Andrew Keitany Korir

Cybersecurity and DevOps Engineer

Passionate about securing digital infrastructure and streamlining development workflows. Specialized in web application penetration testing, cloud security, and CI/CD pipeline optimization.

Andrew Korir - Cybersecurity Professional

Professional Summary

Driven Cybersecurity Analyst and DevOps Engineer with 5+ years of experience securing web applications, automating cloud infrastructure, and enhancing system resilience through penetration testing and SOC monitoring. Improved security posture by conducting over 120 penetration tests, monitoring more than 1,200 monthly security events, and integrating security gates into CI/CD pipelines to prevent vulnerabilities from reaching production. Demonstrated expertise in Python scripting, AWS, Azure, SIEM tools, Docker, Terraform, and Ansible, with a proven ability to balance secure development and defense operations. Authored technical security publications and contributed to vulnerability research that strengthened industry practices. Looking to transfer these skills into a remote cybersecurity or DevSecOps role to help organizations build secure and scalable systems.

Certifications Showcase

Certifications

API Penetration Testing - APISEC Elearn Junior Penetration Tester(EJPT) - Elearn Security INE Certified Cloud Associate - INE Security Blue Team Junior Analyst - Security Blue Team External Pentest Playbook - TCM Security Linux Privilege Escalation for Beginners - TCM Security Open Source Intelligence (OSINT) Fundamentals - TCM Security Practical Ethical Hacking - TCM Security Windows Privilege Escalation for Beginners - TCM Security Practical Network Penetration Tester (PNPT) ONGOING - TCM Security

Skills Showcase

Cybersecurity

Penetration Testing Web, API and Application Security Vulnerability Assessment Security Auditing Incident Response SOC Monitoring SIEM Management Threat Management Cloud Security DevSecOps Integration

DevOps & Cloud

CI/CD Pipelines AWS Cloud Docker Deployment Terraform Automation Infrastructure as Code Monitoring & Logging Ansible Automation Microsoft Azure Google Cloud Platform Monitoring & Logging

Development

Python Scripting JavaScript Development API Development Database Management Version Control (Git) Unit Testing Django Framework PostgreSQL Java Development Kit Object Relational Mapping

Security Tools

Burp Suite Nmap Metasploit Wireshark SIEM Tools Nessus Owasp ZAP Windows Enumeration Tools Linux Enumeration Tools Project Discovery Tools

Experience Timeline

August 2024 - Present

Cybersecurity and DevOps Engineer - Vitafluence.ai

Conducted 45+ web application penetration tests aligned with OWASP WSTG/MSTG standards, identifying and documenting critical vulnerabilities to strengthen overall security posture.

May 2023 - July 2024

Fullstack Developer - Lakeatts Solutions

Delivered 6 full-stack web applications using Springboot for backend services and modern JavaScript frameworks for frontend interfaces, improving system reliability and user experience

November 2021 - April 2023

Security Researcher - Bugcrowd

Conducted 75+ freelance penetration tests across diverse client systems, identifying high-impact vulnerabilities and strengthening security posture through responsible disclosure.

July 2018 - March 2021

Software Programmer - Aphicons Solutions Limited

Designed and deployed a real-time school bus tracking solution using OpenStreetMap API and custom JavaScript logic, providing administrators with live operational data and giving parents greater visibility into student transport.

July 2017 - September 2017

IT Intern - Eagle Africa Insurance Brokers Ltd

Assisted in the implementation and configuration of a company-wide Virtual Desktop Infrastructure (VDI), enhancing centralized management and security

Project Highlights

Self Hosted Passbolt Application

Passbolt, your own password management solution. You can ensure that your organization's passwords are securely managed without relying on third-party cloud services

GDPR Compliant by Design End-to-end encryption for maximum security Team collaboration with secure sharing Complete data control Browser extension for easy access

Self Hosted Wazuh SIEM and XDR

Wazuh, Your security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. Offering comprehensive security monitoring, intrusion detection, and log analysis capabilities.

File integrity monitory Intrusion Detection and prevention Compliance Monitoring (GDPR, HIPAA, PCI DSS) Cloud Security Monitoring Log data analysis and correlation

Real-time Mapping Solution

Developed a comprehensive real-time mapping solution with advanced geospatial capabilities. Integrated multiple data sources and implemented robust security measures to protect location-based data.

JavaScript Java Server Pages and Java Android OpenStreetMaps Firebase Google Map API

High-Performance POS System

Architected and developed a scalable Point of Sale system handling high transaction volumes. Implemented advanced security features including encryption, secure payment processing, and fraud detection.

Spring Framework Javascript PostgreSQL Springboot Mpesa API
Browse and Verify Certifications

Education

Bachelor of Business Information and Technology

Taita Taveta University

Comprehensive education in business technology, information systems, and digital innovation with a focus on cybersecurity and enterprise solutions.

Contact Information

Email

andrewkorir08@gmail.com

LinkedIn

Andrew Keitany

Phone

+254707981971

Location

Nairobi, Kenya