Job Purpose

The Cyber Security Operations Center (CSOC) team is responsible for managing and enhancing the Bank's cybersecurity posture by monitoring, detecting, analyzing, and responding to cybersecurity threats in real-time. The CSOC play a critical role in protecting digital assets and ensuring business continuity by proactively identifying and mitigating potential cybersecurity risks. They are the primary contact for any suspected incidents and working together with remediation teams to resolve incidents and remediate cybersecurity threats to the Central Bank of Kenya.

Reporting to the Senior Manager, Cyber Security Operations, the successful candidate will work on shift to provide 24x7 eyes-on-glass service at the CSOC, performing real-time monitoring, identification, analysis, investigation, containment, and response or escalation of security incidents.

Key Duties and Responsibilities

Strategic Responsibilities

Contribute as appropriate to the performance of the function and the overall achievement of the Bank’s strategic objectives.

Technical and Operational Responsibilities

• Perform 24*7 real-time monitoring of security alerts generated by various security solutions deployed by the Bank.
• Threat Analysis: Analyzing security alerts and events to determine their legitimacy and severity.
• Analyze and assess security alerts and escalate to Level 2/3 analysts for further investigations and communication.
• Investigating and responding to security incidents, including malware infections, data breaches, and insider threats.
• Documenting security incidents, creating detailed reports, and communicating findings to relevant stakeholders.
• Threat Intelligence: Staying up to date on the latest cybersecurity threats, vulnerabilities, and attack techniques.
• Collaborating with other security teams and sections to coordinate security efforts.
• Improvement: Contributing to security improvements by tuning security tools, recommending policy changes, and implementing new security controls.

Qualifications

• Bachelor’s degree in Electrical Engineering/ Computer Science/ Information Technology or related technical field.
• Certifications in the following will be an added advantage.
  • CCNA, CEH, CISA, CISM, or any other information security-related course
  • Networking certifications: CCNA/CCNP/CCSP/CCIE or any equivalent
  • Microsoft Windows, and Linux/Unix Operating Systems

Work Experience

• At least 2 years of experience in IT User Support, Microsoft Windows, Linux/Unix Operating Systems, IT Networks, and network protocols such as TCP/IP, Syslog, DNS, NetFlow, etc.
• Knowledge in the following areas will be necessary.
  • Information Security technologies such as SIEM/IPS/Firewalls/, Content Filters, Security Scanning tools, Antivirus, Encryption, etc.
  • Programming (shell, Python scripting, etc.), and web technologies such as HTML, JavaScript, PHP, etc.
  • Security vulnerability assessment, minimum security baseline standards.

Competencies

Technical Competencies

Knowledge and understanding of:

• Cybersecurity frameworks.
• Data protection frameworks.
• Threat and Vulnerability Management.

General and Behavioural Competencies

• Good communication and presentation skills.
• Team player, analytical thinking, and report writing skills.
• Enthusiasm, curiosity, thirst for knowledge, and passion for the job.
• Planning and organization - Ability to determine and accomplish short or long-term goals
• Communication skills -Ability to express information clearly and succinctly, orally and in writing, considering the audience and the nature of the information.
• Professionalism, work ethic & integrity - Ability to convey excellence and competence on delivery of duty.
• Collaboration and teamwork - Ability to work collaboratively with colleagues.
• Accountability and professional development – Ability to take and accept responsibility and outcome thereof openly and transparently.
• Customer focus - Ability to demonstrate concern for the expectations of customers and prioritize.

• Perform 24*7 real-time monitoring of security alerts generated by various security solutions deployed by the Bank.
• Threat Analysis: Analyzing security alerts and events to determine their legitimacy and severity.
• Analyze and assess security alerts and escalate to Level 2/3 analysts for further investigations and communication.
• Investigating and responding to security incidents, including malware infections, data breaches, and insider threats.
• Documenting security incidents, creating detailed reports, and communicating findings to relevant stakeholders.
• Threat Intelligence: Staying up to date on the latest cybersecurity threats, vulnerabilities, and attack techniques.
• Collaborating with other security teams and sections to coordinate security efforts.
• Improvement: Contributing to security improvements by tuning security tools, recommending policy changes, and implementing new security controls.

• Cybersecurity frameworks.
• Data protection frameworks.
• Threat and Vulnerability Management.
• Good communication and presentation skills.
• Team player, analytical thinking, and report writing skills.
• Enthusiasm, curiosity, thirst for knowledge, and passion for the job.
• Planning and organization - Ability to determine and accomplish short or long-term goals
• Communication skills -Ability to express information clearly and succinctly, orally and in writing, considering the audience and the nature of the information.
• Professionalism, work ethic & integrity - Ability to convey excellence and competence on delivery of duty.
• Collaboration and teamwork - Ability to work collaboratively with colleagues.
• Accountability and professional development – Ability to take and accept responsibility and outcome thereof openly and transparently.
• Customer focus - Ability to demonstrate concern for the expectations of customers and prioritize.

• Bachelor’s degree in Electrical Engineering/ Computer Science/ Information Technology or related technical field.
• Certifications in the following will be an added advantage.
  • CCNA, CEH, CISA, CISM, or any other information security-related course
  • Networking certifications: CCNA/CCNP/CCSP/CCIE or any equivalent
  • Microsoft Windows, and Linux/Unix Operating Systems