Apollo Group (Apollo Investments Limited)was an idea born from the need to harness synergies across the insurance business. Built on commitment, integrity and innovation, it has risen to be one of the leading financial groups in East Africa. Apollo Investments Limited (AIL) includes APA Insurance (Kenya and Uganda). It underwrites General Insurance risks ...

Responsibilities or duties

• Designs and implements IAM solutions and systems
• Deploy and manage security tools including SIEM, IDS/IPS, EDR, and vulnerability management platforms
• Develop and maintain security baselines, hardening standards, and configuration guidelines
• Monitor security events and investigate potential incidents
• Perform security code reviews and application security assessments
• Maintain compliance with security frameworks (ISO 27001, SOC 2, NIST, etc.)
• Support internal and external security audits
• Develop and update security policies, procedures, and documentation
• Perform threat hunting activities to proactively identify security risks
• Conduct regular vulnerability assessments and penetration testing
• Implements security policies and best practices
• Provides deep technical expertise and leadership for resolving incidents
• Leads access certifications and audits
• Proactively addresses security issues to prevent audit findings and privilege gaps

Qualifications or requirements (e.g., education, skills)

ACADEMIC QUALIFICATIONS

Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field.

JOB SKILLS AND REQUIREMENTS

• Knowledge of common security challenges, such as data privacy, compliance, access control, encryption, and incident response
• Experience in network security, such as firewalls or VPNs
• Knowledge of encryption techniques, such as symmetric, asymmetric, hashing, etc. and how they should be applied to infrastructure
• Ability to design, implement and run monitoring and alerting platforms, to track and troubleshoot the security, performance and health of infrastructure components
• Vulnerability & Threat management, incident response, Governance, Risk & Compliance
• Conversant with GDPR, Kenya Data Protection Act, ISO 27001, NIST, HIPAA
• Experience with containerization and Kubernetes security
• Familiarity with DevSecOps practices and CI/CD security
• Knowledge of threat intelligence platforms and MITRE ATT&CK framework
• Background in security automation and orchestration (SOAR)

PROFESSIONAL QUALIFICATIONS

Relevant security certifications (CISSP, CISM, CEH, GIAC, OSCP, or similar)

Experience needed

8–10 years’ relevant experience

• Designs and implements IAM solutions and systems
• Deploy and manage security tools including SIEM, IDS/IPS, EDR, and vulnerability management platforms
• Develop and maintain security baselines, hardening standards, and configuration guidelines
• Monitor security events and investigate potential incidents
• Perform security code reviews and application security assessments
• Maintain compliance with security frameworks (ISO 27001, SOC 2, NIST, etc.)
• Support internal and external security audits
• Develop and update security policies, procedures, and documentation
• Perform threat hunting activities to proactively identify security risks
• Conduct regular vulnerability assessments and penetration testing
• Implements security policies and best practices
• Provides deep technical expertise and leadership for resolving incidents
• Leads access certifications and audits
• Proactively addresses security issues to prevent audit findings and privilege gaps

• Knowledge of common security challenges, such as data privacy, compliance, access control, encryption, and incident response
• Experience in network security, such as firewalls or VPNs
• Knowledge of encryption techniques, such as symmetric, asymmetric, hashing, etc. and how they should be applied to infrastructure
• Ability to design, implement and run monitoring and alerting platforms, to track and troubleshoot the security, performance and health of infrastructure components
• Vulnerability & Threat management, incident response, Governance, Risk & Compliance
• Conversant with GDPR, Kenya Data Protection Act, ISO 27001, NIST, HIPAA
• Experience with containerization and Kubernetes security
• Familiarity with DevSecOps practices and CI/CD security
• Knowledge of threat intelligence platforms and MITRE ATT&CK framework
• Background in security automation and orchestration (SOAR)

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity or related field.
• Relevant security certifications (CISSP, CISM, CEH, GIAC, OSCP, or similar)