Officer, IT Security Operations & Incidence Response Job at Kenya Revenue Authority - Career Opportunity in Kenya

Vacancy title:
Officer, IT Security Operations & Incidence Response

[ Type: FULL TIME , Industry: Public Administration, and Government , Category: Computer & IT ]

Jobs at:

Kenya Revenue Authority

Deadline of this Job:
18 February 2021  

Duty Station:
Within Kenya , Nairobi , East Africa

Summary
Date Posted: Thursday, February 11, 2021 , Base Salary: Not Disclosed


JOB DETAILS:
The Kenya Revenue Authority (KRA) was established by an Act of Parliament, Chapter 469 of the laws of Kenya , which became effective on 1st July 1995 . The Authority is charged with the responsibility of collecting revenue on behalf of the Government of Kenya. A Board of Directors, consisting of both public and private sector experts, makes policy decisions to be implemented by KRA Management. The Chairman of the Board is appointed by the President of the Republic of Kenya . The Chief Executive of the Authority is the Commissioner General who is appointed by the Minister for Finance. PURPOSE OF KRA Assessment , Collection, Administration and Enforcement of laws relating to revenue.
Job Summary:
• The job holder is responsible for ensuring IT infrastructure security by carrying out vulnerability assessments, identify security gaps, ensure that the network, databases, business systems and services comply with the approved policy, best practice, security requirements and set minimum baseline standards.
• Monitoring the IT infrastructure and supporting investigation of security breaches and incidence response and perform security Impact analysis in the change process. Configure security policies and rules on the security tools such as Firewalls, SIEM, PAM, SOAR etc .

Key Responsibilities:
Roles and responsibility
• Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms in order to identify and mitigate potential (or active) threats, intrusions, and/or compromises
• Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
• Identify false-positives and false-negatives from the alerting
• Create and test new alerting opportunities based on analytical methods like anomaly detection, or to detect malicious techniques
• Correlate incident data to identify specific vulnerabilities and make recommendations to enable expeditious remediation
• Identification, analysis, containment, eradication and recovery of security incidents; perform deep-dive incident analysis by correlating data from various sources.
• Document event analysis and write comprehensive reports of incident investigations
• Escalates cyber security events according to the Authority’s Cyber Security Incident Response Plan
• Provide actionable strategic, technical, and tactical cyber information and intelligence to management through reports, briefings, and presentations
• Create, test and document new alerting opportunities based on analytical methods like anomaly detection, or detection of malicious techniques to ensure enhanced detection
• Participate in education and awareness within the organization
• Identify and monitor the Tactics, Techniques, and Procedures used by cyber threat actors by analyzing raw intelligence and data.
• Conduct various types of social media and background investigations; utilizing social media research, public record research and third party databases to build leads and assist with investigations.
• Monitor and gather threat intelligence from the deep web and dark web for potential threats and incidents, and analyze such threats and risks and recommend appropriate mitigating measures.
• Make analytical predictions about cyber criminals and their future activities based on what is already known about them
• Effectively recognize threats by performing relevant research and data analysis using both internal and external tools and resources


Academic Qualifications
• Bachelor’s degree in Computer Science or a related field.
• Post graduate qualification (diploma or MSc.) in related field is an added advantage.


Professional Qualifications
• Certification in any of the following or equivalent:
• CEH, CHIF, CISSP or equivalent
• Web Applications Security, Network security or equivalent
• Boot camp (CEH, Ninja Ethical hacking) with experience
• Certificates in CCNA, Developer, DBA/Server/ system/network Administration
• Boot camp (CEH, Ninja Ethical hacking) with experience
• Cyber Security: Digital forensic, malware analysis
• Certificates in Penetration testing, vulnerability Assessment


Relevant Work Experience Required
• At least three (3) years’ security experience in a medium to large organization. • Experience in cyber security monitoring
• Experience in vulnerability Assessment and penetration testing
• Experience in the configuration of any of the following security tools; firewall, SIEM , SOAR, PAM, anti-malware, IAM, Patch management
• Experience security Incidents response
• Good command of SQL language
• Good command of unix/linux/windows
• Broad-based IT experience with technical knowledge of Networks, virtualization,
Hardware, Storage, Operating systems, and Applications, Business Impact Analysis, RTO/RPO
• Up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
Skills Required:
• Knowledge in IT risk management
• Basic Computer forensics and investigation skills
• Security requirements analysis skills
• A sound understanding of network, applications and data security
• Excellent understanding of security processes and technologies including Security Monitoring, Malware Analysis, Vulnerability Assessment and Threat Intelligence.
• Broad understanding of security techniques and technologies including Intrusion Detection, Sandbox, Proxy & URL filtering, Threat Analysis & Intelligence Fusion
• Experience in Host and Network Intrusion Detection systems and knowledge of log analysis tools and techniques
• An understanding of the security mechanisms associated with Windows or Unix operating systems, switched networks, applications and databases
• Familiar with current malware trends and anti-malware solutions


Key Competencies/ Personal Attributes:
• Ability to work concisely when under pressure and for long hours.
• Analytical skills
• Keen attention to details
• Analytical and problem-solving abilities
• Team player
• Highly self-motivated and directed
Note:
1. All applications from interested and qualified candidates must be submitted online via the process below.
2. ONLY shortlisted candidates will be contacted.
3. All applications should be submitted online by 18th February 2021.
4. KRA is an equal opportunity employer committed to gender and disability mainstreaming. Persons with Disability are encouraged to apply.
5. KRA does not charge for application, processing, interviewing or any other fee in connection with our recruitment process.


Work Hours: 8

 

{module 312}

Job application procedure
Registration:
• Go to https://erecruitment.kra.go.ke/login and then click on the ‘Register’ button to start the application process.
• After registration, you will receive an email enabling you to confirm your email address and complete your registration.
Log on:
• After registration go to https://erecruitment.kra.go.ke/login
• Key in your username and password then click on ‘Log in’ to access your account.
• After successful log in, the system will open the ‘Applicant Cockpit’.
Candidate Profile (To create or update applicant detail):
• On the ‘Applicant Cockpit’ page, go to the tab ‘Candidate Profile’.
• Click on ‘My Profile’ to create and update your profile.
• Follow the instructions to complete your profile.
• The process will end by clicking the tab “Overview and Release”.
• Ensure you click the check box on the page to complete the profile.
Application process:
• To view the open job postings, click on the tab ‘Employment Opportunities’ on the ‘Applicant Cockpit’ page.
• Under the heading ‘Job Search’ click the ‘Start’ button to view all available vacancies.
• Click on the Job posting to display the details of the position.
• To apply for the position, click ‘Apply’ button at the top of the page.
• Follow the instructions to complete and submit your application.
• Kindly note that all mandatory fields must be completed.
• To complete the process of application, click the ‘Send Application Now’ button after reviewing and accepting the ‘Data Privacy Statement’.
In case of any challenges, please send your email query to isupporthr@kra.go.ke 
If you experience any delay in receiving an email notification at the end of the e-recruitment registration process, please refresh your email. In case of any challenge, please send your query to isupporthr@kra.go.ke 
Kenya Revenue Authority does not charge any fee at any stage of the recruitment process (application, shortlisting, interviewing, and/or offer)


All Jobs

QUICK ALERT SUBSCRIPTION

{module 316}

Job Info
Job Category: Computer/ IT jobs in Kenya
Job Type: Full-time
Deadline of this Job: 18 February 2021
Duty Station: Nairobi
Posted: 11-02-2021
No of Jobs: 1
Start Publishing: 11-02-2021
Stop Publishing (Put date of 2030): 11-02-2065
Apply Now
Notification Board

Join a Focused Community on job search to uncover both advertised and non-advertised jobs that you may not be aware of. A jobs WhatsApp Group Community can ensure that you know the opportunities happening around you and a jobs Facebook Group Community provides an opportunity to discuss with employers who need to fill urgent position. Click the links to join. You can view previously sent Email Alerts here incase you missed them and Subscribe so that you never miss out.

Caution: Never Pay Money in a Recruitment Process.

Some smart scams can trick you into paying for Psychometric Tests.