Key Responsibilities 

Incident Investigation & Escalation: 

• Handle escalated security incidents from Level 1 analysts. 
• Conduct thorough host and network forensics, and perform log analysis to identify the root cause of security incidents. 
• Determine attack vectors, exploitation methods, and techniques used to bypass security controls. 

Log Management & Detection Engineering: 

• Oversee the management and optimization of log data collection and analysis. 
• Develop and refine detection engineering strategies to improve threat identification. 
• Manage and maintain SIEM and SOAR infrastructures, ensuring efficient processing and correlation of security events. 
• Collaborate with engineering teams to implement and enhance security monitoring use cases. 

Threat Detection & Response: 

• Carry out proactive threat hunting activities and utilize threat intelligence to stay ahead of potential risks. 
• Develop and enhance incident response playbooks to ensure effective threat mitigation. 
• Participate in purple team exercises to test and strengthen our security defenses. 

Collaboration & Knowledge Transfer: 

• Mentor and provide training to Level 1 analysts and other technical teams. 
• Liaise with remediation teams to ensure timely resolution and clear communication of security incidents. 
• Document findings and processes to continuously improve security operations. 

Operational Excellence & Continuous Improvement: 

• Optimize internal processes and security tooling to improve overall operational efficiency. 
• Ensure continuous monitoring and rapid response to security alerts in a 24/7 operational environment. 
• Contribute to leadership KPIs by driving proactive threat management and security process enhancements. 

Qualifications & Requirements 

Experience: 

• 5-8 years of experience in a Cyber Security Operations role, preferably within a high-profile enterprise environment. 

Technical Proficiency: 

• Expert-level knowledge and hands-on experience with SIEM, SOAR, EDR, email protection, case management systems, and other security tools. 
• Proficient in conducting digital forensics and comprehensive log analysis using advanced tools. 
• Strong familiarity with cybersecurity technologies including IDS/IPS/HIPS, advanced anti-malware solutions, firewalls, proxies, and managed security services. 
• APPLICATION:
• Interested and qualified? Go to Safaricom Kenya on egjd.fa.us6.oraclecloud.com to apply
•