Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016.

KEY RESPONSIBILITIES:

• Conduct regular penetration tests and vulnerability assessments on networks, web applications, and other critical infrastructure.
• Develop, implement, and manage penetration testing schedules to identify, classify, report, and prioritize remediation of security vulnerabilities across the Group resulting in timely and effective security assessments.
• Use a variety of tools and techniques to simulate attacks on systems and uncover vulnerabilities.
• Develop and deliver reports on the status and effectiveness of the security testing program to internal leadership and all relevant stakeholders.
• Perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks, and recommendations.
• Provide technical VAPT related support to projects in a bid to ensure compliance to technical security policies and standards. Execute penetration testing projects using the established methodology, tools, and rules of engagements.
• Develop, research, and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption.
• Cross-Functional Collaboration with other teams and departments to enable effective defence-in-depth controls through Red Team, Purple Team and Blue Team exercises.
• Emulate advanced threat actors by planning, executing, and analysing complex attack scenarios. Help develop and refine tactics, techniques, and procedures (TTPs) used by adversaries.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

Academic & Professional

• Education     Bachelor’s Degree    B.Sc. Information Technology / Computer Science / Cybersecurity / Engineering (Electrical, Electronic) or related field    RQ

Professional Qualifications    

• Cybersecurity certification in either CISA/ CISM/ CISSP/ Security+ /
• Cybersecurity certification in either CEH/CPT/CRT/GPEN/OSCP/ OSWA/OSWE/ LPT/ PenTest+/ ECSA/ CHFI/ or a relevant equivalent certification/Certified Red Team Expert (CRTE)/Certified Red Team Operator (CRTO)/ Bug Bounty Researcher (ICBBR)/ Certified Information Systems Security Tester (CISST)/PECB ISO/IEC 27001 Lead Auditor/
• AT least one RQ or equivalent
• Penetration Testing / Cybersecurity Assurance Certification   /Cisco Cyberops Associate & Professional or any relevant equivalent certification    AA
• Master’s Degree    MBA / MSc     AA

Experience

• Five years Total Minimum No of Years of Experience Required

Detail    Minimum No of Years    Need Type[5]

• Experience in Cybersecurity    3    ES
• Experience in Penetration Testing and Ethical hacking    3    ES
• Experience in Offensive Security and Red Teaming    2    ES
• Experience in System/ Network/ Database/ Containerization and Cloud Platform Administration    2    DE
• Experience with penetration testing frameworks and tools, such as Kali Linux, The Penetration Testers Framework, Metasploit, Canvas, Cobalt Strike, Burp Suite Pro, Nexpose, Nessus, Wireshark, Nmap    2    DE
• Experience in code review    2    ES