Senior Security Specialist Penetration Tester Vacancy 2026
Senior Security Specialist Penetration Tester Vacancy 2026
Job Purpose:
To plan, execute, and oversee security testing activities across web and mobile applications, APIs, and external and internal networks, using recognized methodologies and industry best practices.
Main Responsibilities:
- Participate in the planning, implementation, and continuous improvement of security monitoring and detection capabilities across all systems and environments.
- Threat-model target systems and design test cases that simulate realistic adversary techniques to expose high-impact security gaps.
- Validate, reproduce, and safely exploit discovered vulnerabilities in the bank’s environment to produce verifiable proof-of-concept (PoC) evidence, while ensuring no adverse business impact.
- Analyze test results and produce clear, prioritized remediation recommendations mapped to business risk and technical severity.
- Present findings to cross-functional delivery teams and senior stakeholders, agree on remediation plans, track progress, and verify effective implementation.
- Develop, maintain and safely operate a toolkit of penetration-testing utilities, custom scripts and automated checks to improve coverage and repeatability.
- Create comprehensive, high-quality technical reports and executive summaries tailored for both technical teams and management.
- Provide security input during system design, development and procurement activities to ensure secure-by-design controls and reduce rework.
- Coordinate and support third-party and regulatory security testing activities, acting as the bank’s technical point of contact and ensuring scope, evidence and reporting meet requirements.
- Work collaboratively with system vendors and internal engineering teams to validate fixes, perform re-tests, and harden deployed systems.
- Keep up to date with emerging threats, vulnerability research and attack techniques, propose and lead improvements to the bank’s testing approach and security posture.
Knowledge and Skills:
- Knowledge of the security testing landscape.
- Knowledge of security of various operating system flavors such as Windows, Linux, and Unix.
- Understanding of the security mechanisms associated with Applications, Operating Systems, Networks, Databases, and Cloud technologies.
- Knowledge of common information security testing frameworks and methodologies.
- Understanding of network security architecture.
- In-depth knowledge of threat/attack modeling and design review.
- Scripting skills in at least one scripting language including Python, PowerShell or Bash.
- Pen-testing skills in applications and infrastructure domains.
- Good interpersonal, written, and oral communication skills in English and Swahili.
- Demonstrable honesty, integrity, and credibility; ability to engender the trust and confidence of internal constituency and external partners.
Qualifications and Experience:
- Bachelor’s Degree in Cyber Security, Computer Science, Information Systems or related field.
- Relevant certifications including CPTS, OSCP is an added advantage
- At least 4 years of relevant work experience in Cybersecurity.
- Experience in software/web development and/or source code review in Python, C/C, C#, Java, VB .NET, ASP.NET, PHP, NodeJS.
- Hands-on experience in Linux and Windows environment.
- Active participant in ‘Capture The Flag’ (CTF) events, HackTheBox, TryHackMe or similar.
Job opening date : 13-Mar-2026
Job closing date : 27-Mar-2026
