The Group Information Security (GIS) department is responsible for the first-line protection of the confidentiality, integrity, and availability of the Bank's information systems, data, and technological infrastructure.
The role holder will be responsible for monitoring and analysing KCB Group’s cybersecurity posture while administering Security Information and Event Management (SIEM), Database Activity Management (DAM), and other IT security monitoring systems for log management, security monitoring, threat detection, and information security incident response.
- Monitoring internal and external cybersecurity threats, examining logs, events, and alerts generated by multiple platforms for anomalous activity, evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of the integrity or confidentiality of KCB Bank Group’s information technology systems and information assets.
- Performing precise real-time analysis and correlation of logs/alerts from a multitude of log sources/devices with a focus on determining whether the events constitute security incidents.
- Creating procedures, run books, and other high-level and low-level documentation for configuring, deploying, and managing SIEM and its components within the Bank. This includes improving the current state of the SIEM and Security Operations Centre (SOC) and implementing a roadmap to achieve SIEM / SOC maturity.
- Interfacing with Managed Security Service Providers (MSSPs), other vendors, and internal teams to follow up on alerts and tickets raised, ensuring their satisfactory resolution and closure.
- Researching on and providing technical security expertise about advanced persistent threats affecting the banking industry from various threat feeds and threat intelligence platforms. Updates will be reported to senior management.
- Designing, implementing, and tuning security system monitoring tools.
- Collaborating with Technology SMEs to create pertinent use cases and incident alerts within the Bank’s security monitoring tools.
- Providing technical security support to projects in a bid to ensure that security logging and incident management are built into the applications as opposed to the more expensive process of adding these security features following an incident or to a system that is already in production.
- Appropriately and practically defending the information enterprise in accordance with established policies, procedures, guidelines and practices.
- Staying abreast of the latest trends in hacking techniques and malicious software, especially those targeting the financial services industry, and adjusting the Bank’s security monitoring approach accordingly to thwart the same.
- Bachelor's degree in Information Technology/ Computer Science/ Telecommunications/ Engineering (Electrical, Electronic) or related.
- At least one certification from the following:
- Certified SOC Analyst (CSA.
- Certified Incident Handler (E|CIH).
- Certified Threat Intelligence Analyst (CTIA).
- Certified Information Systems Auditor (CISA).
- Certified Information Systems Security Professional (CISSP).
- Certified Information Security Manager (CISM).
- Any vendor specific SIEM certification (Splunk, QRadar, LogRhythm, ArcSight, AlienVault, etc.)
- 5 years progressive working experience in Information Technology with at least 3 years in Information Security and 2 years Security Information and Events Management (SIEM) Operations.
- Strong interpersonal and communication skills.
The above position is demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday, 9th July 2021.
Qualified candidates with disability are encouraged to apply.
Only short-listed candidates will be contacted.