Cybersecurity Specialist, Security Testing at KCB Bank Kenya

The Position: 

The Cybersecurity Specialist, Security Testing will assess the security posture of existing and proposed / new technology systems, platforms, and processes, to protect and continually improve the confidentiality, integrity & availability of information systems, in accordance with KCB Group’s business objectives, regulatory requirements, and strategic goals. The Cybersecurity Specialist (Security Testing) is responsible for conducting Security and Penetration Testing exercises, recommending appropriate controls, and managing various testing solutions and tools for the Group.

Key Responsibilities:

• Design, implement and support VAPT solutions identified as necessary for the protection of KCB Group information assets.
• Serve as one of the system owners for and administer common VAPT toolsets, platforms, and processes, as well as serve as a Subject Matter Expert (SME) for the VAPT role for VAPT exercises executed internally or by contracted vendors.
• Perform vulnerability assessment and penetration testing on the banks infrastructure and systems to ensure that they are secure from external or internal intrusion attempts thus reducing the risk of successful intrusions against KCB group.
• Provide technical VAPT related support to projects from inception through to successful implementation in a bid to ensure compliance to technical security policies and standards. This will also include VAPT related support for significant changes before promotion to production status.
• Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the Senior Managers Information Security and Head, Group Information Security.
• Provide assessment reports that are easily understandable by the target audience and include practical and reasonable recommendations based upon sound risk management principles. Maintain a Vulnerability Scoring System that captures the qualitative representation (Such as low, medium, high and critical) of the assessment reports to help KCB Group properly assess and prioritize its vulnerability management process.
• Assess the sufficiency of policies, standards, and procedures relative to VAPT best practices. Author standards and procedures designed to continually improve security posture.
• Perform continuous vulnerability monitoring in the KCB group environment and report compliance failures to management for immediate remediation.
• Define, create, and deliver status reports and relevant metrics to the Senior Manager, Information Security Operations.
• Provide input into Information Security risk control self-assessments by leveraging specialized knowledge in VAPT.

The Person:

For the above position, the successful applicant should have the following:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Engineering (Electrical/ Electronic) or related field.
• Professional qualifications in any one of the following:
• Cybersecurity certification in CISA/ CISM/CISSP/ Security +.
• Penetration testing/ Cybersecurity Assurance Certification in either CEH/ OSCP/ CPT/ LPT/ PenTest+/ ECSA/ CHFI.
• 5 years Technology experience with at least 2 years in Cybersecurity.
• 3 years’ experience in System/ Network/ Database or Cloud Platform Administration.
• 1 year experience in in Vulnerability Management/ Security Testing/ Penetration Testing.
• Strong interpersonal and communication skill