Detailed Description

Reporting to the Team Leader – Cyber Security Operations Centre (CSOC), the successful candidate will lend support in Cyber threat detection, working in 24/7 shifts, providing eyes-on-the-glass service at the Safaricom CSOC, performing real-time monitoring and identification of security incidents. He/She will help identify suspicious activity, open incident investigation tickets and escalate any key concerns to Level 2/3 for additional analysis & communication.

Key Responsibilities

• Work in 24*7 shifts performing real time monitoring of security alerts generated by various security tools deployed by Safaricom.
• Serves as a primary point of contact for reporting potential security incidents.
• Validate, classify and open tickets for security incidents.
• Analyze and assess security alerts and escalate to Level 2/3 analysts for further investigations and communication.
• Document security incidents as identified by the case management process.
• Provide feedback on enhancing the operations of the cyber security operations Centre.
• Respond to generated security alerts within the time window as defined in procedural SLAs.
• Pick out potential intrusions from seemingly benign sets of audit logs or security alerts.
• Triage (primary investigation) of detected security alerts and make necessary escalation decisions.
• Escalation to appropriate teams, follow ups and provide assistance during remediation.

QUALIFICATIONS

• Bachelor's Degree in Electrical Engineering/Computer Science/IT Security/Information Technology.
• Knowledge of common SIEM solutions, the purpose of them and an understanding of how they work.
• Knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc.
• Experience with Microsoft Windows and *NIX operating systems is required.
• Knowledge and/or experience with common security tools such as anti-virus, Intrusion Prevention Systems and Firewalls is an added advantage.
• Knowledge and/or experience with Relational Database Management Systems (RDBMS) – Oracle, MS SQL, My SQL, Pervasive SQL is an added advantage.
• Good communication and presentations skills are required.
• Enthusiasm, curiosity, thirst for knowledge and passion for the job is required.
• Analytical thinking.
• Customer focused, Team spirit.

Detailed Description

Reporting to the Senior Manager, Cyber Prevent and Defense, the successful candidate will be in charge of the day to day operation and maintenance of Technology Security tools and services and ensure 99.999% uptime. He /she will implement the technology security architecture as designed by the Technology Security Design/Engineering team, according to industry best practices.

Key Responsibilities

• Assist with configuration, management and upgrade of a wide variety of security products/appliances
• Troubleshoot and remediate Level 2/3 issues impacting Technology Security operations within the defined SLA.
• Assisting with the installation and configuration of network security architectures, including firewalls, Demilitarized Zones (DMZ), router ACLs (Access Control Lists), Intrusion Prevention Systems (IPS), Privilege Identity Management (PIM), Anti DDoS solutions, and content filters
• Liaise with other business leads and participate in project meetings and contribute to design reviews – from high level application architecture to configuration of OS level parameters to meet security goals.
• Serve as the primary point of contact & escalation point for Security Administration tasks and coordinate provisioning, installation and troubleshooting
• Lead efforts in documenting & reviewing the changes, operation and troubleshooting of Technology Security platforms and procedures

QUALIFICATIONS

• Degree in Electrical Engineering/ Computer Science/Information Technology.
• Professional Information Security Qualification in CISSP/CISM/CISA will be an added advantage.
• Advanced competencies in Network Security: CCNP or CCIE (Security).
• Advanced competencies in Microsoft, Linux or Unix Operating Systems administration.
• Advance competencies experience in Information Security Technologies.
• Minimum of 5 years Network Security experience with Firewalls, network switches, Intrusion Prevention Systems, Web Application Firewalls, VPN administration, Content Filters, Security Scanning tools.
• Experience in design, delivery and support of Information Security solutions to customers will be and added advantage.