Required: minimum requirements include:
Bachelor’s degree in Information Technology, Computer Science, Computer Engineering, similar technology degrees or 4+ years’ equivalent technology experience,
Demonstrable experience supporting high-risk users like journalists and activists.
2+ years experience in security engineering, or a similar role, with a strong focus on Endpoint Security for a diverse range of user devices and small-scale network environments.
Experience with security assessment tools and techniques, such as vulnerability scanners, penetration testing frameworks, and forensic analysis tools.
Familiarity with scripting languages for security automation (Python, Bash).
Deep knowledge of device operating systems (MacOS, Windows, Linux, Android, and iOS) and associated management and security tooling,
Passion for using technology to empower and protect civil society organisations,
Strong organisational skills and ability to manage multiple priorities and tasks, and deliver results within deadlines,
Proven ability to work and communicate with both technical and non-technical stakeholders.
Preferred: candidates who can demonstrate the following will have an advantage:
Master’s degree in Cybersecurity, Information Security, similar technology degrees or 3+ years’ equivalent experience,
Experience in one or more of the following domains is highly desirable: Network Security, Application Security, Cloud Security, and Cryptography,
Hold relevant security certifications such as eJPT, Sec+, CEH, CySA, OSCP, and OSCE.
Extensive knowledge of computing security issues and threat vectors in the African context, and
Experience working with non-profit organisations or in the development sector is a plus.
Language and Location Requirements:
Location: Nairobi, Kenya
Languages: English
Preferred but not required: Arabic, French, KiSwahili/Shen’g or any other major language spoken in Africa.
About the Role:
The successful candidates will join CfA’s Technology team. The Tech team is distributed across East/West Africa and benchmarks itself on similar civic technology initiatives elsewhere in the world that build digital democracy solutions.
As a Device Security Engineer, you will play a critical role in safeguarding CSOs, CBOs, partners and other stakeholders across the African continent. Reporting to the Digital Security Manager, you conduct thorough security assessments, detect and investigate potential compromises, and implement security best practices for a range of devices and operating systems. Your expertise will empower our partners to operate securely and confidently in an increasingly complex digital landscape.
This role offers a unique opportunity to blend your technical skills with a deep social impact. You will not only work with cutting-edge technologies but also collaborate with passionate individuals dedicated to making a real difference in the world.
Some of the projects that you may work with us on include:
Our first-line security tools: JigSaw (Outline, FeedShield) and BitWarden.
ANCIR tools/teams (Afrileaks, civicSIGNAL, ADDO)
Our knowledge and community outreach initiatives (academyAFRICA, and WanaDATA)
Our Data and ML platforms (connectedAFRICA, openAFRICA)
Responsibilities: Your daily tasks will include:
Conduct comprehensive security assessments of different devices, including but not limited to mobile, and end-user computing devices,
Detect signs of compromise (malware, rootkits, unauthorised access) and conduct forensic investigations,
Securely wipe/reset compromised devices and extract relevant forensic data,
Design and maintain secure device configurations, hardening and usage best practices,
Test devices, apps and software for potential vulnerabilities before deployment,
Develop and deliver training programs to educate CSOs and CBOs on device security best practices,
Stay abreast of emerging device security threats and vulnerabilities, and proactively implement countermeasures, and
Collaborate with the security team and other stakeholders to ensure the overall security of devices used by partner organisations.
