Domiciled within the KCB Group Cybersecurity Intelligence Security Operations Centre (CISOC), this role is responsible for daily operational management of the Security Operations Centre (SOC) encompassing the following areas: shift administration; SLA compliance; CISOC Analyst guidance and supervision; alert tracking; metric reporting; and cybersecurity incident investigation and resolution. Moreover, the jobholder is involved in coordinating incident response and managing the response thereto as part of the Bank’s Cyber Security Incident Response and Recovery Team (CSIRTT). The Cybersecurity Specialist, SOC Operations and Incident Management will further provide support during cyber incidents and investigations, and actively participate in threat hunting activities.
One key objective of this position is to ensure smooth and seamless working of the SOC, aligning the monitoring and engineering efforts longitudinally and obliquely between tiers and shifts. A second key intent is to guarantee that the Bank can rapidly identify and effectively respond to cyber occurrences with minimal to no adverse impact on its compliance requirements, customer confidence, data, good reputation, information systems, technological infrastructure, or other tangible or intangible assets.
Key Responsibilities:
- Ensure the faultless running of the SOC, picking up items handed over from shift to shift and between tiers, following up on their successful conclusion
- Track and warrant adherence to set SLAs for different categories of alerts/incidents
- Report on key SOC metrics such as Mean Time To Detect (MTTD), Mean Time To Respond (MTTR), Mean Time To Contain (MTTC), False Positive Rate (FPR), and Incident Escalation Rate (IER)
- Guide the analysis of security alerts and potential cybersecurity incidents to identify true security breaches.
- Create procedures, run books, high- and low-level documentation, processes and develop staff to respond to cybersecurity incidents more effectively.
- Investigate security breaches and make informed decisions towards containment, and recommendations for corrective action.
- Apply expertise in both endpoint and network analysis to ascertain the impact of an attack and develop threat trends and mitigation techniques and countermeasures that can prevent future attacks.
- Coordinate the analytic and investigative efforts of the Cyber Security Incident Response and Recovery Team (CSIRRT) along with any Technology incident response team as required during a critical cyber occurrence.
- Work closely with the Cybersecurity Specialist, Threat Hunting to track emerging and realised threats including, but not limited to, mapping command-and-control infrastructure, investigating phishing campaigns, unearthing weaponised file/document techniques and patterns, and passing unearthed detection indicators to the wider CISOC and incident management teams.
- Implement security improvements by assessing the current situation, evaluating trends, and anticipating requirements.
The Person
For the above position, the successful applicant should have the following:
- Bachelor's Degree in BSc. Information Technology / Computer Science / Telecommunications / Engineering or related
- At least one cybersecurity certification in the list: Certified SOC Analyst (CSA), Certified Incident Handler (E|CIH), GIAC Certified Intrusion Analyst (GCIA),GIAC Certified Incident Handler (GCIH),GIAC Certified Forensic Analyst (GCFA),Certified Information Systems Auditor (CISA),Certified Information Systems Security Professional (CISSP),Certified Information Security Manager (CISM),Security+, Any SIEM certification, Any other relevant information security/cybersecurity certification.
- Professional qualifications in any will be added advantage: MBA / MSc Cybersecurity / Information Systems Security / IT Security / IT
- At least 5 years’ experience in Technology is Required.
- At least 2 years' experience in information security/cybersecurity
- At least 1 year experience in Security Operations Centre/security monitoring operations.
- At least 1 year experience in security monitoring tools administration or usage (SIEM, EDR, NDR, DAM, WAF, etc.) and/or incident response and management.
- At least 1 year experience in the Financial Services Industry.
- At least 2 years’ experience in a complex technological environment.
The above position is a demanding role for which the Bank will provide a competitive remuneration package to the successful candidate. If you believe you can clearly demonstrate your abilities to meet the criteria given above, please log in to our Recruitment portal and submit your application with a detailed CV.
To be considered your application must be received by Friday 13th September 2024
Qualified candidates with disability are encouraged to apply.
Only short-listed candidates will be contacted.
