Cybersecurity Risk & Red Team Specialist at Equity Bank Kenya

Summary of Role Purpose & Responsibilities

• The Cybersecurity Risk & Red Team Specialist is responsible for proactively identifying, assessing, and mitigating cybersecurity risks across the Equity Group through simulated attack scenarios and advanced threat emulation.
• This role integrates offensive security practices with a thorough understanding of enterprise risk management, ensuring that vulnerabilities and process gaps are promptly identified and addressed.
• The specialist will lead and execute red team exercises, contribute to security posture improvements, and support risk management initiatives to enhance the Equity Group’s cyber resilience against evolving threats.

Key Deliverables

Red Team Operations

• Plan, lead, and execute red team assessments including web, mobile, network, cloud, and social engineering scenarios.
• Simulate advanced persistent threat (APT) techniques, including lateral movement, privilege escalation, and data exfiltration.
• Develop, document, and execute attack playbooks tailored to the Equity Group's environment.

Risk Identification & Management

• Conduct cybersecurity risk assessments across applications, infrastructure, cloud environments, and third-party integrations.
• Collaborate with stakeholders to assess the risk impact and develop actionable mitigation strategies.
• Maintain a risk register and track remediation efforts through to resolution.

Security Testing & Validation

• Perform vulnerability assessments and penetration testing of systems, applications, and APIs.
• Validate the effectiveness of security controls, detection mechanisms, and incident response procedures.
• Support purple team exercises by providing offensive techniques for defensive validation.

Reporting & Communication

• Deliver detailed, actionable, and executive-friendly assessment reports.
• Communicate complex technical findings to both technical and non-technical stakeholders.
• Provide recommendations to enhance security controls, processes, and risk mitigation strategies.

Continuous Improvement

• Contribute to the evolution of security testing methodologies, tools, and technologies.
• Monitor the cybersecurity threat landscape and emerging attacker techniques.
• Support cybersecurity awareness and simulation campaigns based on red team findings.

Qualifications

Qualifications / Certifications

• Education: Master's / bachelor’s degree in information technology, Computer Science, Cybersecurity, Data Science.
• Certifications (One or more of the following strongly preferred): Minimum of CEH (Certified Ethical Hacker) certification or LPT (Licensed Penetration Tester).
• Any one ISACA related Certification (e.g. CISM, CISA, CRISC and CGEIT) * Added advantage.
• OSCP, CRTO, CRT, OSEP, CRTP, CRTE (Offensive Security Certifications) * Added advantage.
• GIAC Penetration Tester (GPEN), Red Team Professional (GRTP) * Added advantage.

Experience

• Minimum 5+ years of experience in cybersecurity, with at least 2 years focused on Red Teaming, offensive security, or penetration testing.
• Experience in cybersecurity risk management or security operations within regulated industries, preferably financial services.
• Prior experience in planning and executing Red Team/Purple Team exercises across diverse technological landscapes.
• Demonstrated success in delivering security risk assessments and providing technical recommendations.