CYBER SECURITY/QUALITY ASSURANCE ENGINEER

JOB TITLE:CYBER SECURITY/QUALITY ASSURANCE ENGINEER

NATURE OF JOB: FULL TIME

INDUSTRY:INFORMATION TECHNOLOGY SERVICES

SALARY:ATTRACTIVE

JOB LOCATION:NAIROBI

DUTIES AND RESPONSIBILITIES

Vulnerability Assessment & Penetration Testing

• Perform regular vulnerability assessments on web applications, APIs, and infrastructure components using both automated tools and manual testing techniques.
• Conduct penetration testing (pen-testing) to identify security gaps and weaknesses, simulating real-world attack scenarios.
• Analyze test results to prioritize vulnerabilities based on risk impact and likelihood.
• Prepare detailed reports and communicate findings to development and management teams, along with actionable remediation steps.
• Collaborate with IT and development teams to verify fixes and retest vulnerabilities post-remediation.

Security Testing Integration & Automation

• Lead the integration of Static Application Security Testing (SAST) tools (e.g., SonarQube, Checkmarx) and Dynamic Application Security Testing (DAST) tools (e.g., OWASP ZAP, Burp Suite) into CI/CD pipelines.
• Develop and maintain automated security test scripts and frameworks to ensure continuous security validation during the software delivery process.
• Work closely with DevOps teams to embed security checkpoints that enforce compliance with security policies and coding standards.
• Monitor security testing outputs to detect regression or introduction of new vulnerabilities during product releases.

Quality Assurance &  Compliance

• Design and implement comprehensive automated QA test cases covering functional, regression, and security aspects.
• Establish and enforce quality standards and best practices throughout the SDLC with a focus on secure coding and compliance.
• Continuously evaluate and improve QA processes to increase test coverage, reduce manual efforts, and improve product quality.
• Track and report on QA and security KPIs, such as defect density, vulnerability counts, remediation times, and compliance rates.

Risk Analysis & Incident Handling

• Perform risk assessments related to new features, third-party components, or changes to infrastructure.
• Participate in incident response activities related to software vulnerabilities or breaches, assisting in root cause analysis and post-mortem reporting.
• Provide security recommendations to mitigate risks early in the development lifecycle.
• Collaborate with security operations and governance teams to align on risk management and compliance strategies.

Collaboration & Training

• Work closely with developers, product owners, and system architects to embed security and quality into the design and development phases.
• Mentor junior QA engineers and security analysts on security testing methodologies and tools.
• Conduct training sessions or workshops to raise awareness on secure coding practices, vulnerability management, and compliance requirements.
• Stay updated with the latest security threats, vulnerabilities, and QA tools/techniques, sharing knowledge across the team.

Documentation & Reporting

• Maintain detailed documentation of testing procedures, security policies, compliance checklists, and remediation workflows.
• Prepare periodic security and quality assurance reports for management and audit purposes.
• Document lessons learned from security incidents, testing failures, and audits to continuously improve processes.

KEY REQUIREMENT SKILLS AND QUALIFICATION

• MBA degree preferred, with a focus on Information Security, Technology Management, or related field
• Minimum 5 years of relevant experience in cybersecurity and/or quality assurance roles
• Proven experience in vulnerability assessment and penetration testing
• Hands-on experience with security certifications such as CompTIA Security+ or CSSLP (Certified Secure Software Lifecycle Professional)
• Experience integrating SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools into development pipelines.
• Familiarity with automated testing frameworks, CI/CD tools, and compliance automation
• Strong understanding of secure software development lifecycle (SDLC) practices.
• Knowledge of regulatory frameworks and compliance standards relevant to the industry