security+, ISO/IEC 27001 (Lead Implementer/Auditor), GIAC, or equivalent
- Security Engineering Experience (Minimum 5 years): Proven hands-on experience designing, implementing, and operating technical security controls across identity, endpoint, network, cloud, and application environments.
- Microsoft Security Stack (Minimum 5 years): Practical experience securing Microsoft environments, including Entra ID/Azure AD, Microsoft 365, Defender suite, and Microsoft Sentinel
- Vulnerability & Monitoring Platforms (Minimum 5 years): Experience configuring and operating vulnerability management tools, SIEM/SOC platforms, firewalls, and related security technologies; managing remediation and follow-up
- Compliance & Assurance (Minimum 4 years): Experience supporting or leading audits and control implementation aligned to GDPR/Data Protection, ISO 27001 (ISMS), PCI DSS, and similar frameworks.
- Cloud Security: Familiarity with Microsoft Azure architecture and associated security controls and reference frameworks
372 open positions on Semasocial right now
· 6760 open positions in Nairobi County, Kenya
· 5 posted in the last 7 days
CV Job Description Matcher See how well your CV matches this job and get tips to improve your chances AI Tool
This tool helps you see how closely your CV matches a job description. It also gives you simple suggestions on what to improve so you have a better chance of getting shortlisted.
Beware of Fraudsters!
Never pay anyone for job applications, interview tests, or job interviews. A genuine employer will never ask you for payment under any circumstances.
Never pay anyone for job applications, interview tests, or job interviews. A genuine employer will never ask you for payment under any circumstances.
Disclaimer & TOS: We do not guarantee the authenticity of every single job posting and are not responsible for any fraudulent activity or misrepresentation by third parties. We are not involved in any stage of the interview or recruitment process and do not charge any fees from job seekers. For further details, please read the rest of the Terms of Service.
