Vacancies at Equity Bank Kenya

Responsibilities:

• Management of incident activities.
• Conduct technical assessments of computer related security incidents, including malware analysis, packet level analysis, and system level forensic analysis.
• Document initial analysis of malware and understand the process to follow in order to protect the organization from newly identified malware strains.
• Have the ability to recognize when a Security incident meets the appropriate criteria for escalation to a declared security incident.
• Understand and demonstrate the ability to escalate appropriate security incidents to the correct level or external organization.
• Monitoring, managing, and coordinating the information collection and cataloging of activities from a variety of public and private security related information sources.
• Work as a team with the other members and the internal ICT team.
• Coordination of incident response activities (escalations, notifications, conference calls, etc.)
• Assess severity levels of security threats (e.g., incidents, vulnerabilities, malicious code) and coordinate the appropriate notifications or escalations in a timely manner.
• Good computer security incident handling and analytical skills.
• Communicate the impact and nature of incidents in terms of business operational continuity.
• Level 2 analysts must be able to demonstrate advanced knowledge of Networking, Windows and Unix operating systems.
• Have a general understanding of routing and infrastructure protocols and hardware.
• Be able to read and interpret the effects of network Access Control Lists on various application protocols.
• Be familiar with modern distributed authentication systems - Kerberos, RADIUS, TACACS, X509 and be able to observe and interpret authentication sessions in these protocols.
• Be familiar with fundamental internet architecture concepts, such as BGP autonomous systems.
• Understand the functions and configuration of the organization's security controls
• Be familiar with the construction of the Log Correlation Rules that drive the organizations workflow; what events they correlate together, and the threshold and threading settings used.
• Be able to describe the general configurations of our security controls, and why those configurations were chosen.
• Lucidly communicate chance recommendations for those controls and detail the business risks and technical impact of those requests for configuration changes.
• Be able to communicate the general architecture and workflow of the organization's incident management process, including all components and general dataflow.
• Have an advanced understanding of TCP/IP protocol internals (RWIN, TTL, Flags, Fragmentation)
• Be able to perform general packet analysis, to extract content and context from traffic dumps.
• Be able to read content streams from all major content and command protocols, and interpret the activities seen therein.
• Have an advanced understanding of how to use network capture and analysis tools such as Snort, Suricata, Wireshark, and tcpdump. L2's should be able to reconstruct sessions, retrieve files from network captures, and demonstrate the ability to use network captures in forensic investigations.
• Be able to generate advanced portscans and interpret the results.
• Keep up with popular internet culture to be able to recognize additional context in information discovered during investigations.
• Confidently operate all common remote administration mechanisms and tools.
• Be able to locate system and application logs for all major operating systems and versions.

Qualifications:

• Bachelor’s Degree in Cyber Security, Electrical Engineering/Computer Science/Information Technology or related.
• 3-5 years of experience in in Infosec 0r Cyber Security within the Financial Services Sector.
• Certifications in either of Network+, Security+, CySA+, GSEC, CEH, CISA, CISM or any other information security related course will be an added advantage.
• Hands on knowledge of common SIEM solutions, alerts and management.
• Knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc.
• Experience with Microsoft Windows and UNIX operating systems is required.
• Knowledge and/or experience with common security tools and solutions such as anti-virus, Intrusion Prevention Systems and Firewalls is an added advantage.
• Knowledge and/or experience with Oracle, MS SQL, My SQL, etc.
• Good communication and presentation skills.
• Enthusiasm, curiosity, thirst for knowledge and passion for the job is required.
• Analytical thinking, customer focused and team player.

go to method of application »

Role Description:

As Level 1 security Analyst, your role is pivotal in helping to monitor and protect the bank and its information assets. Some of the responsibilities of the Level 1 Analyst are as per below:

Responsibilities:

• Have the ability to and understand how to properly open a manual ticket for security related incidents or to report issues to the Security Operations team leadership.
• Have the ability to and understand how to search asset information or ticket information.
• Be familiar with security controls technologies.
• Understand the significance of Log Correlation Rules, what the incidents generated from them indicate, and their significance to business operational continuity.
• Be able to access the organizations SIEM and understand what tables to query for specific data from each of the technologies L1 Analysts have access to.
• Be able to identify user log/computer information by querying.
• Have the ability to understand how to log in to Nessus, Nexpose and OpenVas to retrieve and review vulnerability scan data.
• Have the ability to understand how to search for asset information.
• Be familiar with SOC analyst tools and collaboration systems.
• Be able to work out any issues in the Incident Management System properly.
• Understand general TCP/IP essentials and interpret CIDR network ranges.
• Know the basics of IP routing.
• Understand the differences between TCP, UDP and ICMP in their modes of operation.
• Be able to describe the OSI model, and what portions of TCP/IP operate at each layer.
• Be familiar with RFC1918 and NAT
• Know the basic operational concepts of most internet communication and content delivery protocols (HTTP, SMTP, etc.)
• Known how to generate a portscan, and interpret the result.
• Understand the concepts of Authoritative DNS servers, and the general principle of DNS resolution (forward/reverse, etc.)
• Have a general knowledge of standard network zoning types (DMZ, Datacenters, Core Routing, etc.)
• Understand General Wireless networking concepts:
  • Infrastructure, Ad-Hoc, Client and Bridge modes of operation
  • SSID, BSID, authentication modes (WEP/WPA)
  • Channels, Beacons
• General OS operation skills and data analysis.
• Be able to install and configure a general windows or Linux workstation and bring it into line with corporate security standards.
• Be able to identify where the system logs are contained on that system.
• Be able to perform general troubleshooting on a system, to the same level as an average desktop technical support rep.
• Understand basics of SQL queries (SELECT, COUNT, DISTINCT, ORDER)
• Understand how to write a standard operating procedure that describes a repeatable process to other analysts.

Qualifications:

• Bachelor’s Degree in Cyber Security, Electrical Engineering/Computer Science/Information Technology or related.
• 2-3 years of experience in in Infosec 0r Cyber Security within the Financial Services Sector.
• Certifications in either of Network+, Security+, CySA+, GSEC, CEH, CISA, CISM or any other information security related course will be an added advantage.
• Hands on knowledge of common SIEM solutions, alerts and management.
• Knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc.
• Experience with Microsoft Windows and UNIX operating systems is required.
• Knowledge and/or experience with common security tools and solutions such as anti-virus, Intrusion Prevention Systems and Firewalls is an added advantage.
• Knowledge and/or experience with Oracle, MS SQL, My SQL, etc.
• Good communication and presentation skills.
• Enthusiasm, curiosity, thirst for knowledge and passion for the job is required.
• Analytical thinking, customer focused and team player.