Exceedingly Great Technologies
·
Harare, Zimbabwe
Security Engineer
Most Recent
Apr 2022 — Jul 2025
Led enterprise-wide security operations, threat detection, incident response, vulnerability management, and cloud security hardening while developing an attacker's mindset to anticipate and neutralise threats before exploitation.
35%
MTTD Reduction
45%
Critical CVEs Eliminated
98%
SLA Resolution Rate
-
Engineered threat detection logic across 1,000+ endpoints using Splunk SIEM, cutting mean time to detect (MTTD) by 35% through custom correlation rules and behavioral analytics mapped to MITRE ATT&CK TTPs.
-
Led vulnerability assessment and penetration testing exercises using Nessus and Nmap, mapping findings to CVSS attack vectors and eliminating 45% of critical CVEs within 30-day remediation cycles.
-
Conducted adversarial simulation and firewall rule-set analysis, stress-testing network perimeter defenses and identifying blind spots, reducing threat-blocking failures and cutting false positives by 30%.
-
Deployed and operated Microsoft Defender EDR/XDR, containing advanced threats including malware, ransomware precursors, and lateral movement activity, achieving 98% incident resolution within SLA.
-
Hardened AWS cloud environment by enforcing IAM least-privilege access, MFA, Security Groups, and CloudTrail logging, identifying and closing 40% of unauthorized access vectors before adversarial exploitation.
-
Spearheaded end-to-end incident response operations, triage, containment, and forensic root-cause analysis — successfully neutralising 50+ security incidents with zero business disruption.
-
Drove ISO 27001 and NIST CSF compliance by implementing technical controls and closing audit gaps, achieving 100% successful external audit outcomes across consecutive assessment cycles.
SplunkMITRE ATT&CKNessus
Microsoft DefenderAWS IAMNmap
ISO 27001NIST CSFIDS/IPS
Exceedingly Great Technologies
·
Harare, Zimbabwe
Junior Security Analyst
Feb 2021 — Mar 2022
Frontline SOC analyst responsible for monitoring, triaging, and investigating security events — developing the threat-hunting instincts and investigative methodology that underpin offensive security thinking.
1,200+
Daily Alerts Analysed
25%
False Positive Reduction
60%
Phishing Awareness Gain
-
Triaged and investigated 1,200+ daily SIEM alerts in Splunk, reducing false positives by 25% through improved detection tuning and behavioural pattern recognition.
-
Investigated and escalated an average of 15 potential incidents per week, ensuring timely containment of malware, phishing, and unauthorised access attempts.
-
Performed vulnerability assessments across 250+ endpoints and 10 servers, identifying and helping remediate 95% of critical vulnerabilities within SLA, with findings mapped to real-world attack vectors.
-
Executed targeted phishing simulation campaigns against 80+ staff members, analysing click rates and credential harvesting susceptibility, achieving a 60% improvement in phishing awareness scores.
-
Collaborated with network teams to enforce security controls including MFA rollout and password policy hardening, reducing account lockout incidents by 40%.
-
Documented forensic incident reports and root-cause analyses, improving team knowledge base and cutting average response time by 20%.
-
Produced weekly security metrics dashboards for management, visualising incident trends and control performance, driving data-informed security decisions across business units.
SplunkSIEMIncident Response
Vulnerability ScanningPhishing SimulationLog Analysis
Exceedingly Great Technologies
·
Harare, Zimbabwe
Junior Full-Stack Developer
Origin Story
Aug 2020 — Jan 2021
Where it all began. Full-stack development work that built a deep understanding of how systems are architected from the inside, the same knowledge that now makes identifying and exploiting application-layer vulnerabilities second nature.
10+
Backend Systems Optimised
2×
API Performance Gain
10+
Automations Deployed
-
Designed and developed REST and SOAP APIs integrated with payment processors, Google Maps, and social login services, gaining deep insight into API attack surfaces including authentication flaws and injection points.
-
Improved API execution performance 2× by migrating to Node.js, while analysing and resolving performance bottlenecks across 10+ existing backend systems.
-
Implemented security controls and data protection settings within full-stack applications, experience that directly informs understanding of application-layer vulnerabilities and secure-by-design principles.
-
Delivered in an Agile environment, contributing to sprint planning, code reviews, and cross-functional collaboration with design, QA, and product teams.
-
Assisted in deploying 10+ automated intelligent business systems, acquiring hands-on experience in how automation pipelines can be exploited or hardened.
Node.jsREST APIsSOAP
AgileSecurity HardeningJavaScript