Cybersecurity Engineering Lead

CONTEXT 

Médecins Sans Frontières (MSF) is an international humanitarian organization that provides medical assistance in more than 60 countries. It supports people in distress, victims of natural or human-made disasters, and those affected by armed conflicts, without discrimination and regardless of religion, beliefs or political affiliation.

Within MSF, the OCB ICT unit delivers digital services to about 6,000 users in projects across roughly 40 countries, as well as around 500 users in Brussels. The ICT team provides a reliable, secure and fit for purpose digital environment that supports MSF operations. In this context, the Head of Cybersecurity defines the cybersecurity strategy, roadmap, policies and incident response approach for OCB and serves as the main focal point for cybersecurity.

As the Cybersecurity Engineering Lead, you design, implement and enhance security and privacy controls across on‑premise, cloud and application environments. In this role, you report to the Head of Cybersecurity and supervise two Mobile Implementation Officers (MIOs). You also provide technical support for compliance activities, audits, vulnerability remediation and third‑party security, ensuring that cybersecurity and compliance requirements are delivered consistently in line with MSF OCB standards.

You ensure that security controls and configurations are properly built, hardened and maintained over time. Your work strengthens MSF’s trustworthiness for patients, staff, donors and partners by establishing and sustaining robust, well‑evidenced security measures. You collaborate closely with key stakeholders, including the Cybersecurity Team, the Data Protection Officer, infrastructure and cloud teams, DevOps, staff in countries of operation, Data and Analytics, procurement and legal, to embed strong security and privacy controls across MSF’s technology landscape.

MAIN RESPONSIBILITIES 

Cybersecurity control implementation & hardening

• Implement and maintain technical security controls across MSF’s infrastructure and cloud (Azure AD / Entra ID, M365, Defender, Sentinel, firewalls, VPN, endpoint protection)
• Implement Zero Trust and secure-by-default principles, apply secure configuration baselines and hardening standards (servers, endpoints, cloud, identities) using applicable frameworks such as CIS and Microsoft baselines

Secure software delivery & privacy by design

• Work with relevant teams to embed security checks (such as SAST/DAST, dependency scanning, secrets management) into CI/CD workflows and support secure solution designs
• Implement and support technical measures for privacy-by-design and privacy-by-default (data minimisation, role-based access, encryption, logging and retention for personal data)
• Provide technical input to DPIAs and help implement privacy-related controls (e.g. retention policies, consent/preference handling, restricted debug logging) together with application owners and the DPO

Vulnerability remediation & testing

• Collaborate with the Information Security Operations Specialist and system owners to remediate vulnerabilities, focusing on structural fixes (baseline changes, configuration hardening, architectural improvements)
• Support planning and follow-up of penetration tests / red-team exercises and lead or assist in implementing remediation actions
• Provide the technical view of remediation progress and recurring weaknesses, and propose improvements to controls and baselines

Third-party / vendor technical security

• Perform technical security and risk due diligence on vendors and third parties during procurement and renewals (cloud services, SaaS, tools, MSPs).
• Review vendor security documentation, certifications and data-protection terms, identify gaps and recommend technical mitigations.
• Define and support implementation of technical requirements in contracts, SLAs, DPAs and SoWs (e.g. encryption, logging, incident notification, access control, patching, data location and retention).

Collaboration, Compliance, frameworks & incident support

• Coordinate the technical collection, consolidation and secure transfer of required logs and artefacts (SIEM, endpoints, network, cloud, applications)
• Support technical analysis during incidents or suspected data breaches (config checks, cloud/integration review)
• Maintain clear technical documentation (baselines, reference architectures, vendor assessments, privacy controls, remediation plans) to support operations and audits
• Stay current with emerging threats, tools and vendor capabilities in cloud, identity, application security, vulnerability management, privacy-enhancing technologies and third-party risk, and propose pragmatic improvements to MSF’s security posture

REQUIREMENTS 

Education & Experience

• Education: Master's Degree (or equivalent) in information security, Cybersecurity, Computer Science, Information Technology, Cybersecurity, or a related area of study

• Professional Certifications: Relevant certifications such as CEH, CISA, CISM, CISSP, CompTIA Security+, ISO/IEC 27001 (Lead Implementer/Auditor), GIAC, or equivalent

• Security Engineering Experience (Minimum 5 years): Proven hands-on experience designing, implementing, and operating technical security controls across identity, endpoint, network, cloud, and application environments.

• Microsoft Security Stack (Minimum 5 years): Practical experience securing Microsoft environments, including Entra ID/Azure AD, Microsoft 365, Defender suite, and Microsoft Sentinel

• Vulnerability & Monitoring Platforms (Minimum 5 years): Experience configuring and operating vulnerability management tools, SIEM/SOC platforms, firewalls, and related security technologies; managing remediation and follow-up

• Compliance & Assurance (Minimum 4 years): Experience supporting or leading audits and control implementation aligned to GDPR/Data Protection, ISO 27001 (ISMS), PCI DSS, and similar frameworks.

• Cloud Security: Familiarity with Microsoft Azure architecture and associated security controls and reference frameworks

• Data Protection Exposure: Experience implementing technical data protection controls (e.g., encryption, access control, logging, retention) is an advantage

Competencies 

• Identity & access management (IAM): Entra ID/Azure AD, Conditional Access, MFA, identity governance and privileged access (PIM/PAM)
• Endpoint security: EDR/AV management, disk encryption, device compliance policies, and endpoint hardening baselines
• Network & cloud security: Firewalls, VPN, WAF, NSGs, and Zero Trust network segmentation to limit lateral movement and exposure
• Secure-by-default configuration: Define and enforce secure baselines (session controls, hardening templates, secure admin access/management protocols, and default account governance)
• Vulnerability management & assurance: Configure scans, validate coverage, triage/prioritise findings, drive remediation plans, track closure, and manage penetration test follow-up
• Security frameworks & implementation guidance: Apply NIST CSF, CIS Controls, ISO/IEC 27001, PCI DSS, GDPR, and NIS2; leverage Microsoft Zero Trust and Microsoft Cybersecurity Reference Architectures for control design.
• Security automation: Use PowerShell/Python and IaC (Terraform/Bicep) with GitLab/GitHub Actions to deploy and maintain controls consistently at scale
• Application security & privacy engineering: Secure SDLC practices (OWASP Top 10, SAST/DAST, dependency scanning) and privacy-by-design measures (data minimisation, access control, encryption, logging and retention).
• Advanced knowledge of cybersecurity principles, frameworks, tools and best practices

Languages

• Proficiency in English, both spoken and written is mandatory
• Knowledge of French is an asset 

CONDITIONS

• Expected starting date: As soon as possible
• Location: Nairobi (Kenya) 
• Contract type: Open-ended contract – Full-time
• Mobility: Minimum 1 project visit per year
• The contractual terms, conditions and salary will be established according to the official residence of the selected candidate and in respect of MSF standard function and salary grids
• Adhere to the MSF principles and to our managerial values: Respect, Transparency, Integrity, Accountability, Trust and Empowerment
• Adhere to the MSF Behavioural Commitments

Deadline for applications: 14th of April 2026

How to apply?

• Submit your application via the 'Apply here' button 

• You will be directed to the online application form for this position 

• It should take 5-10 minutes to complete. Thank you in advance for having your CV and motivation letter including your professional certification(s) ready to upload (preferably in PDF format)

Only shortlisted candidates will be contacted.

MSF values diversity and is committed to creating an inclusive working environment. We welcome applications from all qualified candidates regardless of disability, gender identity, marital or civil partnership status, race, color or ethnic and national origins, religion or belief, or sexual orientation.

The protection of your personal data is important to MSF. By submitting your application, you consent to MSF using your personal data. For more information, consult our privacy notice to job applicants.