Cybersecurity Engineering Lead

As the Cybersecurity Engineering Lead, you will design, implement, and enhance security and privacy controls across on-premise, cloud, and application environments. Reporting to the Head of Cybersecurity and supervising two Mobile Implementation Officers (MIOs), you will ensure that cybersecurity and compliance requirements are delivered consistently in line with MSF OCB standards. Your work establishes and sustains robust, well-evidenced security measures, strengthening MSF’s trustworthiness for patients, staff, donors, and partners. You will collaborate closely with key stakeholders, including the Data Protection Officer, infrastructure and cloud teams, DevOps, and legal teams to embed strong security and privacy controls across MSF’s technology landscape.\n\n### Key Responsibilities\n\n#### Cybersecurity Control Implementation & Hardening\n- Implement and maintain technical security controls across infrastructure and cloud (Azure AD / Entra ID, M365, Defender, Sentinel, firewalls, VPN, endpoint protection).\n- Implement Zero Trust and secure-by-default principles, applying secure configuration baselines and hardening standards (servers, endpoints, cloud, identities) using frameworks such as CIS and Microsoft baselines.\n\n#### Secure Software Delivery & Privacy by Design\n- Embed security checks (SAST/DAST, dependency scanning, secrets management) into CI/CD workflows and support secure solution designs.\n- Implement technical measures for privacy-by-design and privacy-by-default (data minimisation, role-based access, encryption, logging, and retention for personal data).\n- Provide technical input to DPIAs and implement privacy-related controls together with application owners and the DPO.\n\n#### Vulnerability Remediation & Testing\n- Collaborate with the Information Security Operations Specialist to remediate vulnerabilities through structural fixes, configuration hardening, and architectural improvements.\n- Support planning and follow-up of penetration tests / red-team exercises and lead remediation actions.\n- Provide technical views of remediation progress and propose improvements to controls and baselines.\n\n#### Third-Party / Vendor Technical Security\n- Perform technical security and risk due diligence on vendors and third parties (cloud services, SaaS, tools, MSPs) during procurement.\n- Review vendor security documentation, certifications, and data-protection terms to identify gaps and recommend technical mitigations.\n- Define and support implementation of technical requirements in contracts, SLAs, DPAs, and SoWs.\n\n#### Collaboration, Compliance & Incident Support\n- Coordinate the technical collection and secure transfer of required logs and artefacts (SIEM, endpoints, network, cloud, applications).\n- Support technical analysis during incidents or suspected data breaches.\n- Maintain clear technical documentation to support operations and audits.\n- Stay current with emerging threats and tools in cloud, identity, and application security to propose pragmatic improvements.\n\n### Requirements\n\n- Education: Master's Degree (or equivalent) in Information Security, Cybersecurity, Computer Science, or Information Technology.\n- Professional Certifications: Relevant certifications such as CEH, CISA, CISM, CISSP, CompTIA Security+, ISO/IEC 27001 (Lead Implementer/Auditor), GIAC, or equivalent.\n- Security Engineering Experience: Minimum 5 years of hands-on experience designing, implementing, and operating technical security controls.\n- Microsoft Security Stack: Minimum 5 years of practical experience securing Microsoft environments (Entra ID/Azure AD, M365, Defender suite, and Microsoft Sentinel).\n- Vulnerability & Monitoring Platforms: Minimum 5 years of experience configuring and operating vulnerability management tools, SIEM/SOC platforms, firewalls, and related security technologies.\n- Compliance & Assurance: Minimum 4 years of experience supporting or leading audits and control implementation aligned to GDPR/Data Protection, ISO 27001 (ISMS), PCI DSS, and similar frameworks.\n- Cloud Security: Familiarity with Microsoft Azure architecture and associated security controls and reference frameworks.\n\n### How to Apply\nInterested and qualified candidates should apply through the MSF recruitment portal by visiting the application link at https://www.myjobmag.co.ke/apply-now/1192481, which redirects to the official portal at www.msf-azg.be. Ensure you complete your profile and submit your application before the deadline on April 14, 2026.