Equity Bank Kenya Cyber Risk & Red Team Specialist - Jobs in Kenya

Equity Bank Kenya Cyber Risk & Red Team Specialist - Jobs in Kenya

Description

Equity Bank is one of the region’s leading banks whose purpose is to transform the lives and livelihoods of the people of Africa socially and economically by availing them modern and inclusive financial services that maximize their opportunities.
With a strong footprint in Kenya, Uganda, Tanzania, Rwanda, South Sudan and DRC Congo, Equity Bank is now home to over 12 million customers - the largest customer base in Africa. Currently the Bank is seeking additional talent to serve in the role outlined below.

The CISRO Function

The Group Chief Information Security Risk Officer (CISRO) function is instrumental in protecting and ensuring the resilience of Equity Group’s data and IT systems by managing information, cybersecurity, and IT risk across the enterprise. As a critical function reporting into the Group Chief Risk Officer (CRO), the CISRO function serves as the second line of defence for assuring ICS controls are implemented effectively and in accordance with the Risk Framework and for instilling a culture of cyber security within the Bank.

The Group CISRO is responsible for ICS governance, strategy, policy, risk assessments, industry partnerships, and regulatory engagement. The Office of the CISRO is central to ensuring the Bank’s ability to meet its ICS commitments to internal and external stakeholders, including regulators, as well as maintaining an acceptable ICS risk profile that is regularly reported to the Board.

The Role

The Cyber Risks & Red Team Specialist role is highly technical and challenging with opportunities to be part of a team that will have a meaningful impact. The is expected to possess a adequate understanding of both cyber security and information technology and should understand concepts including computer networking, web and native application functionality, operating system functionality, cloud services, corporate network environments and operations.
He should be able to learn advanced concepts such as endpoint protection evasion, covert operations, and tailored exploit development.

The role leverages previous penetration testing and Red Team experience. This may involve delivering Threat Intel-led Red Team exercises, developing social engineering test campaigns and the associated collateral, executing phishing campaigns and attempting to compromise internet-facing systems, conducting privilege escalation and lateral movement within the group’s networks, hunting for objectives with little-to-no information provided at hand and attempting to exfiltrate data from the network; all while avoiding detection from the bank’s security operations teams.

The role will require you to perform exploits at scale while remaining stealthy, identify and exploit misconfigurations in the corporate infrastructure, quickly and effectively parse data, present relevant data in a digestible manner, think well outside the box.

Responsibilities

Set-up internal second line of defense red team lab to enable targeted testing of the group’s environment as well as effective follow up of vulnerability remediations.

Manage external red team exercises ensuring that noted risks are remediated and tracked.

Review and propose updates to cyber risk management and information security frameworks and policies on an

annual basis at a minimum.

Enforce implementation of the cyber risk management and information security framework ensuring that key gaps and risks noted are well discussed, actioned and escalated.

Support is ensuring the architecting and creation of secure solutions for the cloud that adhere to industry best practices through detailed risk assessments.

Support the evaluation of security controls against the SaaS, IaaS and PaaS offerings provided.

Support the creation and management of a new security risk management process to approve and authorize new capabilities and monitor the output of the process.

As part of targeted risk assessments, review network architecture and artifact configurations (Firewalls, Routers, Switches, IDS, IPS) and give practical recommendations.

Support first line IT units in coming up with baselines for implementation and in accordance with best practices these include baselines for secure coding, custom scripts and programs.

Support in other reviews that might be allocated from time to time.

Present findings with clarity to management and get buy-in for implementation of controls.

Have the capability to mine forensic data for investigative and forensic if called upon.

Support cyber forensic investigation and root cause analysis when required

Qualifications

Ideal Candidate

Bachelor’s degree in Computer Science, Information and Cyber Security, Technology or equivalent

5 years of relevant in information security or risk management, preferably in Banking and Financial sector, with hands-on experience in penetration testing red teaming and information assurance assessments

Minimum of CEH (Certified Ethical Hacker) certification or LPT (Licensed Penetration Tester)

Any one ISACA related Certification (e.g. CISM, CISA, CRISC and CGEIT) * Added advantage

CISSP (Certified Information Systems Security Professional) * Added advantage

OSWP (Offensive Security Wireless Professional) * Added advantage

OSEE (Open System Engineering Environment) * Added advantage

OSCP (BEST) (Offensive Security Certified Professional) * Added advantage

Consistently able to demonstrate or articulate value proposition

Candidates must have demonstrated skills in penetration testing and ethical hacking having carried out:
1.Password guessing and cracking attacks.
2.Session hijacking and spoofing attacks.
3.Network traffic sniffing attacks.
4.Denial of Service attacks.
5.Exploiting buffer overflow vulnerabilities.

Good understanding of networks and networking elements.

Good understanding of web pages and it's technology.

Expertise in Linux machine recommended Kali and parrot.

Familiar with various operating systems and databases

Red team experience

Ability to both assess priorities and to focus on work in a structured fashion which delivers results

Sound judgement and anticipation

Strong integrity, independence, and resilience.

For more information and job application details, see; Equity Bank Kenya Cyber Risk & Red Team Specialist - Jobs in Kenya



Find daily jobs in Kenya. Jobs - Kenya jobs. Search our career portal & find the latest Kenyan job positions, career opportunities & jobs in Kenya.

Jobs in Kenya - banking jobs, IT jobs, accounting jobs, NGO jobs, business administration, ICT, UN jobs, procurement jobs, education jobs, hospital jobs, human resources jobs, engineering, teaching jobs, and other careers in Kenya.

Find your dream job from 1000s of vacancies in Kenya posted and updated daily - click here!