Looking for a job

Andrew Keitany

@andrewkeitany

Message

DevOps + SOC + DevSecOps: 5+ yrs, cloud/k8s, SIEM/IDS, CI/CD security, 120+ pentests.

Kenya

Message

What I'm looking for

I seek a remote cybersecurity or DevSecOps role where I can apply penetration testing, cloud automation, and CI/CD security to build scalable, secure systems and mentor teams.

I am the unicorn that SOC teams, DevOps pipelines, and DevSecOps strategies all need – because I speak all three languages fluently. With over five years of hands‑on experience, I don't just shift security left; I embed it into the entire software lifecycle, from code commit to cloud runtime, and from SIEM alert to incident response.

As a SOC Analyst, I have deployed and operated production‑grade Wazuh SIEM/EDR, Suricata IDS, and custom detection rules – reducing mean time to detect by analysing 1,200+ security events monthly. I’ve built active response (iptables blocking), integrated threat intelligence feeds, and written playbooks that turn alerts into automated actions.

As a DevOps Engineer, I manage multi‑cloud infrastructure (AWS, Azure, GCP) with Terraform and Ansible, orchestrate Kubernetes clusters (EKS/GKE/AKS) with Helm, and harden CI/CD pipelines (GitHub Actions, Jenkins) with SAST/DAST gates. I’ve recovered databases from failed volumes, automated systemd restarts, and cut cloud waste with Lambda stop/start routines.

As a DevSecOps practitioner, I don't just test for vulnerabilities – I teach the pipeline to reject them. I’ve integrated OWASP ZAP, GitHub code scanning, and Trivy into every pull request. I’ve conducted 120+ penetration tests on web apps, APIs, and LLM integrations, and I write reports that developers actually want to read.

Experience

Work history, roles, and key accomplishments

Current

Cyber Security and DevOps Engineer

Current

Vitafluence.ai

Aug 2024 - Present (1 year 10 months)

Conducted 45+ web app penetration tests and monitored 1,200+ monthly security events, integrated SAST/DAST into CI/CD to prevent vulnerabilities reaching production, and authored incident response playbooks.
Kubernetes cluster management: Deployed and managed production-grade clusters on AWS EKS and GCP GKE – configured node groups, auto‑scaling, and IAM roles.

Penetration Testing SAST DAST Incident Response Python Docker Cloud Security Kubernetes Terraform Ansible SIEM Platforms SIEM SOAR Platforms

Full Stack Developer

Lakeatts Solutions

May 2023 - Jul 2024 (1 year 2 months)

Delivered 6 full-stack web applications using Spring Boot and modern JavaScript, implemented auth controls and containerized deployments with Docker, and developed integrations to automate tax compliance processes.

Spring Boot JavaScript Authentication Docker API Design PostgreSQL CI CD

Bug Bounty Researcher

Bugcrowd

Nov 2021 - Apr 2023 (1 year 5 months)

Performed 75+ freelance penetration tests via Bugcrowd, discovered high-impact XSS, SQLi and auth bypasses, and produced PoC reports with remediation guidance to improve client security.

Burp suite Nmap Vulnerability Research XSS)SQL Injection Reporting XSS

Software Programmer

Aphicons Solutions Limited

Jul 2018 - Mar 2021 (2 years 8 months)

Designed a real-time school bus tracking solution and built a JSP-based POS system, enhanced a hospital management system with new modules, and integrated PostgreSQL to improve data integrity and performance.

Java JSP JavaScript PostgreSQL OpenStreetMap Real Time Systems System Integration Backend Development