Open to opportunities

Kefa Cheruiyot

@kefacheruiyot

Message

Offensive Security Engineer skilled in penetration testing, threat hunting, and vulnerability assessments.

Kenya

Message

What I'm looking for

I seek roles where I can lead incident response and security audits, mentor teams, implement proactive defenses, and grow in a collaborative, compliance-focused environment.

I am an Offensive Security Engineer with hands-on experience conducting vulnerability assessments, penetration testing (VA/PT), threat hunting, incident response, and cyber risk analysis within highly regulated banking and enterprise environments.

Currently working as an Offensive Security Engineer at Serianu Ltd., I perform comprehensive security assessments across applications, infrastructure, networks, and cloud environments using tools such as Burp Suite, Nessus, OpenVAS, Nikto, Metasploit, Nmap, Splunk, Microsoft Sentinel, IBM QRadar, ELK Stack, Wireshark, and Fortinet solutions.

My expertise includes:

• Web application penetration testing

• Network security assessments

• Vulnerability management

• Threat hunting and OSINT investigations

• Security monitoring and incident response

• Security auditing and compliance assessments

• Risk analysis and remediation planning

• Security awareness and cyber resilience training

Previously at the Kenya Revenue Authority (KRA) and Kenya Women Microfinance Bank (KWFT), I contributed to enterprise cybersecurity operations by leading real-time threat detection, forensic investigations, compliance monitoring, incident handling, security audits, and secure infrastructure assessments aligned with ISO/IEC 27001, NIST, and CBK cybersecurity frameworks.

I have practical experience working with SIEM, SOAR, EDR, firewall technologies, and threat intelligence platforms, helping organizations strengthen cyber resilience against evolving threats.

Beyond operations, I also mentor students and professionals in cybersecurity, secure coding, Python, JavaScript, AI, and machine learning while promoting offensive security practices and secure application development.

Certifications include:

• CompTIA Security+

• Certified Ethical Hacker (CEH)

• Cisco CyberOps Associate

• Cisco DevNet Associate

• CCNA

• Linux Essentials

• PRINCE2 Foundation & Practitioner

I am passionate about offensive security engineering, adversarial testing, emerging attack techniques, and building proactive cyber defense strategies that help organizations stay ahead of modern threats.

Experience

Work history, roles, and key accomplishments

Current

Offensive Security Engineer

Current

Serianu Ltd

Oct 2025 - Present (7 months)

Performed comprehensive vulnerability assessments and penetration testing across systems, applications, and networks for regulated entities, documenting findings with risks, exploitation methods, and remediation recommendations. Supported threat hunting, OSINT-driven intelligence gathering, incident response collaboration, and compliance-aligned validation of VA/PT results.

Burp suite Vulnerability Assessment OpenVas Penetration Testing Nessus Nikto Metasploit OSINT Threat Hunting Incident Response Vulnerability Assessments Burp Suite OpenVAS

Current

System Audit Officer

Current

Kenya Women Microfinance Bank

May 2024 - Present (2 years)

Conduct regular IT system security audits, perform risk assessments and incident response, and ensure compliance with standards such as ISO/IEC 27001 while documenting findings and advising internal teams on remediation.

Security Auditing Risk Assessment Incident Response ISO 27001)Audit Reporting Security Documents Security Awareness ISO 27001

Current

Senior Coding Instructor

Current

Codingal

Mar 2021 - Present (5 years 2 months)

Deliver programming and secure-coding instruction in Python, JavaScript, Java, PHP and web technologies, mentoring students and integrating cybersecurity labs that improve secure development skills and career readiness.

Cybersecurity Lab Python JavaScript Java Secure Coding Web Development Cybersecurity Labs Mentorship

Cyber Security Analyst

Kenya Revenue Authority

Nov 2022 - Dec 2023 (1 year 1 month)

Monitored security tooling and led incident detection and response using SIEM and forensic tools, conducted vulnerability assessments and threat intelligence activities, and contributed to security policy and playbook development.

Splunk ELK Nessus OpenVas Wireshark Threat Intelligence Incident Response Forensics

IT Support Intern

Kenya Revenue Authority

Jan 2022 - Mar 2022 (2 months)

Supported ICT operations by maintaining hardware and software, logging and resolving incidents, assisting with data protection compliance and updating knowledge-base documentation.

Hardware Incident Management Data Protection Knowledge Base Troubleshooting

IT Support Intern

Kerio Valley Development Authority

May 2019 - Aug 2019 (3 months)

Provided technical support and maintenance for workstations, printers and IP phones, installed and maintained CCTV systems, and assisted with basic web/WordPress configuration.

IT Support WordPress Networking Technical Support