Grade:KRA ‘3’
Department:Corporate Support Services
Division:Information and Communication Technology
Supervisor:Supervisor – IT Security Operations
Supervisee: None
Job Summary:
The jobholder is responsible for:
Ensuring IT infrastructure security by carrying out vulnerability assessments, identify security gaps, ensure that the network, databases, business systems and services comply with the approved policy, best practice, security requirements and set minimum baseline standards.
Monitoring the IT infrastructure and supporting investigation of security breaches and incidence response, and perform security impact analysis in the change process.
Configuring security policies and rules on the security tools such as Firewalls, SIEM, PAM, SOAR etc
Key Responsibilities:
Roles and responsibility
Carry out vulnerability assessments on network, databases, business systems and services using various tools and personal knowledge.
Ensure compliance with the approved policy, best practice, security requirements and set minimum baseline standards
Develop system security requirements for the various systems at acquisition/development and carry out security tests on the systems before deployments
Identify and recommend and configure suitable tools to enhance Information systems security.
Monitor systems and applications for security issues, vulnerabilities and recommend remediation including patching and upgrades, rules updates
Configure security policies and rules on firewall, SIEM , SOAR, PAM, anti-malware, IAM, Patch management solutions
Investigate security breaches and other cyber security incidents.
Perform security Impact analysis in the change process.
Document and research security breaches and assess any damage caused
Perform malware analysis and digital forensic
Academic Qualifications
Bachelor’s degree in Computer Science, Management Information Systems, Information Technology, Electrical / Electronic Engineering, Telecommunications or any other related field.
Professional Qualifications
Certification in any of the following or equivalent:
CEH, CHIF, CISSP or equivalent
Web Applications Security, Network security or equivalent
Boot camp (CEH, Ninja Ethical Hacking) with experience
Certificates in CCNA, Developer, DBA/System/Network Administration
Cyber Security: Digital forensic, malware analysis
Certificates in Penetration Testing, Vulnerability Assessment
Relevant Work Experience Required
At least one (1) year’ security experience in a medium to large organization.
Experience in cyber security monitoring
Experience in vulnerability Assessment and penetration testing
Experience in the configuration of any of the following security tools; firewall, SIEM , SOAR, PAM, anti-malware, IAM, Patch management
Experience security incidents response
Good command of SQL language
Good command of Unix/Linux/Windows
Broad-based IT experience with technical knowledge of Networks, virtualization, Hardware, Storage, Operating systems, and Applications, Business Impact Analysis, RTO/RPO
Up-to-date understanding of emerging trends in information security and apply new techniques and trends, in-line with overall information security objectives and risk tolerance.
Skills Required:
Knowledge in IT risk management
Basic Computer forensics and investigation skills
Security requirements analysis skills
A sound understanding of network, applications and data security
Key Competencies/ Personal Attributes:
Analytical skills
Keen attention to details
analytical and problem-solving abilities
Team player
Highly self-motivated and directed
