Principal Cyber Defense Center Analyst

Reporting to the Senior Manager – Cyber Defense, Safaricom is seeking an experienced and proactive Level 2 Cyber Security Analyst to join our Corporate Security Division. In this role, you   serve as the critical escalation point for incidents initially handled by Level 1 Analysts. You will drive in-depth investigations, conduct comprehensive forensics, and lead the optimization of our security operations. A key focus of this position is the management and enhancement of our log management, detection engineering, SIEM, and SOAR infrastructures to ensure robust, proactive defense against emerging threats. 

 

Key Responsibilities 

Incident Investigation & Escalation: 

• Handle escalated security incidents from Level 1 analysts. 

• Conduct thorough host and network forensics, and perform log analysis to identify the root cause of security incidents. 

• Determine attack vectors, exploitation methods, and techniques used to bypass security controls. 

Log Management & Detection Engineering: 

• Oversee the management and optimization of log data collection and analysis. 

• Develop and refine detection engineering strategies to improve threat identification. 

• Manage and maintain SIEM and SOAR infrastructures, ensuring efficient processing and correlation of security events. 

• Collaborate with engineering teams to implement and enhance security monitoring use cases. 

Threat Detection & Response: 

• Carry out proactive threat hunting activities and utilize threat intelligence to stay ahead of potential risks. 

• Develop and enhance incident response playbooks to ensure effective threat mitigation. 

• Participate in purple team exercises to test and strengthen our security defenses. 

Collaboration & Knowledge Transfer: 

• Mentor and provide training to Level 1 analysts and other technical teams. 

• Liaise with remediation teams to ensure timely resolution and clear communication of security incidents. 

• Document findings and processes to continuously improve security operations. 

Operational Excellence & Continuous Improvement: 

• Optimize internal processes and security tooling to improve overall operational efficiency. 

• Ensure continuous monitoring and rapid response to security alerts in a 24/7 operational environment. 

• Contribute to leadership KPIs by driving proactive threat management and security process enhancements. 

Qualifications & Requirements 

Experience: 

• 5-8 years of experience in a Cyber Security Operations role, preferably within a high-profile enterprise environment. 

Technical Proficiency: 

• Expert-level knowledge and hands-on experience with SIEM, SOAR, EDR, email protection, case management systems, and other security tools. 

• Proficient in conducting digital forensics and comprehensive log analysis using advanced tools. 

• Strong familiarity with cybersecurity technologies including IDS/IPS/HIPS, advanced anti-malware solutions, firewalls, proxies, and managed security services. 

Log Management & Detection Engineering: 

• Proven experience in managing log management systems and developing detection engineering strategies. 

• Expertise in managing SIEM and SOAR infrastructures to support advanced threat detection and response. 

Cloud & Platform Expertise: 

• Solid understanding and experience with cloud platforms (AWS, Azure, Google Cloud). 

• In-depth knowledge of operating systems including Windows, Linux, UNIX, and other enterprise platforms. 

Networking & Scripting: 

• Proficient in common network protocols (TCP/IP, UDP, DNS, DHCP, IPSEC, HTTP) and network protocol analysis tools. 

• Functional experience with scripting/programming (e.g., Python, PowerShell) to develop and refine security solutions. 

Standards & Compliance: 

• Familiarity with key security frameworks and standards such as OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, and NIST standards. 

Soft Skills: 

• Strong analytical and problem-solving skills. 

• Excellent communication and presentation abilities. 

• A proactive, curious mindset with a passion for cybersecurity. 

• Ability to work effectively under pressure in a dynamic, 24/7 operational environment. 

Why Join Safaricom? 

Impact: Play a pivotal role in safeguarding one of Africa’s most prominent brands. 

Growth: Enhance your career through continuous learning, mentorship, and the opportunity to lead advanced security initiatives. 

Innovation: Work with cutting-edge cybersecurity technologies and contribute directly to the evolution of our security infrastructure. 

Culture: Join a collaborative and dynamic environment where your expertise makes a real difference. 

If you’re a dedicated cybersecurity professional ready to drive advanced security operations and optimize key infrastructures like SIEM and SOAR, we encourage you to apply today! Kindly proceed to update your candidate profile on the recruitment portal and then Click on the apply button. Remember to attach your resume.

-

We are the leading telecommunication company in East Africa. Our purpose is to transform lives by connecting people to people, people to opportunities and people to information. We keep over 42 million customers connected and play a critical role in the society, supporting over one million jobs both directly and indirectly while our total economic value was estimated at KES 362 Billion ($ 3.2 billion) for the 12 months through March 2021. We are listed on the Nairobi Securities Exchange (NSE) and with annual revenues of close to KES 298 Billion ($2.5 billion) as at March 2022. We were founded in 1997 as a fully owned subsidiary of Telkom Kenya before a 40 percent acquisition by Vodafone Group PLC in May 2000, and a public offering of 25 percent shares through the NSE in 2008. Under the management of Vodafone Group PLC, we welcomed Michael Joseph, as our first CEO, a few months later in July of 2000. He led the company’s growth to accommodate 16.71 million subscribers from the previous 20,000, largely owing to innovative products like M-PESA in 2007.