Background information about the job or company (e.g., role context, company overview)

Prime Bank Ltd is one of the leading private banks in Kenya and was founded in 1992. Serving its customers for over 30 years, with a network of 23 branches, Prime Bank has the expertise to deliver flexible, efficient and personalized services.

Job purpose:

As the bank’s first line of digital defence, the SOC Analyst L1 is responsible for the continuous, real-time monitoring of our security landscape to protect sensitive financial data and critical infrastructure from emerging threats. You will perform the vital initial triage of security alerts, distinguishing between routine anomalies and high-risk incidents—such as phishing attempts or unauthorized access—ensuring rapid escalation to senior responders when necessary. Operating within a high-stakes, 24/7 banking environment, your role is essential in maintaining regulatory compliance, preventing operational disruption, and upholding the security standards that guarantee our customers’ trust.

Responsibilities or duties:

• Real-Time Security Monitoring: Conduct continuous monitoring of the bank’s SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) consoles to identify suspicious activity across the network.
• Incident Triage & Classification: Perform the initial assessment of security alerts to determine their severity, validity, and potential impact on banking operations (e.g., distinguishing a false positive from a legitimate brute-force attack).
• Phishing & Email Analysis: Investigate reported suspicious emails and potential “Business Email Compromise” (BEC) attempts targeting bank employees or customers.
• Alert Escalation: Ensure timely and accurate escalation of verified high-priority threats to Level 2 Analysts according to the bank’s internal Service Level Agreements (SLAs).
• Threat Intelligence Integration: Utilize internal and external threat intelligence feeds to identify known malicious IP addresses, domains, and file hashes relevant to the financial sector.
• Documentation & Reporting: Maintain detailed logs of all alerts and actions taken within the ticketing system to ensure a clear audit trail for regulatory compliance (e.g., PCI-DSS).
• Vulnerability Awareness: Assist in identifying systems that are missing critical security patches or are running unauthorized software that could expose the bank to risk.
• Health Checks: Perform routine health checks on security tools and sensors to ensure the SOC has 100% visibility across all banking platforms.

Qualifications or requirements (e.g., education, skills):

• Bachelor’s degree in information technology, Computer Science, Computer Information System, Cyber Security, Cyber Forensic or any equivalent field.
• Familiarity with industry standards and regulations (e.g., ISO 27001, NIST, etc.)
• Proficiency in using security tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability management tools.
• Ability to read and interpret raw logs from various sources (Windows Event Logs, Firewall logs, Web Proxy logs).
• Knowledge of common attack vectors such as Phishing, SQL Injection, Cross-Site Scripting (XSS), and Ransomware.
• Familiarity with the phases of the Incident Response Life Cycle (Preparation, Detection, Analysis, Containment, Eradication, and Recovery).

Skills & Competencies:

• Demonstrate strong analytical and problem-solving skills to accurately distinguish between benign network anomalies and genuine security threats.
• Excellent written and verbal communication skills are required to clearly document security incidents and present technical findings to both technical and non-technical stakeholders.
• High level of integrity and professional ethics when handling sensitive data and confidential customer information.
• A proven ability to remain calm and follow established security protocols during high-pressure emergency situations is essential for effective incident response.
• Show a commitment to continuous learning by staying updated on the latest cybersecurity trends, emerging threats, and new defence technologies.
• Strong collaboration skills are necessary to work effectively with cross-functional teams.
• Precision and a meticulous attention to detail are mandatory to ensure that no critical security alerts or regulatory compliance requirements are overlooked.
• Possess the flexibility and resilience required to work in a 24/7 rotating shift environment, including nights, weekends, and public holidays

Experience needed:

At least three years’ post qualification experience.

• Real-Time Security Monitoring: Conduct continuous monitoring of the bank’s SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) consoles to identify suspicious activity across the network.
• Incident Triage & Classification: Perform the initial assessment of security alerts to determine their severity, validity, and potential impact on banking operations (e.g., distinguishing a false positive from a legitimate brute-force attack).
• Phishing & Email Analysis: Investigate reported suspicious emails and potential “Business Email Compromise” (BEC) attempts targeting bank employees or customers.
• Alert Escalation: Ensure timely and accurate escalation of verified high-priority threats to Level 2 Analysts according to the bank’s internal Service Level Agreements (SLAs).
• Threat Intelligence Integration: Utilize internal and external threat intelligence feeds to identify known malicious IP addresses, domains, and file hashes relevant to the financial sector.
• Documentation & Reporting: Maintain detailed logs of all alerts and actions taken within the ticketing system to ensure a clear audit trail for regulatory compliance (e.g., PCI-DSS).
• Vulnerability Awareness: Assist in identifying systems that are missing critical security patches or are running unauthorized software that could expose the bank to risk.
• Health Checks: Perform routine health checks on security tools and sensors to ensure the SOC has 100% visibility across all banking platforms.

• Demonstrate strong analytical and problem-solving skills to accurately distinguish between benign network anomalies and genuine security threats.
• Excellent written and verbal communication skills are required to clearly document security incidents and present technical findings to both technical and non-technical stakeholders.
• High level of integrity and professional ethics when handling sensitive data and confidential customer information.
• A proven ability to remain calm and follow established security protocols during high-pressure emergency situations is essential for effective incident response.
• Show a commitment to continuous learning by staying updated on the latest cybersecurity trends, emerging threats, and new defence technologies.
• Strong collaboration skills are necessary to work effectively with cross-functional teams.
• Precision and a meticulous attention to detail are mandatory to ensure that no critical security alerts or regulatory compliance requirements are overlooked.
• Possess the flexibility and resilience required to work in a 24/7 rotating shift environment, including nights, weekends, and public holidays

• Bachelor’s degree in information technology, Computer Science, Computer Information System, Cyber Security, Cyber Forensic or any equivalent field.
• Familiarity with industry standards and regulations (e.g., ISO 27001, NIST, etc.)
• Proficiency in using security tools and technologies, such as firewalls, intrusion detection systems, SIEM, and vulnerability management tools.
• Ability to read and interpret raw logs from various sources (Windows Event Logs, Firewall logs, Web Proxy logs).
• Knowledge of common attack vectors such as Phishing, SQL Injection, Cross-Site Scripting (XSS), and Ransomware.
• Familiarity with the phases of the Incident Response Life Cycle (Preparation, Detection, Analysis, Containment, Eradication, and Recovery).