Principal Engineer – Network & Cloud Security Job Safaricom
Reporting to the Senior Manager, Cyber Prevent, the Principal Engineer – Network & Cloud Security is responsible for leading the design, implementation, and continuous enhancement of network and cloud security capabilities across the enterprise.This role ensures the establishment of converged, AI-enabled, always-on security controls that protect enterprise networks, hybrid infrastructures, and multi-cloud environments from evolving cyber threats.
The position focuses on proactively reducing cyber risk exposure by enforcing secure architecture, Zero Trust principles, automated security controls, and cloud-native protection mechanisms.The role plays a critical part in enabling frictionless yet robust security, ensuring business agility while maintaining high levels of protection for digital platforms, connectivity, and workloads.
Responsibilities
Health and Safety
- Uphold the company code of conduct, policies and procedures, ensuring integrity and accountability in every aspect of your work.
- All employees have a responsibility to adhere to safety, health, and wellbeing policies, guidelines and procedures in all actions and decisions.
Network & Cloud Security Strategy
- Define and execute a comprehensive network and cloud security strategy.
- Align strategy with enterprise Cyber Prevent roadmap and risk posture.
- Establish security architecture standards for on-premise, hybrid, and multi-cloud environments.
- Drive Zero Trust Architecture (ZTA) adoption across network and cloud ecosystems.
- Lead transformation toward software-defined and cloud-native security models.
Network Security Architecture & Protection
- Design and implement secure enterprise network architecture.
Enforce controls for: - Perimeter security (Next-Gen Firewalls).
- Intrusion Detection & Prevention Systems (IDS/IPS).
- Secure network segmentation and micro-segmentation.
- Protect against DDoS, lateral movement, and advanced persistent threats (APTs).
- Establish secure connectivity frameworks (VPN, ZTNA, SD-WAN security).
- Ensure secure integration across enterprise environments, partners, and third parties.
Cloud Security (Multi-Cloud & Hybrid)
- Lead security strategy across AWS, Azure, GCP, and private cloud environments.
Implement: - Cloud Security Posture Management (CSPM).
- Cloud Workload Protection Platforms (CWPP).
- Cloud Infrastructure Entitlement Management (CIEM).
- Ensure secure cloud configurations, identity models, and access controls.
- Protect workloads across IaaS, PaaS, and SaaS environments.
- Drive compliance with cloud security frameworks (CIS, NIST, ISO, CSA).
Secure Cloud Architecture & DevSecOps Integration
- Embed security into cloud-native architectures and application deployment pipelines.
- Integrate security into CI/CD pipelines and DevSecOps practices.
- Enable automated security testing.
- Infrastructure as Code (IaC) scanning.
- Container image security scanning.
- Ensure secure Kubernetes and container environments.
- Promote shift-left security approach.
Leadership Competencies
- Strong leadership in driving cross-functional initiatives.
- Ability to influence enterprise architecture decisions.
- Innovation mindset with focus on AI and automation adoption.
- Strong execution, delivery, and transformation leadership.
Zero Trust & Identity-Aware Networking
- Implement Zero Trust Network Access (ZTNA) frameworks.
- Enforce identity-based access control and authentication mechanisms.
- Ensure least privilege access across network and cloud environments.
- Integrate security with IAM and PAM systems.
- Enable continuous verification of users, devices, and workloads.
Automation & AI-Driven Security Controls
Implement AI/ML-driven threat detection and prevention mechanisms.
- Drive automation in:
- Threat detection and response.
- Policy enforcement.
- Configuration management.
- Reduce manual overhead through security orchestration and automation (SOAR).
- Enable real-time adaptive security controls.
Threat Prevention & Network Monitoring
Establish continuous monitoring for:
- Network traffic anomalies.
- Suspicious behavior patterns.
- Cloud activity logs.
- Integrate with SIEM/XDR platforms for centralized visibility.
- Improve detection of east-west and north-south traffic threats.
- Enable proactive threat intelligence integration.
Vulnerability Management Integration
Collaborate with vulnerability management teams for:
- Network infrastructure vulnerabilities.
- Cloud misconfigurations.
- Ensure timely remediation of critical security gaps.
- Reduce attack surface across network and cloud assets.
- Maintain continuous risk visibility.
Third-Party & Connectivity Security
- Secure third-party network connections and integrations.
- Define and enforce vendor access security policies.
- Ensure risk visibility across external connections and partner ecosystems.
DDOS protection
- Configure, optimize and maintain Anti-DDOS systems to protect against all types of DDOS attacks.
Operational Excellence & Service Resilience
- Ensure always-on availability of network and cloud security controls.
- Optimize performance of security tools and platforms.
- Drive standardization, automation, and process maturity.
- Establish resilient and scalable security architecture.
- Continuously improve based on threat intelligence and incident learnings.
Compliance, Risk & Governance
Ensure adherence to:
- Regulatory standards (GDPR, PCI-DSS, etc.).
- Internal security policies.
- Support risk assessments, audits, and regulatory reporting.
- Maintain compliance dashboards and metrics.
- Ensure alignment with enterprise risk management framework.
Core competencies, knowledge and experience:
Business Competencies
- Strong ability to align security with business transformation and cloud adoption.
- Stakeholder collaboration across IT, DevOps, and business teams.
- Risk-based decision-making with business impact awareness.
Functional Competencies
- Deep expertise in:
- Network security architecture.
- Cloud security frameworks and platforms.
- Hybrid infrastructure security models.
- Strong understanding of emerging threats in cloud and network domains.
Technical Skills
- Zero Trust Architecture implementation.
- Networking technologies i.e. Firewalls, IPS, WAF, NAC.
- Container and Kubernetes security.
- Cloud technologies i.e. AWS, Azure, GCP.
Hands-on Experience:
Perimeter & Border Controls
- Next Generation Firewalls (NGFW).
- Web Application Firewalls (WAF).
- Bot Management & Account Takeover Protection (ATO).
- Intrusion Prevention Systems (IPS).
- DDoS Mitigation (Anti-DDoS).
- Network Detection and Response (NDR).
- Web & Email Security Gateways (WSG/ESG).
- API Security Gateways
Secure Access & Connectivity
- Virtual Private Networks (VPN).
- Network Access Control (NAC).
- Zero Trust Network Access (ZTNA).
- Secure Access Service Edge (SASE).
Cloud & Container Security
- Cloud Firewalls / Security Groups.
- Cloud Access Security Brokers (CASB).
- Cloud Security Posture Management (CSPM).
- Cloud-Native Application Protection Platforms (CNAPP).
- Cloud Workload Protection Platforms (CWPP).
- Container and Kubernetes Security.
Qualifications
- Bachelor’s degree in Cyber Security, IT, Engineering, or related field
- 5-10+ years of experience in network and/or cloud security
- Proven experience in enterprise-scale cloud security and network protection
- Certifications (preferred):
- CISSP, CCSP, CISM
- AWS/Azure/GCP Security Certifications
- Cisco / Network Security certifications
How to Apply
🚨 Before You Apply for This Job…Need Help With Your CV?
This job will attract 1000+ applicants.
Many qualified professionals miss out on getting shortlisted and interviews — not because they lack experience, but because their CV doesn’t clearly show how they fit this specific job.
🎯 Want to get an interview fast? Customize your CV specifically for this job.
Using the same CV for every application will not get you interviews.
Email your CV today to our Client Service Manager, Rose, using cvwriting@corporatestaffing.co.ke
Subject: CV Review & Upgrade.
Rose and our recruiters will review your CV and show you exactly how to improve it for the job you are targeting.
Using an A.I-generated CV but not getting interviews? Click here & get it reviewed by our recruiters.

