ICT Security Analyst at Co-operative Bank of Kenya

Are you looking for an employer who promotes individual excellence and mutual respect in a team-driven culture with a key focus on social empowerment? The Co-operative Bank of Kenya, “The Kingdom Bank” is the place for those looking to new horizons. We are looking for an experienced professional with a strategic understanding of the security landscape who is able to enforce policies across security solutions by fine tuning security policies.

This is a high visibility role which forms a critical part in monitoring network activities and reporting on any security related anomalies. This role will also assist in ICT related security investigations. It provides the successful candidate with an opportunity to contribute to the organization’s ICT Security and Risk environment and exposure to many business areas. The successful candidate will also have an ideal opportunity to be an integral part of the organization and to really make a difference.

Reporting to Head - ICT Security, the role holder will work collaboratively with the IT Security operations, ICT and Security Services teams to detect and respond to information security incidents, maintain and follow procedures for security event alerting and participate in ICT related security investigations.

The Role

Specifically, the successful jobholder will be required to:

• Monitor and analyze the Bank’s networks for malicious activity using Security Incident and Event Management (SIEM) toolsets. This will include responding to and investigating alerts, assisting with developing new security monitoring use cases and ensuring all investigative activity is properly documented in the bank’s ticketing systems and followed up with relevant support teams.
• Document all activities during an incident and providing leadership with status updates during the life cycle of the incident.
• Provide analysis regarding intrusion events, security incidents, and other threat indications and warning information from various outside agencies.
• Investigate intrusion attempts and perform in-depth analysis of exploits as well as providing network intrusion detection expertise to support timely and effective decision making of when to declare an incident.
• Analyze a variety of network and host-based security appliance logs (Firewalls, NIDS, HIDS, Sys Logs, etc.) to determine the corrective or mitigation actions and escalation paths for each incident.
• Conduct digital forensics and malware analysis triage and independently follow procedures to contain, analyze, and eradicate malicious activity.
• Monitor open source intelligence sources for potential threats against the Bank, and ensure appropriate defensive actions are taken with respect to these.
• Run vulnerability scans against Bank’s infrastructure, interpreting them and follow up with relevant ICT support teams.
• Triage issues and escalate them to the ICT respective team, and ensure that appropriate follow-up actions are taken by the IT security function.

Skills, Competencies & Experience

The successful candidate will be required to have the following skills and competencies:

• Bachelor’s degree in Information Technology, Computer Science or any other related field with relevant IT Security professional qualifications i.e. CISSP, CISA/CISM/CEH or other relevant security certifications.
• At least 3 years’ experience in Security/Network administration with strong technical knowledge of database, network and operating systems security.
• Knowledge of various security methodologies and processes and technical security solutions (firewall and intrusion detection systems).
• Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
• Working knowledge and experience in penetration testing and vulnerability assessments.
• Knowledge of common cybersecurity threats and sources of cybersecurity information.
• Good understanding and knowledge of risk assessment, risk procedures, security assessment, vulnerability management, penetration testing.