The role of Cybersecurity Specialist, Content and Detection Engineering resides within KCB Group’s Cybersecurity Intelligence Security Operations Centre (CISOC). The primary focus of this position is managing and enhancing the underlying systems, inputs, and data that support security monitoring and cyber threat detection capabilities as well as creating and optimising detection logic to identify malicious or suspicious activity in the bank’s information systems and networks. In so doing, the jobholder is tasked with the responsibility of extracting maximal value from the bank’s cybersecurity, security monitoring, and cyber threat detection platforms. The ideal candidate shall work closely with monitoring analysts, incident responders, threat hunters, threat intelligence experts, purple teams, and the Technical Security domain specialists to improve detection coverage and reduce risk. This role plays a pivotal part in enabling proactive threat detection and minimizing dwell time by translating threat intelligence and attack techniques into actionable detections within the organization’s security platforms.
Key Responsibilities:
- Implement, operate, and maintain cyber threat detection tools and capabilities. This includes applying patches and updates to the CISOC toolkit.
- Ensure full security monitoring coverage of the bank’s technological ecosystem – both on premise and in Cloud – by working with system owners to enroll their systems to Security Information and Event Management (SIEM), Database Activity Monitoring (DAM), Network Detection and Response (NDR), and other CISOC platforms
- Perform threat modelling exercises to characterise real-world cyber risk scenarios. Develop and implement use cases to detect these cyber threats.
- Design and execute processes to continuously seek and receive feedback from the frontline Security Monitoring Analysts, Cybersecurity Specialist, Threat Hunting and Intelligence, and other important stakeholders about the efficacy and efficiency of detection logic. Use said input to devise, finetune, amend, test, and iterate use cases. Formulate metrics to track the same.
- Act as the cybersecurity logging and monitoring Subject Matter Expert (SME) in support of the bank’s IT projects. Provide thought leadership by setting forth Job Description Document 2 requirements and ensuring adherence to Minimum Security Baselines (MSBs) on log composition and structure. Work with project teams to validate the same. Onboard systems to SIEM and DAM and craft relevant use cases as key prerequisites to project approval.
- Curate and sustain the CISOC’s library of living, detailed use case documentation
- Ensure that daily and weekly system checks for issues such as log source dormancy and system bottlenecks, and biannual OEM health checks are carried out for the CISOC toolkit (SIEM, DAM, NDR, and any other CISOC tools). Pursue automation of repetitive, manual tasks.
- Conceive and create frameworks, guides, manuals, Minimum Security Baselines (MSBs), and Standard Operating Procedures (SOPs) relating to log source onboarding, use case creation and maintenance, CISOC systems administration, and all other facets of SOC Engineering. Ensure the same are approved, applied, and followed through consistently.
- Evaluate the suitability of the CISOC toolkit. Research and propose new technology acquisitions to improve the CISOC’s overall detection proficiencies
- Participate in the analysis and remediation efforts of cybersecurity incident response and apply the learnings therefrom towards improving the bank’s threat detection competencies.
The Person
For the above position, the successful applicant should have the following:-
- BSc. Information Technology, Computer Science, Telecommunications, Electrical and Electronics Engineering, or related (Required).
- MSc in Cybersecurity, Information Systems Security, IT Security, IT, or related is and added advantage.
- Professional qualification/certification in OSCP: Offensive Security Certified Professional, CEH: Certified Ethical Hacker,CISA:Certified Information Systems Auditor, CISM: Certified Information Security Manager , CISSP: Certified Information Systems Security Professional,SSCP: Systems Security Certified Practitioner, CompTIA Security+, CSX-F: Cyber Security Fundamentals, SSCP: Systems Security Certified Practitioner, CISA: Certified Information Systems Auditor, Certified in Cybersecurity, CISM: Certified Information Systems Manager, CISSP: Certified Information Systems Security Professional, CCNA: Cisco Certified CyberOps Associate, CCNA: Cisco Certified CyberOps Professional, CompTIA Security+ (Plus), CRISC: Certified in Risk and Information System Control, Microsoft Azure Security, ECSA: EC-Council Certified Security Analyst (At least one is required)
- 5 years Progressive experience in Information Technology (Essential).
- 3 years’ experience in Information Security/Cybersecurity (Essential)
- 2 years’ experience in Security Operations Centre/security monitoring (Essential).
- 2 years’ experience in cybersecurity tool administration (DAM, EDR, NDR, SIEM, SOAR, WAF, XDR, etc.) or Content/Detection/Security/SOC Engineering (Essential).
- 1 year experience in Financial Services Industry (Desired).
- 2 years’ experience in a complex technological environment (Desired).
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday,5th December 2025.
Qualified candidates with a disability are encouraged to apply.
Only short-listed candidates will be contacted.
