Vulnerability Management Specialist

The Vulnerability Management Specialist will be responsible for assessing the security posture of existing and new technology systems, platforms and processes, to protect and continually improve the confidentiality, integrity & availability of information systems, in accordance with KCB Group’s business objectives, regulatory requirements, and strategic goals. In addition, he/she is responsible for maintaining a vulnerability management framework for the Group by conducting Vulnerability Assessment & Penetration Testing (VAPT) exercises, recommending appropriate controls, managing VAPT solutions and maintaining a risk register.

Key Responsibilities:

• Design, implement and support VAPT solutions and a framework identified as necessary for the protection of KCB Group information assets.
• Serve as the system owner for and administer common VAPT toolsets, platforms, and processes, as well as serve as a Subject Matter Expert (SME) for the VAPT role for all VAPT exercises executed internally or by contracted vendors.
• Perform vulnerability assessment and penetration testing on the Bank’s infrastructure and systems to ensure that they are secure from external or internal intrusion attempts thus reducing the risk of successful intrusions against KCB group.
• Provide technical VAPT related support to projects from inception through to successful implementation in a bid to ensure compliance to technical security policies and standards.
• Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the Senior Manager, Security Monitoring & Response.
• Provide assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles.
• Maintain a Vulnerability Scoring System that captures the qualitative representation of the assessment reports to help KCB Group properly assess and prioritize its vulnerability management process.
• Assess the sufficiency of policies, standards and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture.
• Perform continuous vulnerability monitoring in the KCB group environment and report compliance failures to management for immediate remediation.
• Define, create, and deliver status reports and relevant metrics to Senior Management.
• Provide input into technology security risk control self-assessments by leveraging specialized knowledge in VAPT.

The Person:

• A Bachelor's degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or Electronic) or related field from a recognized university.
• Must possess at least one professional certification such as CEH (Certified Ethical Hacker), LPT (Licensed Penetration Tester Master), OSCP (Offensive Security Certified Professional), CompTIA PenTest+, CMWAPT (Certified Mobile & Web Application Penetration Tester).
• A minimum of 5 years’ supervisory experience in Information Technology; with at least:
  • 3 years’ experience in Information Security.
  • 2 years’ experience in Vulnerability Assessments/ Penetration Testing.
• Good knowledge of Banking/ Financial Services Operations
• Excellent planning and organizing skills
• Excellent problem analysis and attention to detail.

To be considered your application must be received by Tuesday, 26^th May, 2020.

Only short listed candidates will be contacted.

NB: In the event that you are successful, we will require that you provide us with the following documents:

• National I.D.
• KRA Pin Card
• Birth Certificate of self
• Passport Photo (White Background)
• NSSF Card
• NHIF Card
• Certificate of Good Conduct (less than 5 Months old)
• Academic and Professional certificates, including official transcripts