Cyber Security Specialist - Incident Report at KCB Bank Kenya

The Position: 

The Cybersecurity Specialist, Incident Response is responsible for investigating security incidents as part of the Bank’s Cyber Security Incident Response Team (CSIRT) that may negatively impact the Bank, its customers, or partners (including hacking attempts, intrusions, malware infestations, mishandling of data/information, and other security threats). The Cybersecurity Specialist, Incident Response will further provide support during cyber incidents and investigations, and actively participate in threat hunting activities. The objective of this position is to ensure that the Bank can rapidly identify and effectively respond to cyber occurrences with minimal to no adverse impact on its data, information systems, technological infrastructure, reputation, customer confidence, or other tangible or intangible assets.

Key Responsibilities:

• Appropriately and practically defend the information enterprise in accordance with established policies, procedures, guidelines, and practices.
• Analyse security alerts and potential cybersecurity incidents to identify true security breaches.
• Create procedures, run books, high- and low-level documentation, processes and develop staff to respond to cybersecurity incidents more effectively.
• Investigate security breaches and make informed decisions towards containment, and recommendations for corrective action.
• Apply expertise in both endpoint and network analysis to ascertain the impact of an attack and develop threat trends and mitigation techniques and countermeasures that can prevent future attacks.
• Coordinate the analytic and investigative efforts of the Cyber Security Incident Response and Recovery Team (CSIRRT) along with any Technology incident response team as required during a critical cyber occurrence.
• Track emerging and realised threats including, but not limited to, mapping command-and-control infrastructure, investigating phishing campaigns, unearthing weaponised file/document techniques and patterns, as well as passing detection opportunities to the Cybersecurity Intelligence and Security Operations Centre (CISOC) and incident management teams.
• Research and provide technical security expertise on advanced persistent threats (APTs) affecting the financial services industry to senior management.
• Implement security improvements by assessing the current situation, evaluating trends, and anticipating requirements.
• Employ leading cybersecurity frameworks (like MITRE adversarial tactics, techniques, and common knowledge, National Institute of Standards and Technology Cybersecurity Framework, ISO 27001) to identify, counter and mitigate threats through the process of threat modelling.

The Person:

For the above position, the successful applicant should meet the following criteria:

• Information Technology / Computer Science / Telecommunications / Engineering / (Electrical, Electronic) or related field
• Security certification such as; Certified SOC Analyst (CSA),Certified Incident Handler (E|CIH),GIAC Certified Intrusion Analyst (GCIA),GIAC Certified Incident Handler (GCIH),GIAC Certified Forensic Analyst (GCFA),Certified Information Systems Auditor (CISA),Certified Information Systems Security Professional (CISSP),Certified Information Security Manager (CISM),Security+.
• Have a minimum of 5 years’ experience in Technology with at least 2 years’ experience in Cybersecurity and 1 year experience in Security Operations Centre / Security Monitoring.