Do you want to champion the digital safety and resilience of changemakers across the African continent?

Code for Africa (CfA) has an immediate vacancy for a  full-time Device Security Engineer in Nairobi, Kenya, to join our civic technology lab (TechLab) to help build digital tools that strengthen our democracy and empower citizens.

The TechLab spearheads the design, development and maintenance of all digital services and infrastructure for CfA, and its external human rights defending partner organisations.

Candidates should possess a strong background in endpoint security, with demonstrable experience in conducting security assessments, investigating compromises, and implementing hardening measures across various devices and operating systems. Ideally, you have a deep understanding of the threat landscape in Africa and experience working with non-profit organisations or in the development sector. Candidates must be fluent in English, and candidates who are fluent in an additional international language, such as French or Arabic, or at least one local language from their country of residence will have an advantage.

The successful candidates will work as part of a multinational and multilingual team using digital collaboration tools to create content for a global audience and international media partners.

Required: minimum requirements include:

  • Bachelor’s degree in Information Technology, Computer Science, Computer Engineering, similar technology degrees or 4+ years’ equivalent technology experience,
  • Demonstrable experience supporting high-risk users like journalists and activists.
  • 2+ years experience in security engineering, or a similar role, with a strong focus on Endpoint Security for a diverse range of user devices and small-scale network environments.
  • Experience with security assessment tools and techniques, such as vulnerability scanners, penetration testing frameworks, and forensic analysis tools.
  • Familiarity with scripting languages for security automation (Python, Bash).
  • Deep knowledge of device operating systems (MacOS, Windows, Linux, Android, and iOS) and associated management and security tooling,
  • Passion for using technology to empower and protect civil society organisations,
  • Strong organisational skills and ability to manage multiple priorities and tasks, and deliver results within deadlines, 
  • Proven ability to work and communicate with both technical and non-technical stakeholders. 

Preferred: candidates who can demonstrate the following will have an advantage:

  • Master’s degree in Cybersecurity, Information Security, similar technology degrees or 3+ years’ equivalent experience,
  • Experience in one or more of the following domains is highly desirable: Network Security, Application Security, Cloud Security, and Cryptography,
  • Hold relevant security certifications such as eJPT, Sec+, CEH, CySA, OSCP, and OSCE.
  • Extensive knowledge of computing security issues and threat vectors in the African context, and
  • Experience working with non-profit organisations or in the development sector is a plus.

Language and Location Requirements:

  • Location: Nairobi, Kenya
  • Languages: English
  • Preferred but not required: Arabic, French, KiSwahili/Shen’g or any other major language spoken in Africa.

About the Role:

The successful candidates will join CfA’s Technology team. The Tech team is distributed across East/West Africa and benchmarks itself on similar civic technology initiatives elsewhere in the world that build digital democracy solutions.

As a Device Security Engineer, you will play a critical role in safeguarding CSOs, CBOs, partners and other stakeholders across the African continent. Reporting to the Digital Security Manager, you conduct thorough security assessments, detect and investigate potential compromises, and implement security best practices for a range of devices and operating systems. Your expertise will empower our partners to operate securely and confidently in an increasingly complex digital landscape.

This role offers a unique opportunity to blend your technical skills with a deep social impact. You will not only work with cutting-edge technologies but also collaborate with passionate individuals dedicated to making a real difference in the world. 

Some of the projects that you may work with us on include: 

  1. Our first-line security tools: JigSaw (Outline, FeedShield) and BitWarden.
  2. ANCIR tools/teams (Afrileaks, civicSIGNAL, ADDO)
  3. Our knowledge and community outreach initiatives (academyAFRICA, and WanaDATA)
  4. Our Data and ML platforms (connectedAFRICA, openAFRICA)

Responsibilities: Your daily tasks will include:

  1. Conduct comprehensive security assessments of different devices, including but not limited to mobile, and end-user computing devices,
  2. Detect signs of compromise (malware, rootkits, unauthorised access) and conduct forensic investigations,
  3. Securely wipe/reset compromised devices and extract relevant forensic data,
  4. Design and maintain secure device configurations, hardening and usage best practices,
  5. Test devices, apps and software for potential vulnerabilities before deployment,
  6. Develop and deliver training programs to educate CSOs and CBOs on device security best practices,
  7. Stay abreast of emerging device security threats and vulnerabilities, and proactively implement countermeasures, and
  8. Collaborate with the security team and other stakeholders to ensure the overall security of devices used by partner organisations.

What We Offer:

  • A competitive salary, subject to experience, with opportunities for performance-based growth, both in terms of career path and public stature.
  • Medical insurance cover, underwritten by a remote-first provider to ensure cover wherever you are
  • A dynamic workplace, with a transnational team, occasional international travel, and generous vacation benefits.
  • Ongoing opportunities to learn new cutting-edge skills and techniques/technologies to future-proof yourself in a rapidly evolving industry.
  • A chance to shine on a global stage, writing for international audiences and interacting with colleagues around the world.

How to apply:

Please fill in this form by June 30 2024

About Us:

Code for Africa (CfA) is the continent’s largest network of indigenous African civic technology and investigative data journalism laboratories, with over 100 staff in 21 countries, who build digital democracy solutions that are intended to give citizens unfettered access to actionable information that empowers them to make informed decisions and that strengthen civic engagement for improved public governance and accountability.

This includes building infrastructure such as the continent’s largest open data portal, open.AFRICA, and largest open source civic software portal, commons.AFRICA, as well as the largest repository of investigative document-based evidence, source.AFRICA, as well as incubating initiatives as diverse as the africanDRONE network that gives citizens their own ‘eyes in the sky’, the PesaCheck fact-checking initiative in 12 African countries, and the sensors.AFRICA remote-sensing citizen science initiative to combat air/water pollution.

CfA also incubates the African Network of Centres for Investigative Reporting (ANCIR), as an association of the continent’s best investigative newsrooms, ranging from large traditional mainstream media to smaller specialist units. ANCIR member newsrooms investigate crooked politicians, organised crime and big business. The iLAB is ANCIR’s in-house digital forensic unit, with teams in east, south and west Africa. ANCIR uses its resources to strengthen newsrooms’ own internal capacity, by providing access to the world’s best whistleblower encryption and investigative semantic analysis technologies, as well as skills development, and seed grants for cross-border collaboration.

At CfA, we don’t just accept differences – we celebrate it, we support it, and we thrive on it for the benefit of our employees, our products and our community. CfA is proud to be an equal opportunity workplace and is an affirmative action employer. If you have a disability or special need that requires accommodation, please let us know. 

To all recruitment agencies: CfA does not accept agency resumes. Please do not forward resumes to our employment application line, CfA employees or any other CfA contact. CfA is not responsible for any fees related to unsolicited resumes.