Job Description
Kimisitu Sacco Ltd Overview
Kimisitu Sacco Ltd ‘the Sacco’ is one of the fastest growing National Tier-1 Deposit Taking
SACCOs in the region. The SACCO was registered in 1985 and is regulated by Sacco Societies
Regulatory Authority of Kenya (SASRA).
Kimisitu Sacco has an open membership majorly drawn from employees of Non-Governmental
Organizations (NGO), Embassies, International Missions, Government Agencies, Corporates,
Businesses, Chamas, and investment groups in Kenya and Diaspora. Our mission is to empower
our members economically by providing quality financial services through prudent mobilization of
resources and excellent customer care.
Kimisitu Sacco is seeking to recruit a dynamic, self-driven, and result-oriented individual to join
our team in our fast paced, modern work environment, to fill the above-mentioned position.
Position Summary
You will be responsible for information security design, implementation, optimization and
maintenance of the Sacco network and telecommunications components, server infrastructure,
endpoint devices and related hardware in line with business requirements and strategic priorities.
Main Responsibilities
• Carry out internal and external penetration tests on the Saccos’s platforms.
• Innovate and model new red teaming techniques for the security team.
• Carry out awareness campaigns to staff and stakeholders on cyber security matters.
• Collaborate with the information security functions to maintain records of all data assets
and exports.
• Produce accurate, interactive, digestible information security reports with associated
mapping and dashboards.
• Provide research, incident analysis and evaluation, presentation, and report production on
a weekly basis.
• Be part of a 24-hour active monitoring and analysis of the Sacco networks for malicious
activity through Security Incident and Event Management (SIEM) reporting. Including
responding to and investigating alerts, assisting with developing new security monitoring
use cases, and ensuring all investigative activity is properly documented and followed up
with relevant support teams.
• Conduct proactive cyber threat research and analysis. Monitoring open-source intelligence
sources for potential threats against the Sacco, and ensure appropriate defensive actions
are taken with respect to these.
• Analyze a variety of network and host-based security appliance logs (Firewalls, IPS, NIDS,
HIDS, Sys Logs, etc.) to determine the corrective or mitigation actions and escalation paths
for each incident.
• Independently follow procedures to report, contain, analyze, and remediate security
incidents.
• Be available, on-call, to rapidly troubleshoot any problems resulting from infrastructure
changes, security breaches, or other unplanned/unforeseen circumstances.
• Offer first level ICT user support and administration of various Sacco systems.
• Perform any other duty assigned from time to time.
Knowledge: Qualifications & Experience
• Bachelor’s degree in information technology, computer science or its equivalent.
• Show competence in Cyber Security through CTFs or learning platforms.
• At least three (3) years’ experience in system security and administration.
• CISSP CISA/CISM/CEH/Certified SOC analyst (CSA)/Security+/Network+/CCNA/SSCP or
other related certifications.
• Technical knowledge of database, network, and operating system security.
• Knowledge of various security methodologies and processes, and technical security
solutions (firewall and intrusion detection systems).
• Knowledge and experience using one or more tools related to SIEM, intrusion detection
and prevention systems, network security managers, firewalls, and end point logging.
• Knowledge of TCP/IP Protocols, network analysis, and network/security applications.
• Strong written communication skills in report writing for incident reporting.
• Knowledge of specific tools and languages such as Wireshark, PowerShell, Python and
SQL knowledge highly desirable.
Personal Attributes required for this role:
• Excellent communication and interpersonal skills
• Decision making and problem-solving skills
• Innovation and creativity
• Project management skills
• Understanding and willingness to work in a diverse team that supports the ICT function.
• Analytical mindset and the ability to organize and present information in a coherent and
understandable manner.
• Highly motivated and able to work independently.
Key Relationships:
Direct Reports to this Role:
• None
Internal Contacts:
• All department
External Contacts:
• Service providers
• Regulators
• Members