Cybersecurity Specialist, Security Testing

KEY RESPONSIBILITIES: MUST NOT BE MORE THAN 10

Conduct regular penetration tests and vulnerability assessments on networks, web applications, and other critical infrastructure.

Develop, implement, and manage penetration testing schedules to identify, classify, report, and prioritize remediation of security vulnerabilities across the Group resulting in timely and effective security assessments.

Use a variety of tools and techniques to simulate attacks on systems and uncover vulnerabilities.

Develop and deliver reports on the status and effectiveness of the security testing program to internal leadership and all relevant stakeholders.

Perform in-depth analysis of penetration testing results and create reports that describe findings, exploitation procedures, risks, and recommendations.

Provide technical VAPT related support to projects in a bid to ensure compliance to technical security policies and standards. Execute penetration testing projects using the established methodology, tools, and rules of engagements.

Develop, research, and maintain proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities, data hiding, and encryption.

Cross-Functional Collaboration with other teams and departments to enable effective defence-in-depth controls through Red Team, Purple Team and Blue Team exercises. 

Emulate advanced threat actors by planning, executing, and analysing complex attack scenarios. Help develop and refine tactics, techniques, and procedures (TTPs) used by adversaries.

 

DAILY RESPONSIBILITIES: NOT MORE THAN 5 OF THE MOST TYPICAL

• Perform authorized attack surface reviews and penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing as per schedule and on request at the direction of the Senior Managers Cybersecurity Assurance and Head, Group Cybersecurity.

Deliver status reports and relevant metrics on vulnerability management across the group.

Conduct or guide deep testing of the Groups systems to uncover security issues both manually and using automation tools as needed to support your work.

CHALLENGES: GIVE ONE EXAMPLE OF THE CHALLENGES ENCOUNTERED IN THIS JOB

The advancement of zero-day exploits is on the rise with little to no turn around time to identify, mitigate and remediate identified vulnerabilities. While it is common for security testers to get satisfactory result for known attacks, zero-day attacks can prove adversarial in nature due to the limited available knowledge and expertise. By virtue of the challenge, this job would require a robust well-seasoned penetration tester to stay on top and ahead of these security concerns. 

 

 

 

 

AUTHORITIES[1]: MANDATES, SIGNING AND/OR APPROVAL LIMITS

 

Authority Type Impact Key[2] Currency Limit Value Authority Level Cybersecurity solution recommendations MV N/A N/A RC

 

MINIMUM POSITION QUALIFICATION REQUIREMENTS

 

Academic & Professional

 

Particulars Detail Specific Field or Qualification Need Type Education  Bachelor’s Degree B.Sc. Information Technology / Computer Science / Cybersecurity / Engineering (Electrical, Electronic) or related field RQ Professional Qualifications

Cybersecurity certification in either CISA/ CISM/ CISSP/ Security+ /

Cybersecurity certification in either CEH/CPT/CRT/GPEN/OSCP/ OSWA/OSWE/ LPT/ PenTest+/ ECSA/ CHFI/ or a relevant equivalent certification/Certified Red Team Expert (CRTE)/Certified Red Team Operator (CRTO)/ Bug Bounty Researcher (ICBBR)/ Certified Information Systems Security Tester (CISST)/PECB ISO/IEC 27001 Lead Auditor/

AT least one RQ or equivalent Penetration Testing / Cybersecurity Assurance Certification   /Cisco Cyberops Associate & Professional or any relevant equivalent certification AA Master’s Degree MBA / MSc  AA

 

Experience

 

 

Total Minimum No of Years of Experience Required

 

 

4

 

 

Detail Minimum No of Years Need Type[ Experience in Cybersecurity 3 ES Experience in Penetration Testing and Ethical hacking 3 ES Experience in Offensive Security and Red Teaming 2 DE Experience in System/ Network/ Database/ Containerization and Cloud Platform Administration 2 DE Experience with penetration testing frameworks and tools, such as Kali Linux, The Penetration Testers Framework, Metasploit, Canvas, Cobalt Strike, Burp Suite Pro, Nexpose, Nessus, Wireshark, Nmap 2 DE Experience in code review 2 DE

 

 

JOB CONTRIBUTION

 

Particulars Type Primary Job Role SU Monetary Impact  IE Job Impact NM Accountability CU

 

 

KCB Group is registered as a non-operating holding company which started operations as a licensed banking institution with effect from January 1, 2016. The holding company oversees KCB Kenya – incorporated with effect from January 1, 2016 – and all KCB’s regional units in Uganda, Tanzania, Rwanda, Burundi, Ethiopia and South Sudan. It also owns KCB Insurance Agency, KCB Capital, KCB Foundation, National Bank of Kenya, and all associated companies. The holding company was set up to among other things to enhance the Group’s capacity to access unrestricted capital and also enable investment in new ventures outside banking regulations, achieve operational and strategic autonomy for the Group’s operating entities and enhance corporate governance across the Group and oversight in the management of subsidiaries. Related documentation:  Group Name Change,   Name Change Certificate,  KCB Advise on Non-Operating Holding Company,  KCB Group Structure,  Kenya Gazette Notice.