Cybersecurity Specialist, SOC Operations and Incident Management

KEY RESPONSIBILITIES:

• Ensure the faultless running of the SOC, picking up items handed over from shift to shift and between tiers, following up on their successful conclusion
• Track and warrant adherence to set SLAs for different categories of alerts/incidents
• Report on key SOC metrics such as Mean Time To Detect (MTTD), Mean Time To Respond (MTTR), Mean Time To Contain (MTTC), False Positive Rate (FPR), and Incident Escalation Rate (IER)
• Guide the analysis of security alerts and potential cybersecurity incidents to identify true security breaches.
• Create procedures, run books, high- and low-level documentation, processes and develop staff to respond to cybersecurity incidents more effectively.
• Investigate security breaches and make informed decisions towards containment, and recommendations for corrective action.
• Apply expertise in both endpoint and network analysis to ascertain the impact of an attack and develop threat trends and mitigation techniques and countermeasures that can prevent future attacks.
• Coordinate the analytic and investigative efforts of the Cyber Security Incident Response and Recovery Team (CSIRRT) along with any Technology incident response team as required during a critical cyber occurrence.
• Work closely with the Cybersecurity Specialist, Threat Hunting to track emerging and realised threats including, but not limited to, mapping command-and-control infrastructure, investigating phishing campaigns, unearthing weaponised file/document techniques and patterns, and passing unearthed detection indicators to the wider CISOC and incident management teams.
• Implement security improvements by assessing the current situation, evaluating trends, and anticipating requirements.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

1. Academic & Professional

Particulars Detail Specific Field or Qualification Need Type[4] Education  Bachelor’s Degree BSc. Information Technology / Computer Science / Telecommunications / Engineering or related RQ

Professional Qualifications (Minimum 1 of the listed certificates for RQ)

 

 

Certified SOC Analyst (CSA)

Certified Incident Handler (E|CIH)

GIAC Certified Intrusion Analyst (GCIA)

GIAC Certified Incident Handler (GCIH)

GIAC Certified Forensic Analyst (GCFA)

Certified Information Systems Auditor (CISA)

Certified Information Systems Security Professional (CISSP)

Certified Information Security Manager (CISM)

Security+

Any SIEM certification

Any other relevant information security/cybersecurity certification

At least one RQ

 

Several are AA

  Master’s degree MBA / MSc Cybersecurity / Information Systems Security / IT Security / IT AA  

 

        2. Experience

 

Total Minimum Number of Years of IT Experience Required 5

 

DetailMinimum No of YearsNeed Type[5]

Experience in information security/cybersecurity 2 ES Experience in Security Operations Centre/security monitoring operations 1 ES Experience in security monitoring tools administration or usage (SIEM, EDR, NDR, DAM, WAF, etc.) and/or incident response and management 1 ES Experience in the Financial Services Industry 1 DE Experience in a complex technological environment 2 DE

 

 

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation:  Group Name Change,   Name Change Certificate,  KCB Advise on Non-Operating Holding Company,  KCB Group Structure,  Kenya Gazette Notice.