Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan

KEY RESPONSIBILITIES:

• Ensure the faultless running of the SOC, picking up items handed over from shift to shift and between tiers, following up on their successful conclusion
• Track and warrant adherence to set SLAs for different categories of alerts/incidents
• Report on key SOC metrics such as Mean Time To Detect (MTTD), Mean Time To Respond (MTTR), Mean Time To Contain (MTTC), False Positive Rate (FPR), and Incident Escalation Rate (IER)
• Guide the analysis of security alerts and potential cybersecurity incidents to identify true security breaches.
• Create procedures, run books, high- and low-level documentation, processes and develop staff to respond to cybersecurity incidents more effectively.
• Investigate security breaches and make informed decisions towards containment, and recommendations for corrective action.
• Apply expertise in both endpoint and network analysis to ascertain the impact of an attack and develop threat trends and mitigation techniques and countermeasures that can prevent future attacks.
• Coordinate the analytic and investigative efforts of the Cyber Security Incident Response and Recovery Team (CSIRRT) along with any Technology incident response team as required during a critical cyber occurrence.
• Work closely with the Cybersecurity Specialist, Threat Hunting to track emerging and realised threats including, but not limited to, mapping command-and-control infrastructure, investigating phishing campaigns, unearthing weaponised file/document techniques and patterns, and passing unearthed detection indicators to the wider CISOC and incident management teams.
• Implement security improvements by assessing the current situation, evaluating trends, and anticipating requirements.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

Academic & Professional

• Education     Bachelor’s Degree    BSc. Information Technology / Computer Science / Telecommunications / Engineering or related    RQ
• Professional Qualifications (Minimum 1 of the listed certificates for RQ)
• Certified SOC Analyst (CSA)
• Certified Incident Handler (E|CIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Security+
• Any SIEM certification
• Any other relevant information security/cybersecurity certification
• Several are AA
• Master’s degree    MBA / MSc Cybersecurity / Information Systems Security / IT Security / IT    AA

Experience

Total Minimum Number of Years of IT Experience Required 

• 5 years

DetailMinimum No of YearsNeed Type[5]

• Experience in information security/cybersecurity    2    ES
• Experience in Security Operations Centre/security monitoring operations    1    ES
• Experience in security monitoring tools administration or usage (SIEM, EDR, NDR, DAM, WAF, etc.) and/or incident response and management    1    ES
• Experience in the Financial Services Industry    1    DE
• Experience in a complex technological environment    2    DE