Job Description
Reporting to the Senior Manager – Cyber Defense, Safaricom is seeking an experienced and proactive Level 2 Cyber Security Analyst to join our Corporate Security Division. In this role, you serve as the critical escalation point for incidents initially handled by Level 1 Analysts. You will drive in-depth investigations, conduct comprehensive forensics, and lead the optimization of our security operations. A key focus of this position is the management and enhancement of our log management, detection engineering, SIEM, and SOAR infrastructures to ensure robust, proactive defense against emerging threats.
Key Responsibilities
Incident Investigation & Escalation:
Handle escalated security incidents from Level 1 analysts.
Conduct thorough host and network forensics, and perform log analysis to identify the root cause of security incidents.
Determine attack vectors, exploitation methods, and techniques used to bypass security controls.
Log Management & Detection Engineering:
Oversee the management and optimization of log data collection and analysis.
Develop and refine detection engineering strategies to improve threat identification.
Manage and maintain SIEM and SOAR infrastructures, ensuring efficient processing and correlation of security events.
Collaborate with engineering teams to implement and enhance security monitoring use cases.
Threat Detection & Response:
Carry out proactive threat hunting activities and utilize threat intelligence to stay ahead of potential risks.
Develop and enhance incident response playbooks to ensure effective threat mitigation.
Participate in purple team exercises to test and strengthen our security defenses.
Collaboration & Knowledge Transfer:
Mentor and provide training to Level 1 analysts and other technical teams.
Liaise with remediation teams to ensure timely resolution and clear communication of security incidents.
Document findings and processes to continuously improve security operations.
Operational Excellence & Continuous Improvement:
Optimize internal processes and security tooling to improve overall operational efficiency.
Ensure continuous monitoring and rapid response to security alerts in a 24/7 operational environment.
Contribute to leadership KPIs by driving proactive threat management and security process enhancements.
Qualifications & Requirements
Experience:
5-8 years of experience in a Cyber Security Operations role, preferably within a high-profile enterprise environment.
Technical Proficiency:
Expert-level knowledge and hands-on experience with SIEM, SOAR, EDR, email protection, case management systems, and other security tools.
Proficient in conducting digital forensics and comprehensive log analysis using advanced tools.
Strong familiarity with cybersecurity technologies including IDS/IPS/HIPS, advanced anti-malware solutions, firewalls, proxies, and managed security services.
Log Management & Detection Engineering:
Proven experience in managing log management systems and developing detection engineering strategies.
Expertise in managing SIEM and SOAR infrastructures to support advanced threat detection and response.
Cloud & Platform Expertise:
Solid understanding and experience with cloud platforms (AWS, Azure, Google Cloud).
In-depth knowledge of operating systems including Windows, Linux, UNIX, and other enterprise platforms.
Networking & Scripting:
Proficient in common network protocols (TCP/IP, UDP, DNS, DHCP, IPSEC, HTTP) and network protocol analysis tools.
Functional experience with scripting/programming (e.g., Python, PowerShell) to develop and refine security solutions.
Standards & Compliance:
Familiarity with key security frameworks and standards such as OWASP, ISO2700x series, PCI DSS, GLBA, EU data security and privacy acts, FFIEC guidelines, and NIST standards.
Soft Skills:
Strong analytical and problem-solving skills.
Excellent communication and presentation abilities.
A proactive, curious mindset with a passion for cybersecurity.
Ability to work effectively under pressure in a dynamic, 24/7 operational environment.
Apply via :
egjd.fa.us6.oraclecloud.com
