Senior Specialist, Cyber Threat and Vulnerability Management at Equity Bank Kenya

Job Purpose:   

This role is responsible for identification, management and remediation of technical vulnerabilities and cyber threats across EQUITY GROUP’ infrastructure, applications and network. The incumbent will be responsible for continuously performing threat hunting, responding to incidents and improving the security controls of EQUITY GROUP. The incumbent will be required to research and keep abreast of the cyber-attacks and threats in order to continuously protect EQUITY GROUP against new types of attacks. The Senior Specialist will take the lead during incident investigation to drive speedy resolution to minimise potential data leakage and financial loss to EQUITY GROUP. The role engages with key business and operational partners in managing the detection, response, and remediation of cyber related attacks on EQUITY GROUP’s network and its systems.

Job Responsibilities/ Accountabilities: 

• Perform vulnerability assessment and penetration testing on the Bank’s infrastructure and systems to ensure that they are secure from external or internal intrusion attempts thus reducing the risk of successful intrusions against Equity group.
• Provide technical VAPT related support to projects from inception through to successful implementation in a bid to ensure compliance to technical security policies and standards.
• Perform authorized attack surface reviews and penetration tests against specific targets at the direction of the Senior Manager, Security Monitoring & Response.
• Provide vulnerability analysis specific input to the EQUITY GROUP information security strategy
• Develop, integrate and monitor detailed business plans for vulnerability analysis in accordance with the frameworks, goals and targets
• Organise and execute periodic vulnerability assessments and Pen Tests by applying knowledge of scanning tools and emerging risks.
• Work with Group Cyber Defence to coordinate scans with all other parties involved in EQUITY GROUP, including the distribution of notices or notifications, and the management of logistical requirements.
• Lead process optimisation, enhancement, efficiency and continuous improvement on initiatives and programmes within the cyber threat and vulnerability management, as well as benchmark and analyse trends to optimise internal processes.
• Track and prioritise the remediation of vulnerabilities, according to their level of criticality and their potential risk to the business of the affected asset. Report on the status of the resolution of vulnerabilities on a periodic basis.
• Ensure incident identification, assessment, quantification, reporting, communication, and mitigation while confirming SLA compliance, process adherence, and process improvisation to achieve operational objectives.
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring. Maintaining working knowledge of cyber threat actor tactics and techniques.
• Responsible for integration of standard and non-standard logs into the Group SIEM and review/ revise the processes to strengthen Security Operations.
• Co-ordinate with stakeholders, build and maintain positive working relationships with them.
• Lead efforts and participate in audits covering cyber defence.
• Work with Technology Security Leadership to implement the cyber threat and vulnerability management strategies and operational requirements
• Assist to drive strategic alignment of the Group cyber incident response operations and EQUITY GROUP cyber incident response services
• Develop a standardised set of responses to cybersecurity breaches with responses varying according to the level of cybersecurity breaches. 
• Work with the Cyber Defence team to revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in meeting the required performance targets

Qualifications

Knowledge and Experience 

• A Bachelor’s degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or Electronic) or related field from a recognized university.
• Must possess at least one professional certification such as CEH (Certified Ethical Hacker), LPT (Licensed Penetration Tester Master), OSCP (Offensive Security Certified Professional), CompTIA PenTest+, CMWAPT (Certified Mobile & Web Application Penetration Tester).
• A minimum of 5 years’ supervisory experience in Information Technology; with at least:
• 3 years’ experience in Information Security.
• 2 years’ experience in Vulnerability Assessments/ Penetration Testing.
• Good knowledge of Banking/ Financial Services Operations
• Excellent planning and organizing skills
• Excellent problem analysis and attention to detail.