Internship - Application Security Engineer

Cytonn Asset Managers Limited (CAML) is seeking a talented Application Security Engineer to join our Cytonn Technologies team. You’ll play a vital role in securing our applications and infrastructure, contributing to superior risk-adjusted investment returns for our clients. This is a unique opportunity to participate in our share ownership plan and grow your career within a dynamic and innovative firm.

Cytonn Asset Managers Limited (CAML), is the regulated affiliate of Cytonn Investments Management Plc, and is licensed as a Fund Manager by the Capital Markets Authority and the Retirement Benefits Authority. The company is also a licensed Real Estate Investment Trust (REIT) Manager under the Capital Markets Authority. Our objective is to offer superior risk-adjusted investment returns to our clients through investments in both the public and alternative investments markets.

Cytonn Investments Management Plc (CIMP), is an alternative investment manager, with real estate development capability, and a primary focus on private equity and real estate investments in the high growth Kenyan Region. CIMP has presence in East Africa, Finland and the US.

CAML & CIM investors include global and local institutional investors, individual local investors, and diaspora investors.

To manage our growing Technology needs, the firm is inviting applications from talented Application Security Engineers to join its competitive team of engineers in Cytonn Technologies.

The successful candidate will have an opportunity to participate in our share ownership plan.

Responsibilities

1. Perform static code analysis (SCA) on applications to identify vulnerabilities and report to software engineers for fixing
2. Set up and monitor applications for intrusion detection and protect applications against common vulnerabilities
3. Secure application infrastructure (servers and databases) against intrusion, ensuring they’re regularly patched against known vulnerabilities
4. Manage vulnerability reporting in all applications and systems, including open source software that the applications run on
5. Perform analysis of all security systems log files, review and keep track of triggered events, research current and future cyber threats, reconcile correlated cyber security events, develop and modify new and current cyber security correlation rule sets, and operate security equipment and technology
6. Perform software testing (patches, other updates)
7. Tracking and reporting vulnerabilities in server software by using tools such as CVE
8. Preparation of Weekly reporting of common vulnerabilities that affect our environment, as reported on various platforms (CVE etc.) and their mitigations
9. Ensuring that the Web infrastructure is monitored and actively protecting applications from common vectors
10. Monitoring servers for intrusion and performance
11. Ensuring all server software is updated and security patches applied regularly
12. Manage vulnerability reporting in all applications and systems, including open source software that the applications run on
13. Weekly tracking of all issues raised from penetration testing, vulnerability assessment and static/dynamic scans
14. Any other duties as may be assigned from time to time

Requirements

1. Bachelor’s degree in Computer Science, Information Systems or specialized training/certification
2. Experience in application security, preferably a software security role
3. Expertise with browser security controls (CSP, XFO, HSTS), web application security topics such as OWASP Top 10, and authentication infrastructure (SAML, OAUTH)
4. Experience building tools and processes to reliably identify security issues such as SQL injection, XSS, CSRF, and business logic flaws across large code bases
5. Must be familiar with Cyber Security Tools, network topologies, intrusion detection, PKI, and secured networks
6. A grade of B+ and above in KCSE (or equivalent) with good grades in math and languages
7. Knowledge and/or experience with threat analysis and penetration testing methodologies and tooling
8. Knowledge of at least one programming language, web application technologies and frameworks is an added advantage
9. Knowledge of security issues affecting Internet-facing applications
10. Knowledge of cloud infrastructure and UNIX/Linux environments