Career Opportunities at Kenya Revenue Authority

Job Summary:

The job holder is responsible for the management of technical vulnerabilities and implementation of security controls in the organization’s Business Systems. The role includes carrying out vulnerability assessments, penetration testing, identifying security gaps, ensuring that the network, databases, business systems and services comply with the approved policy, best practice, security requirements and set minimum baseline standards. 

Key Responsibilities:

• Review KRA Business systems for technical vulnerabilities and ensure appropriate safeguards are in to provide mitigations.
• Coordinate vulnerability assessments, penetration tests, security reviews on business systems, services and databases using various tools and personal knowledge.
• Ensure compliance with the approved policy, best practice, security requirements and set minimum baseline standards for the business systems.
• Coordinate development of system security requirements for the various systems at acquisition/development and carry out security tests on the systems before deployments
• Identify, recommend, and configure suitable tools to enhance Information systems security.
• Monitor systems and applications for security issues, vulnerabilities and recommend remediation including patching and upgrades, rules updates
• Attend Change Advisory Committee meetings for enhancement of business operations.
• Ensure compliance to ISO (9001/2015 and 27001/2013) and ISMS and data security requirements.
• Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

Academic Qualifications

 Bachelor’s degree in Computer Science or IT related field.

Professional Qualifications 

Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP.

Relevant Work Experience  

At least three (3) years related IT security work experience in a large or busy organization.

Technical Skills Required:

• Experience in Vulnerability Assessments and Penetration testing.
• Experience in Digital Forensics, cyber security threat Analysis or incident management
• Proficiency in implementation and use of security testing tools/solutions.
• Broad-based IT experience with technical knowledge of Network, Virtualization, Hardware, Storage, Operating systems, and Applications.
• Good command of SQL language.
• Good command of Unix/Linux/windows
• Knowledge in Information security risk management
• Experience in Information Security Management System
• Experience in Project Management

Key Competencies:

• Excellent stakeholder engagement skills
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time

go to method of application »

Job Summary:                  

The job holder is responsible for the management of IT security operations through management of risks, deployment, maintenance and support of IT security tools and Infrastructure, and implementation of security control in the organization’s IT infrastructure.

Key Responsibilities:

• Review Organization’s IT infrastructure for vulnerabilities and provide mitigations 
• Support and maintain IT security systems and tools to ensure optimal operations for Information Security tools
• Design and implement Information Security tools/ solutions to reduce vulnerabilities within the IT infrastructure.
• Develop proposals for deployment of appropriate Information Security tools to secure KRA IT infrastructure
• Ensure all IT infrastructure (including desktops, network devices, etc.)  connected  to  KRA’s  network  have  proper  virus protection software, current virus definition libraries, and the most recent operating system  and  critical  patches  applied  in  good time  to  avoid  adverse consequences on their operation.
• Ensure compliance to ISO (9001/2015 and 27001/2013) and ISMS and data security requirements.
• Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

Academic Qualifications       

Bachelor’s degree in Computer Science or IT related field from a recognized Institution.

Professional Qualifications   

Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification

Relevant Work Experience  

At least three (3) years related IT security work experience in a large or busy organization.

Technical Skills Required:

• Experience in Vulnerability Assessments and Penetration testing.
• Experience in cyber security threat Analysis or incident management
• Experience in Design and implementation of Information Security tools/ solutions e.g. Next Generation Firewalls, Security Information & Event Management Solutions, Privileged Access Management solutions etc.
• Knowledge in Information security risk management
• Experience in Information Security Management System
• Experience in Project Management

Key Competencies:

• Excellent stakeholder engagement skills
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time

go to method of application »

Job Summary:                  

The jobholder is responsible for IT security operations through design, deployment, maintenance, support, day-to-day operations and vendor management of IT security and Infrastructure tools. He is also responsible for management of ICT risks through implementation of appropriate controls.

Key Responsibilities:     Roles and responsibilities

• Undertake research and consultations with the industry to identify and recommend appropriate Information Security tools for deployment in the Authority in line with the Industry standards, trends and best practices.
• Draft technical and budget proposals for the procurement, deployment upgrades and maintenance of information security and infrastructure tools
• Deploy, support and maintain Information Security tools to reduce vulnerabilities and enhance the overall security posture of the IT infrastructure.
• Provide technical Support to end users, manage incidents and attend to user requests for the various ICT security tools. 
• Manage vendors, undertake regular and routine maintenance of the IT security and infrastructure tool in liaison with the vendors

• Identify and document vulnerabilities in the KRA IT infrastructure and implement mitigations measures.
• Review, update and implement policies and procedures to enforce Antivirus protection, patching, software compliance for IT infrastructure including desktops and network devices.
• Ensure conformity to ISO (9001/2015 and 27001/2013) ISMS and data security requirements.

Academic Qualifications     

  Bachelor’s degree in Computer Science, Mathematics, Electronics or a related field.

Professional Qualifications    Required Certifications/Trainings

Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP

or in relevant  information security solutions certification

Relevant Work Experience Required      

At least one (1) years related IT security work experience in a large or busy organization:

Technical Skills Required

• Experience in securing enterprise business systems and IT infrastructure.
• Experience in implementation of Information security tools and controls.
• Experience in business systems or infrastructure support.
• Hands on working experience with leading Information Security tools such as Kaspersky Antivirus, Checkpoint Firewall System, Widows Active Directory etc.
• Up-to-date understanding of emerging industry standards and trends in information security.

Skills Required:

• Computer and IT security skills
• Security requirements analysis skills
• Network, applications and data security skills
• IT security processes and technologies knowledge and skills, including Malware Analysis, Vulnerability Assessment and Threat Intelligence.
• Malware trends and anti-malware solutions
• Vendor management skills

Key Competencies:

• Ability to work concisely when under pressure and for long hours.
• Report writing and documentation skills
• Analytical skills with keen attention to details
• Team player
• Highly self-motivated and directed
• Ability to adapt quickly to emerging ICT security trends

go to method of application »

Job Summary:                 

 The jobholder is responsible for supporting the implementation of Information Security management System based on ISO27001 and best practice.

• Key Responsibilities: Implement Information Security Management System based on the ISO/IEC 27001 series standards, including preparation for certification against ISO/IEC 27001
• Perform gap analysis of information security standards such as ISO 27001 and create compliance reports for information security standards such as ISO 27001
• Develop/review IS policies, standards, procedures and guidelines, in liaison with the stakeholder to obtain appropriate approvals and feedback for implementation.
• Compliance monitoring and improvement activities to ensure adherence to internal security policies, procedure, standards and applicable laws and regulations
• Support departments to manage implementation of information security management system.
• Prepare materials and conduct Information security awareness, training and educational activities to stakeholders.
• Manages information security risk assessments and controls selection activities
• Perform testing of internal controls specified in Information Security Policies and Perform internal audit reviews to assess the effectiveness of current information security controls
• Ensure timely and effective corrective actions are taken to correct deficiencies and provide status reporting.
• Support the Information Security program including development, collection, assessment, and reporting of metrics
• Recommend security policy changes and enhancements as needed
• Conduct mock ISO Audits and, report on departments’ preparedness for final audit and certification
• Support ISO 27001- audit and certification activities Day-to-day information security operations, supervision, reporting, management of performance and development of staff in the function

Academic Qualifications

A Bachelor’s degree in Computer Science or related field from a recognized institution.

Professional Qualifications 

Must have at least one of the following security certifications or training in CISA/CISM/CEH/CHFI/ECIH/CISSP/ISO 27001/CRISP,

Relevant Work Experience  

At least one (1) year related IT security work experience in a large or busy organization.

Technical Skills Required:

• Experience in Information Security Management System
• Experience in development of policies and procedures
• Knowledge in Information security risk management
• Experience in Information security awareness development and training
• Experience in cyber security threat Analysis or incident management

Key Competencies:

• Excellent stakeholder engagement skills
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time

go to method of application »

Job Summary:                  

The job holder is responsible for carrying out technical vulnerability assessments, penetration tests, identifying security gaps on Organization’s business systems and ensuring that the business systems, services and databases comply with the approved policy, best practice, security requirements and set minimum baseline standards. 

Key Responsibilities:

• Carry out vulnerability assessments on databases, business systems and services using various tools and personal knowledge.
• Ensure mitigation of the identified technical vulnerabilities.
• Ensure compliance with the approved policy, best practice, security requirements and set minimum baseline standards
• Develop system security requirements for the various systems at acquisition/development and carry out security tests on the systems before deployments
• Identify, recommend, and configure suitable tools to enhance Information systems security.
• Monitor systems and applications for security issues, vulnerabilities and recommend remediation including patching and upgrades, rules updates
• Investigate security breaches and other cyber security incidents in business systems.
• Perform security Impact analysis in the change process.
• Document and research security breaches and assess any damage caused
• Perform malware analysis and digital forensic

Academic Qualifications    

 Bachelor’s degree in Computer Science or IT related field.

Professional Qualifications   

Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification

Relevant Work Experience    

At least one  (1) years related IT security work experience in a large or busy organization.

Technical Skills Required:

• Experience in Vulnerability Assessments and Penetration testing.
• Experience in Digital Forensics, cyber security threat Analysis or incident management
• Proficiency in implementation and use of security testing tools/solutions.
• Broad-based IT experience with technical knowledge of Network, Virtualization, Hardware, Storage, Operating systems, and Applications.
• Good command of SQL language.
• Good command of unix/linux/windows
• Knowledge in Information security risk management
• Experience in Information Security Management System
• Experience in Project Management

Key Competencies:

• Excellent stakeholder engagement skills
• Analytical mind with problem-solving aptitude
• Excellent listening, communication and presentation skills
• Reliable and thorough with a deep commitment to accuracy
• Self-motivated and able to work independently
• A team player
• Ability to prioritize competing work commitments and deliver on time

go to method of application »

Job Summary:     

The job holder is responsible for carrying out cyber security monitoring of the Authority’s IT infrastructure and business systems for malicious activity and/or active threats. The role also involves responding to security incidents including containment, eradication and recovery in the 24/7 Security Operations Centre (SOC).

Key Responsibilities:

• Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms in order to identify and mitigate potential (or active) threats, intrusions, and/or compromises in the 24/7 SOC.
• Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and distinguish these incidents and events from benign activities.
• Identify cyber-attacks targeted to the KRA network and systems, advise and block cyber attacks
• Triage and investigate active threats, security breaches and other cyber security incidents.
• Perform deep-dive incident analysis by correlating data from various sources. Generate/Review event analysis reports of incident investigations
• Escalates cyber security events according to the Authority’s Cyber Security Incident Response Plan
• Monitor and gather threat intelligence from the deep web and dark web for potential threats and incidents, and analyze such threats and risks and recommend appropriate mitigating measures.
• Ensure conformity to ISO (9001/2015 and 27001/2013) and data security requirements.

Academic Qualifications

Bachelor’s degree in Computer Science or IT related field.

Professional Qualification     

Must have at least one of the following certifications or training in CEH/CHFI/ECIH/CISSP or in relevant  information security solutions certification, or incidents response

Relevant Work Experience  

At least one (1) year related IT security work experience in a large or busy organization.

Technical Skills Required

• Experience in cyber security threat Analysis
• Experience in incident management
• Experience in digital forensics and malware analysis
• Experience in security tests or vulnerability management
• Penetration testing skills
• Research skills
• Experience in cyber security operations(SOC/CIRT)

Key Competencies:

1. Ability to work long hours including night shifts
2. Analytical mind with problem-solving aptitude
3. Excellent listening, communication and presentation skills
4. Reliable and thorough with a deep commitment to accuracy
5. Self-motivated and able to work independently
6. A team player
7. Ability to prioritize competing work commitments and deliver on time