Background information about the job or company (e.g., role context, company overview), Responsibilities or duties, Qualifications or requirements (e.g., education, skills), Experience needed, Any other provided details (e.g., benefits, work environment, team info, or additional notes).

Kenya Commercial Bank Limited is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya - incorporated with effect from January 1, 2016 - and all KCB's regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It als...

KEY RESPONSIBILITIES

• Research, collect, coalesce, and analyse open source and proprietary threat reporting feeds to provide applicable and actionable cyber threat intelligence.
• Continuously identify, analyse, pursue, and evict (“hunt”) advanced cyber threats from the bank’s technological ecosystems, whether on premise or in the Cloud. Detect novel vulnerabilities and work towards mitigating the associated cybersecurity risk before it adversely impacts the bank.
• Provide a forward-looking view of the cyber threat landscape as it relates to the financial sector, predicting shifts in adversarial intent, goals, and strategic objectives.
• Maintain meticulous documentation of cyber threats, threat vectors, threat actors, and threat trends, tactics, techniques and procedures for consumption during threat modelling activities and security incidents. Prepare and publish reports for consumption by various levels, from technical to executive.
• Build and leverage relationships with both internal and external peers from public and private sector organizations.
• Develop, effect, and continuously refine threat hunting and threat intelligence frameworks.
• Collaborate with the wider Cybersecurity Intelligence Security Operations Centre (CISOC), SOC Engineering, and Group Cybersecurity (GCS) technical teams to gain and give insight into threat models and security architectures specific to KCB Bank with a view to advancing effective cybersecurity control schemas.
• Give input to security awareness training and education programs based on the outcomes of threat hunting and threat intelligence exercises.
• Stay up to date with relevant vulnerabilities, threat actors, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and trends; ascertain actionable areas of interest and threats.
• Deliver timely, relevant, and actionable intelligence and recommendations through threat hunting and threat intelligence reports, briefings, and threat assessments to stakeholders to improve the ability to detect threats in the bank’s environment.

DAILY RESPONSIBILITIES

• Monitor the surface, deep, and dark Web utilizing a diverse toolset to monitor and track threat actors, IOCs, and other cyber security risks; provide actionable intelligence.
• Administer, configure, and continuously improve advanced cyber threat hunting and threat intelligence platforms.
• Continuously conduct threat hunts based on predefined hypotheses.
• Provide periodic threat hunting and threat intelligence updates to the CISOC, GCS management, and executive leadership.
• Furnish expertise to the CISOC in handling and remediating security incidents.

MINIMUM POSITION QUALIFICATION REQUIREMENTS

• A Bachelor's degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or Electronic) or related field from a recognized university.
• Must possess at least 2 security certification from the list:
  • Certified SOC Analyst (CSA)
  • Certified Ethical Hacker (CEH)
  • Certified Incident Handler (E|CIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Reverse Engineering Malware (GREM)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Security+
  • Certified Information Systems Auditor (CISA).
• A minimum of 5 years’ work experience in Information Technology; with at least;-
  • 3 years’ experience in Information/Cyber Security.
  • 2 years' experience in Security Operations Centre/Security Monitoring/Endpoint Detection and Response/Network Detection and Response.
• Experience in Security Tools Administration (SIEM, DAM, WAF, etc.) or Incident Response and Management is desired.
• Experience working in in the financial services industry and in a complex technological environment is desired.

• Research, collect, coalesce, and analyse open source and proprietary threat reporting feeds to provide applicable and actionable cyber threat intelligence.
• Continuously identify, analyse, pursue, and evict (“hunt”) advanced cyber threats from the bank’s technological ecosystems, whether on premise or in the Cloud. Detect novel vulnerabilities and work towards mitigating the associated cybersecurity risk before it adversely impacts the bank.
• Provide a forward-looking view of the cyber threat landscape as it relates to the financial sector, predicting shifts in adversarial intent, goals, and strategic objectives.
• Maintain meticulous documentation of cyber threats, threat vectors, threat actors, and threat trends, tactics, techniques and procedures for consumption during threat modelling activities and security incidents. Prepare and publish reports for consumption by various levels, from technical to executive.
• Build and leverage relationships with both internal and external peers from public and private sector organizations.
• Develop, effect, and continuously refine threat hunting and threat intelligence frameworks.
• Collaborate with the wider Cybersecurity Intelligence Security Operations Centre (CISOC), SOC Engineering, and Group Cybersecurity (GCS) technical teams to gain and give insight into threat models and security architectures specific to KCB Bank with a view to advancing effective cybersecurity control schemas.
• Give input to security awareness training and education programs based on the outcomes of threat hunting and threat intelligence exercises.
• Stay up to date with relevant vulnerabilities, threat actors, indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and trends; ascertain actionable areas of interest and threats.
• Deliver timely, relevant, and actionable intelligence and recommendations through threat hunting and threat intelligence reports, briefings, and threat assessments to stakeholders to improve the ability to detect threats in the bank’s environment.
• Monitor the surface, deep, and dark Web utilizing a diverse toolset to monitor and track threat actors, IOCs, and other cyber security risks; provide actionable intelligence.
• Administer, configure, and continuously improve advanced cyber threat hunting and threat intelligence platforms.
• Continuously conduct threat hunts based on predefined hypotheses.
• Provide periodic threat hunting and threat intelligence updates to the CISOC, GCS management, and executive leadership.
• Furnish expertise to the CISOC in handling and remediating security incidents.

• Cyber threat intelligence analysis
• Threat hunting
• Vulnerability detection and mitigation
• Threat modeling
• Security incident response
• Security awareness training
• Indicator of Compromise (IOC) analysis
• Tactics, Techniques, and Procedures (TTP) analysis
• SIEM administration
• Endpoint Detection and Response (EDR)
• Network Detection and Response (NDR)
• Web Application Firewall (WAF) administration
• Data Loss Prevention (DLP)
• Security Information and Event Management (SIEM)
• Vulnerability Management
• Risk Management
• Communication (written and verbal)
• Collaboration
• Relationship building
• Problem-solving
• Analytical thinking
• Research
• Documentation
• Reporting
• Web monitoring (surface, deep, dark web)
• Platform administration (threat hunting and intelligence)
• Hypothesis-driven threat hunting

• Bachelor's degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or Electronic) or related field from a recognized university.
• At least 2 security certifications from the following list: Certified SOC Analyst (CSA), Certified Ethical Hacker (CEH), Certified Incident Handler (E|CIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Security+.