Jobs Career Advice Signup
X

Send this job to a friend

X

Did you notice an error or suspect this job is scam? Tell us.

  • Posted: Oct 14, 2021
    Deadline: Oct 20, 2021
    • @gmail.com
    • @yahoo.com
    • @outlook.com
  • The Kenya Revenue Authority (KRA) was established by an Act of Parliament, Chapter 469 of the laws of Kenya , which became effective on 1st July 1995 . The Authority is charged with the responsibility of collecting revenue on behalf of the Government of Kenya. A Board of Directors, consisting of both public and private sector experts, makes policy decisio...
    Read more about this company

     

    Supervisor – Vulnerability Management

    Job Summary:

    The job holder is responsible for the management of technical vulnerabilities and implementation of security controls in the organization’s Business Systems. The role includes carrying out vulnerability assessments, penetration testing, identifying security gaps, ensuring that the network, databases, business systems and services comply with the approved policy, best practice, security requirements and set minimum baseline standards. 

    Key Responsibilities:

    • Review KRA Business systems for technical vulnerabilities and ensure appropriate safeguards are in to provide mitigations.
    • Coordinate vulnerability assessments, penetration tests, security reviews on business systems, services and databases using various tools and personal knowledge.
    • Ensure compliance with the approved policy, best practice, security requirements and set minimum baseline standards for the business systems.
    • Coordinate development of system security requirements for the various systems at acquisition/development and carry out security tests on the systems before deployments
    • Identify, recommend, and configure suitable tools to enhance Information systems security.
    • Monitor systems and applications for security issues, vulnerabilities and recommend remediation including patching and upgrades, rules updates
    • Attend Change Advisory Committee meetings for enhancement of business operations.
    • Ensure compliance to ISO (9001/2015 and 27001/2013) and ISMS and data security requirements.
    • Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

    Academic Qualifications

     Bachelor’s degree in Computer Science or IT related field.

    Professional Qualifications 

    Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP.

    Relevant Work Experience  

    At least three (3) years related IT security work experience in a large or busy organization.

    Technical Skills Required:

    • Experience in Vulnerability Assessments and Penetration testing.
    • Experience in Digital Forensics, cyber security threat Analysis or incident management
    • Proficiency in implementation and use of security testing tools/solutions.
    • Broad-based IT experience with technical knowledge of Network, Virtualization, Hardware, Storage, Operating systems, and Applications.
    • Good command of SQL language.
    • Good command of Unix/Linux/windows
    • Knowledge in Information security risk management
    • Experience in Information Security Management System
    • Experience in Project Management

    Key Competencies:

    • Excellent stakeholder engagement skills
    • Analytical mind with problem-solving aptitude
    • Excellent listening, communication and presentation skills
    • Reliable and thorough with a deep commitment to accuracy
    • Self-motivated and able to work independently
    • A team player
    • Ability to prioritize competing work commitments and deliver on time

    go to method of application »

    Supervisor – Security Infrastructure Tools

    Job Summary:                  

    The job holder is responsible for the management of IT security operations through management of risks, deployment, maintenance and support of IT security tools and Infrastructure, and implementation of security control in the organization’s IT infrastructure.

    Key Responsibilities:

    • Review Organization’s IT infrastructure for vulnerabilities and provide mitigations 
    • Support and maintain IT security systems and tools to ensure optimal operations for Information Security tools
    • Design and implement Information Security tools/ solutions to reduce vulnerabilities within the IT infrastructure.
    • Develop proposals for deployment of appropriate Information Security tools to secure KRA IT infrastructure
    • Ensure all IT infrastructure (including desktops, network devices, etc.)  connected  to  KRA’s  network  have  proper  virus protection software, current virus definition libraries, and the most recent operating system  and  critical  patches  applied  in  good time  to  avoid  adverse consequences on their operation.
    • Ensure compliance to ISO (9001/2015 and 27001/2013) and ISMS and data security requirements.
    • Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

    Academic Qualifications       

    Bachelor’s degree in Computer Science or IT related field from a recognized Institution.

    Professional Qualifications   

    Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification

    Relevant Work Experience  

    At least three (3) years related IT security work experience in a large or busy organization.

    Technical Skills Required:

    • Experience in Vulnerability Assessments and Penetration testing.
    • Experience in cyber security threat Analysis or incident management
    • Experience in Design and implementation of Information Security tools/ solutions e.g. Next Generation Firewalls, Security Information & Event Management Solutions, Privileged Access Management solutions etc.
    • Knowledge in Information security risk management
    • Experience in Information Security Management System
    • Experience in Project Management

    Key Competencies:

    • Excellent stakeholder engagement skills
    • Analytical mind with problem-solving aptitude
    • Excellent listening, communication and presentation skills
    • Reliable and thorough with a deep commitment to accuracy
    • Self-motivated and able to work independently
    • A team player
    • Ability to prioritize competing work commitments and deliver on time

    go to method of application »

    Officer – Security Infrastructure Tools

    Job Summary:                  

    The jobholder is responsible for IT security operations through design, deployment, maintenance, support, day-to-day operations and vendor management of IT security and Infrastructure tools. He is also responsible for management of ICT risks through implementation of appropriate controls.

    Key Responsibilities:     Roles and responsibilities

    • Undertake research and consultations with the industry to identify and recommend appropriate Information Security tools for deployment in the Authority in line with the Industry standards, trends and best practices.
    • Draft technical and budget proposals for the procurement, deployment upgrades and maintenance of information security and infrastructure tools
    • Deploy, support and maintain Information Security tools to reduce vulnerabilities and enhance the overall security posture of the IT infrastructure.
    • Provide technical Support to end users, manage incidents and attend to user requests for the various ICT security tools. 
    • Manage vendors, undertake regular and routine maintenance of the IT security and infrastructure tool in liaison with the vendors
    • Identify and document vulnerabilities in the KRA IT infrastructure and implement mitigations measures.
    • Review, update and implement policies and procedures to enforce Antivirus protection, patching, software compliance for IT infrastructure including desktops and network devices.
    • Ensure conformity to ISO (9001/2015 and 27001/2013) ISMS and data security requirements.

    Academic Qualifications     

      Bachelor’s degree in Computer Science, Mathematics, Electronics or a related field.

    Professional Qualifications    Required Certifications/Trainings

    Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP

    or in relevant  information security solutions certification

    Relevant Work Experience Required      

    At least one (1) years related IT security work experience in a large or busy organization:

    Technical Skills Required

    • Experience in securing enterprise business systems and IT infrastructure.
    • Experience in implementation of Information security tools and controls.
    • Experience in business systems or infrastructure support.
    • Hands on working experience with leading Information Security tools such as Kaspersky Antivirus, Checkpoint Firewall System, Widows Active Directory etc.
    • Up-to-date understanding of emerging industry standards and trends in information security.

    Skills Required:

    • Computer and IT security skills
    • Security requirements analysis skills
    • Network, applications and data security skills
    • IT security processes and technologies knowledge and skills, including Malware Analysis, Vulnerability Assessment and Threat Intelligence.
    • Malware trends and anti-malware solutions
    • Vendor management skills

    Key Competencies:

    • Ability to work concisely when under pressure and for long hours.
    • Report writing and documentation skills
    • Analytical skills with keen attention to details
    • Team player
    • Highly self-motivated and directed
    • Ability to adapt quickly to emerging ICT security trends

    go to method of application »

    Officer - Policy & IT Risk Management - 3 Positions

    Job Summary:                 

     The jobholder is responsible for supporting the implementation of Information Security management System based on ISO27001 and best practice.

    • Key Responsibilities: Implement Information Security Management System based on the ISO/IEC 27001 series standards, including preparation for certification against ISO/IEC 27001
    • Perform gap analysis of information security standards such as ISO 27001 and create compliance reports for information security standards such as ISO 27001
    • Develop/review IS policies, standards, procedures and guidelines, in liaison with the stakeholder to obtain appropriate approvals and feedback for implementation.
    • Compliance monitoring and improvement activities to ensure adherence to internal security policies, procedure, standards and applicable laws and regulations
    • Support departments to manage implementation of information security management system.
    • Prepare materials and conduct Information security awareness, training and educational activities to stakeholders.
    • Manages information security risk assessments and controls selection activities
    • Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls
    • Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
    • Support the Information Security program including development, collection, assessment, and reporting of metrics
    • Recommend security policy changes and enhancements as needed
    • Conduct mock ISO Audits and, report on departments’ preparedness for final audit and certification
    • Support ISO 27001- audit and certification activities Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

    Academic Qualifications

    A Bachelor’s degree in Computer Science or related field from a recognized institution.

    Professional Qualifications 

    Must have at least one of the following security certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRISP,

    Relevant Work Experience  

    At least one (1) year related IT security work experience in a large or busy organization.

    Technical Skills Required:

    • Experience in Information Security Management System
    • Experience in development of policies and procedures
    • Knowledge in Information security risk management
    • Experience in Information security awareness development and training
    • Experience in cyber security threat Analysis or incident management

    Key Competencies:

    • Excellent stakeholder engagement skills
    • Analytical mind with problem-solving aptitude
    • Excellent listening, communication and presentation skills
    • Reliable and thorough with a deep commitment to accuracy
    • Self-motivated and able to work independently
    • A team player
    • Ability to prioritize competing work commitments and deliver on time

    go to method of application »

    Officer – Vulnerability Management

    Job Summary:                  

    The job holder is responsible for carrying out technical vulnerability assessments, penetration tests, identifying security gaps on Organization’s business systems and ensuring that the business systems, services and databases comply with the approved policy, best practice, security requirements and set minimum baseline standards. 

    Key Responsibilities:

    • Carry out vulnerability assessments on databases, business systems and services using various tools and personal knowledge.
    • Ensure mitigation of the identified technical vulnerabilities.
    • Ensure compliance with the approved policy, best practice, security requirements and set minimum baseline standards
    • Develop system security requirements for the various systems at acquisition/development and carry out security tests on the systems before deployments
    • Identify, recommend, and configure suitable tools to enhance Information systems security.
    • Monitor systems and applications for security issues, vulnerabilities and recommend remediation including patching and upgrades, rules updates
    • Investigate security breaches and other cyber security incidents in business systems.
    • Perform security Impact analysis in the change process.
    • Document and research security breaches and assess any damage caused
    • Perform malware analysis and digital forensic

    Academic Qualifications    

     Bachelor’s degree in Computer Science or IT related field.

    Professional Qualifications   

    Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification

    Relevant Work Experience    

    At least one  (1) years related IT security work experience in a large or busy organization.

    Technical Skills Required:

    • Experience in Vulnerability Assessments and Penetration testing.
    • Experience in Digital Forensics, cyber security threat Analysis or incident management
    • Proficiency in implementation and use of security testing tools/solutions.
    • Broad-based IT experience with technical knowledge of Network, Virtualization, Hardware, Storage, Operating systems, and Applications.
    • Good command of SQL language.
    • Good command of unix/linux/windows
    • Knowledge in Information security risk management
    • Experience in Information Security Management System
    • Experience in Project Management

    Key Competencies:

    • Excellent stakeholder engagement skills
    • Analytical mind with problem-solving aptitude
    • Excellent listening, communication and presentation skills
    • Reliable and thorough with a deep commitment to accuracy
    • Self-motivated and able to work independently
    • A team player
    • Ability to prioritize competing work commitments and deliver on time

    go to method of application »

    Officer – Cyber Security Surveillance

    Job Summary:     

    The job holder is responsible for carrying out cyber security monitoring of the Authority’s IT infrastructure and business systems for malicious activity and/or active threats. The role also involves responding to security incidents including containment, eradication and recovery in the 24/7 Security Operations Centre (SOC).

    Key Responsibilities:

    • Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms in order to identify and mitigate potential (or active) threats, intrusions, and/or compromises in the 24/7 SOC.
    • Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and distinguish these incidents and events from benign activities.
    • Identify cyber-attacks targeted to the KRA network and systems, advise and block cyber attacks
    • Triage and investigate active threats, security breaches and other cyber security incidents.
    • Perform deep-dive incident analysis by correlating data from various sources. Generate/Review event analysis reports of incident investigations
    • Escalates cyber security events according to the Authority’s Cyber Security Incident Response Plan
    • Monitor and gather threat intelligence from the deep web and dark web for potential threats and incidents, and analyze such threats and risks and recommend appropriate mitigating measures.
    • Ensure conformity to ISO (9001/2015 and 27001/2013) and data security requirements.

    Academic Qualifications

    Bachelor’s degree in Computer Science or IT related field.

    Professional Qualification     

    Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification, or incidents response

    Relevant Work Experience  

    At least one (1) year related IT security work experience in a large or busy organization.

    Technical Skills Required

    • Experience in cyber security threat Analysis
    • Experience in incident management
    • Experience in digital forensics and malware analysis
    • Experience in security tests or vulnerability management
    • Penetration testing skills
    • Research skills
    • Experience in cyber security operations(SOC/CIRT)

    Key Competencies:

    1. Ability to work long hours including night shifts
    2. Analytical mind with problem-solving aptitude
    3. Excellent listening, communication and presentation skills
    4. Reliable and thorough with a deep commitment to accuracy
    5. Self-motivated and able to work independently
    6. A team player
    7. Ability to prioritize competing work commitments and deliver on time

    Method of Application

    Note: Never pay for any training, certificate, assessment, or testing to the recruiter.

  • Send your application

    View All Vacancies at Kenya Revenue Authority (KRA) Back To Home

Subscribe to Job Alert

 

Join our happy subscribers

 
 
 
Send your application through

GmailGmail YahoomailYahoomail