Principal Engineer – Network & Cloud Security
Safaricom
Job Description
Job Description
Reporting to the Senior Manager, Cyber Prevent, the Principal Engineer – Network & Cloud Security is responsible for leading the design, implementation, and continuous enhancement of network and cloud security capabilities across the enterprise.This role ensures the establishment of converged, AI-enabled, always-on security controls that protect enterprise networks, hybrid infrastructures, and multi-cloud environments from evolving cyber threats.
The position focuses on proactively reducing cyber risk exposure by enforcing secure architecture, Zero Trust principles, automated security controls, and cloud-native protection mechanisms.The role plays a critical part in enabling frictionless yet robust security, ensuring business agility while maintaining high levels of protection for digital platforms, connectivity, and workloads.
Requirements
- Bachelor’s degree in Cyber Security, IT, Engineering, or related field
- 5-10+ years of experience in network and/or cloud security
- Proven experience in enterprise-scale cloud security and network protection
- Certifications (preferred): • CISSP, CCSP, CISM • AWS/Azure/GCP Security Certifications • Cisco / Network Security certifications
Responsibilities
Network & Cloud Security Strategy
- Define and execute a comprehensive network and cloud security strategy.
- Align strategy with enterprise Cyber Prevent roadmap and risk posture.
- Establish security architecture standards for on-premise, hybrid, and multi-cloud environments.
- Drive Zero Trust Architecture (ZTA) adoption across network and cloud ecosystems.
- Lead transformation toward software-defined and cloud-native security models.
Network Security Architecture & Protection
- Design and implement secure enterprise network architecture.
- Enforce controls for: • Perimeter security (Next-Gen Firewalls).
- Intrusion Detection & Prevention Systems (IDS/IPS).
- Secure network segmentation and micro-segmentation.
- Protect against DDoS, lateral movement, and advanced persistent threats (APTs).
- Establish secure connectivity frameworks (VPN, ZTNA, SD-WAN security).
- Ensure secure integration across enterprise environments, partners, and third parties.
Cloud Security (Multi-Cloud & Hybrid)
- Lead security strategy across AWS, Azure, GCP, and private cloud environments.
- Implement: • Cloud Security Posture Management (CSPM).
- Cloud Workload Protection Platforms (CWPP).
- Cloud Infrastructure Entitlement Management (CIEM).
- Ensure secure cloud configurations, identity models, and access controls.
- Protect workloads across IaaS, PaaS, and SaaS environments.
- Drive compliance with cloud security frameworks (CIS, NIST, ISO, CSA).
Secure Cloud Architecture & DevSecOps Integration
- Embed security into cloud-native architectures and application deployment pipelines.
- Integrate security into CI/CD pipelines and DevSecOps practices.
- Enable automated security testing.
- Infrastructure as Code (IaC) scanning.
- Container image security scanning.
- Ensure secure Kubernetes and container environments.
- Promote shift-left security approach.
Zero Trust & Identity-Aware Networking
- Implement Zero Trust Network Access (ZTNA) frameworks.
- Enforce identity-based access control and authentication mechanisms.
- Ensure least privilege access across network and cloud environments.
- Integrate security with IAM and PAM systems.
- Enable continuous verification of users, devices, and workloads.
Automation & AI-Driven Security Controls
- Implement AI/ML-driven threat detection and prevention mechanisms.
- Drive automation in: • Threat detection and response.
- Policy enforcement.
- Configuration management.
- Reduce manual overhead through security orchestration and automation (SOAR).
- Enable real-time adaptive security controls.
Threat Prevention & Network Monitoring
- Establish continuous monitoring for: • Network traffic anomalies.
- Suspicious behavior patterns.
- Cloud activity logs.
- Integrate with SIEM/XDR platforms for centralized visibility.
- Improve detection of east-west and north-south traffic threats.
- Enable proactive threat intelligence integration.
Vulnerability Management Integration
- Collaborate with vulnerability management teams for: • Network infrastructure vulnerabilities.
- Cloud misconfigurations.
- Ensure timely remediation of critical security gaps.
- Reduce attack surface across network and cloud assets.
- Maintain continuous risk visibility.
Third-Party & Connectivity Security
- Secure third-party network connections and integrations.
- Define and enforce vendor access security policies.
- Ensure risk visibility across external connections and partner ecosystems.
DDOS protection
- Configure, optimize and maintain Anti-DDOS systems to protect against all types of DDOS attacks.
Operational Excellence & Service Resilience
- Ensure always-on availability of network and cloud security controls.
- Optimize performance of security tools and platforms.
- Drive standardization, automation, and process maturity.
- Establish resilient and scalable security architecture.
- Continuously improve based on threat intelligence and incident learnings.
Compliance, Risk & Governance
- Ensure adherence to: • Regulatory standards (GDPR, PCI-DSS, etc.).
- Internal security policies.
- Support risk assessments, audits, and regulatory reporting.
- Maintain compliance dashboards and metrics.
- Ensure alignment with enterprise risk management framework.
How to Apply
How to Apply. If you feel that you are up to the challenge and possess the necessary qualification and experience, kindly proceed to create/ update your candidate profile on the recruitment portal and then Click on the apply button. Remember to attach your resume.
Health and Safety
- Uphold the company code of conduct, policies and procedures, ensuring integrity and accountability in every aspect of your work.
- All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines and procedures in all actions and decisions.
Core competencies, knowledge and experience:
Business Competencies
- Strong ability to align security with business transformation and cloud adoption.
- Stakeholder collaboration across IT, DevOps, and business teams.
- Risk-based decision-making with business impact awareness.
Functional Competencies
- Deep expertise in: • Network security architecture.
- Cloud security frameworks and platforms.
- Hybrid infrastructure security models.
- Strong understanding of emerging threats in cloud and network domains.
- Experience with security transformation initiatives.
Technical Skills
- Zero Trust Architecture implementation.
- Networking technologies i.e. Firewalls, IPS, WAF, NAC.
- Container and Kubernetes security.
- Cloud technologies i.e. AWS, Azure, GCP.
Hands-on Experience:
Perimeter & Border Controls
- Next Generation Firewalls (NGFW).
- Web Application Firewalls (WAF).
- Bot Management & Account Takeover Protection (ATO).
- Intrusion Prevention Systems (IPS).
- DDoS Mitigation (Anti-DDoS).
- Network Detection and Response (NDR).
- Web & Email Security Gateways (WSG/ESG).
- API Security Gateways
Secure Access & Connectivity
- Virtual Private Networks (VPN).
- Network Access Control (NAC).
- Zero Trust Network Access (ZTNA).
- Secure Access Service Edge (SASE).
Cloud & Container Security
- Cloud Firewalls / Security Groups.
- Cloud Access Security Brokers (CASB).
- Cloud Security Posture Management (CSPM).
- Cloud-Native Application Protection Platforms (CNAPP).
- Cloud Workload Protection Platforms (CWPP).
- Container and Kubernetes Security.
Leadership Competencies
- Strong leadership in driving cross-functional initiatives.
- Ability to influence enterprise architecture decisions.
- Innovation mindset with focus on AI and automation adoption.
- Strong execution, delivery, and transformation leadership.
How well do you match?
Get an instant AI match score for this role — free, takes 3 minutes.
Tailor your CV for this role
The concierge rewrites your whole CV and writes a matching cover letter for this job — opens right here, nothing to paste.
Tailor My CV to This Job ✍️