Cybersecurity Specialist, Content and Detection Engineering at KCB Bank Kenya

KEY RESPONSIBILITIES


Implement, operate, and maintain cyber threat detection tools and capabilities. This includes applying patches and updates to the CISOC toolkit.
Ensure full security monitoring coverage of the bank's technological ecosystem - both on premise and in Cloud - by working with system owners to enroll their systems to Security Information and Event Management (SIEM), Database Activity Monitoring (DAM), Network Detection and Response (NDR), and other CISOC platforms
Perform threat modelling exercises to characterise real-world cyber risk scenarios. Develop and implement use cases to detect these cyber threats.
Design and execute processes to continuously seek and receive feedback from the frontline Security Monitoring Analysts, Cybersecurity Specialist, Threat Hunting and Intelligence, and other important stakeholders about the efficacy and efficiency of detection logic. Use said input to devise, finetune, amend, test, and iterate use cases. Formulate metrics to track the same.
Act as the cybersecurity logging and monitoring Subject Matter Expert (SME) in support of the bank's IT projects. Provide thought leadership by setting forth requirements and ensuring adherence to Minimum Security Baselines (MSBs) on log composition and structure. Work with project teams to validate the same. Onboard systems to SIEM and DAM and craft relevant use cases as key prerequisites to project approval.
Curate and sustain the CISOC's library of living, detailed use case documentation
Ensure that daily and weekly system checks for issues such as log source dormancy and system bottlenecks, and biannual OEM health checks are carried out for the CISOC toolkit (SIEM, DAM, NDR, and any other CISOC tools). Pursue automation of repetitive, manual tasks.
Conceive and create frameworks, guides, manuals, Minimum Security Baselines (MSBs), and Standard Operating Procedures (SOPs) relating to log source onboarding, use case creation and maintenance, CISOC systems administration, and all other facets of SOC Engineering. Ensure the same are approved, applied, and followed through consistently.
Evaluate the suitability of the CISOC toolkit. Research and propose new technology acquisitions to improve the CISOC's overall detection proficiencies
Participate in the analysis and remediation efforts of cybersecurity incident response and apply the learnings therefrom towards improving the bank's threat detection competencies.


MINIMUM POSITION QUALIFICATION REQUIREMENTS

Academic & Professional


Bachelor's Degree
BSc. Information Technology, Computer Science, Telecommunications, Electrical and Electronics Engineering, or related RQ
Professional Qualifications (Minimum 1 of the listed certificates for RQ)


Information security certifications such as:


Certified SOC Analyst (CSA)
Certified Incident Handler (E|CIH)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
At least one RQ
Several are AA
Master's degree
MSc. Cybersecurity, Information Systems Security, IT Security, IT, or related AA


Experience


Total Minimum Number of Years of IT Experience Required 5 years


Detail Minimum No of Years Need Type


Experience in Information Security/Cybersecurity 3 ES
Experience in Security Operations Centre/security monitoring 2 ES
Experience in cybersecurity tool administration (DAM, EDR, NDR, SIEM, SOAR, WAF, XDR, etc.) or Content/Detection/Security/SOC Engineering 2 ES
Experience in the Financial Services Industry 1 DE
Experience in a complex technological environment 2 DE