The Security & Threat Monitoring Specialist will be responsible for monitoring and analysing the organisation’s security posture while supporting Security Information and Event Management (SIEM) and other security monitoring systems for log management, threat & security monitoring and analytics.
Key Responsibilities:
Perform accurate and precise real-time analysis and correlation of logs/alerts from a multitude of log sources devices with a focus on the determination of whether the events constitute security incidents
Research on and provide technical security expertise on continuous persistent threats affecting the banking industry from various threat feeds and Threat Intelligence Platforms. Updates will be reported to Senior Management
Responsible for the creation of procedures, run books, high-level/low-level documentation, implementation of processes and development of staff for managing, configuring and maintaining SIEM and its components within the organization. This will include improvement of the current state of the SIEM/SOC and implementation of a roadmap to achieve SIEM maturity
Provide technical security related support to projects through the successful implementation in a bid to ensure that security logging and incident response is inbuilt into the applications as opposed to the more expensive process of adding these security features post a breach or on a system that is already in production.
Configuring, tuning, implementing and deploying security system monitoring tools
Implementing security improvements by assessing current situation; evaluating trends and anticipating requirements
Appropriately and practically defend the information enterprise in accordance with established policies, procedures, guidelines and practices
Monitor internal and external threats; examine logs, events, and alerts generated by multiple platforms for anomalous activity, evidence of security incidents, and other error conditions that may constitute a breach in security or a degradation of integrity or confidentiality of KCB information technology systems and information assets. This will include DDOS, Insider Threat, Network, Endpoint, Email, Database and Brand security monitoring
Continuously update the IT security monitoring and assessment as required. Stays current on malware trends, especially in the financial industry and adjusts the assessment accordingly to reflect the latest trends. Continually reviews latest hacking techniques and adjusts the assessment accordingly to reflect the latest trends.
Collaborate with Technology SME’s to create use cases and correlation alerts for the organizations security systems monitoring tools for continuous security monitoring.
The Person:
A Bachelor’s degree in IT/ Computer Science/ Telecommunications/ Engineering (Electrical or Electronic) or related field from a recognized university.
Must possess at least one security certification such as CISM, CISA, Security+, CISSP, CCNA Security, CCNA Cyber security.
A minimum of 5 years’ supervisory experience in Information Technology; with at least:
3 years’ experience in Information or Network or Computer Security.
2 years’ experience in Security Information and Events Management (SIEM) Operations.
Experience/ Knowledge on Security Incident Detection and Response.
Good knowledge of Banking Operations.
Excellent planning and organizing skills
Excellent problem analysis and attention to detail.