Cytonn Investments Management Job Vacancy 2018 for Application Security Engineer, Application Details

Cytonn Investments Management Job Vacancy 2018 for Application Security Engineer, Application Details

- Advertisements -
Cytonn Investments is an independent investments management firm, with offices in Nairobi – Kenya and D.C. Metro – U.S. We are primarily focused on offering alternative investment solutions to global and local institutional investors, individual high net-worth investors, and diaspora investors interested in the East-African region.


Our investments are in real estate and private equity. Real estate investments are made through our development affiliate, Cytonn Real Estate, where we currently have over Kshs. 82 billion (USD 820 mn) of projects under mandate across ten projects. In private equity, we invest in banking, insurance, education, hospitality and technology. Our financial services investments in Sub Saharan Africa are made through our Cytonn Financial Services Fund (CFSF) through which we are the 6th largest shareholder in NIC Bank in Kenya. Investments in education and hospitality are made through Cytonn Education Services and Cytonn Hospitality, respectively.

Cytonn Technologies (CT) is the Technology affiliate of Cytonn Investments, an alternative investments management firm with offices in Nairobi – Kenya and the D.C. Metro Area in the US. Cytonn Technologies is a respected technology solutions provider that offers innovative, differentiated and efficient technology products and support, web-based solutions and integrated business solutions.

To manage our growing Technology needs, the firm is inviting applications from talented Application Security Engineers to join its competitive team of engineers in Cytonn Technologies.

The successful candidate will have an opportunity to participate in our share ownership plan.


  • Perform static code analysis (SCA) on applications to identify vulnerabilities and report to software engineers for fixing
  • Set up and monitor applications for intrusion detection and protect applications against common vulnerabilities
  • Secure application infrastructure (servers and databases) against intrusion, ensuring they’re regularly patched against known vulnerabilities
  • Manage vulnerability reporting in all applications and systems, including open source software that the applications run on
  • Perform analysis of all security systems log files, review and keep track of triggered events, research current and future cyber threats, reconcile correlated cyber security events, develop and modify new and current cyber security correlation rule sets, and operate security equipment and technology
  • Perform software testing (patches, other updates)
  • Tracking and reporting vulnerabilities in server software by using tools such as CVE
  • Preparation of Weekly reporting of common vulnerabilities that affect our environment, as reported on various platforms (CVE etc.) and their mitigations
  • Ensuring that the Web infrastructure is monitored and actively protecting applications from common vectors
  • Monitoring servers for intrusion and performance
  • Ensuring all server software is updated and security patches applied regularly
  • Manage vulnerability reporting in all applications and systems, including open source software that the applications run on
  • Weekly tracking of all issues raised from penetration testing, vulnerability assessment and static/dynamic scans
  • Any other duties as may be assigned from time to time


  • Bachelor’s degree in Computer Science, Information Systems or specialized training/certification – minimum 2nd class upper division
  • Typically requires 1 or more year of related technical experience.
  • Experience in application security, preferably a software security role
  • Expertise with browser security controls (CSP, XFO, HSTS), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
  • Experience building tools and processes to reliably identify security issues such as SQL injection, XSS, CSRF, and business logic flaws across large code bases
  • Must be well versed in Cyber Security Tools, network topologies, intrusion detection, PKI, and secured networks
  • A grade of B+ and above in KCSE (or equivalent) with good grades in math and languages
  • Knowledge and/or experience with threat analysis and penetration testing methodologies and tooling
  • Previous experience in a development role, related to application development or DevOps
  • Knowledge of at least one programming language, web application technologies and frameworks is an added advantage
  • Knowledge of security issues affecting Internet-facing applications
  • Knowledge of cloud infrastructure and UNIX/Linux environments


Share this post with your Friends:

Previous article
Next article

Leave a Reply