The Copperbelt Energy Corporation PLC (CEC) is an independent power transmission and distribution Company with interests in closely linked businesses in Zambia and the African region.
CEC invites applications from suitably qualified, innovative and dynamic individuals to take up the position of Engineer – Cyber Security based at our Head Office in Kitwe and reporting to the Manager – Cyber Security.
The role holder will proactively detect and respond to cyber vulnerabilities and incidents, conduct post-mortems, and drive change across the Company’s cyber and digital landscape. The role is responsible for defending the business against technology security incidents, as well as identifying, analysing, communicating, and containing these incidents when they do occur. As subject matter expert, this role will be responsible for developing standards and processes to uncover, resist, and recover from security incidents.
- Validate and maintain cyber incident response plans and processes to address potential threats as well as compile and analyse data for reporting purposes.
- Design and maintain security data flow from network end points through aggregation, retention, parsing, SIEM correlation and mining.
- Monitor information on security related websites and the incident response community to leverage alert data from multiple sensors and systems in order to determine the priority of the response.
- Identify and implement tools to baseline activity so as to alert and limit suspicious activity on the Company’s cyber networks (information system, telecommunication and SCADA systems).
- Perform an in-depth analysis or assessment of threats to critical cyber networks and infrastructure components by regularly monitoring and analyzing select security events, review of log files, platforms, applications, products and services.
- Detect, document, investigate, and resolve all cyber security incidents as per the Cyber Security policy and provide guidance to first responders for handling cyber security incidents.
- Conduct periodic vulnerability scans and penetration testing of cyber systems.
- Install, configure and maintain security appliances and applications.
- Propose defining rules and malware signatures for enhanced detection and mitigation based on analysis and research of known indicators, events, identification of malicious activity and discovery of new sources.
- Conduct new technologies evaluations and advise on impact to security posture.
- Conduct in-house staff awareness training on cyber security.
- Produce and deliver high-quality reports, briefings, and assessments to Management to facilitate understanding of cyber threat entities and environments.
- Contribute to development of departmental budget and provide support to management of departmental expenditure within the prescribed budget to achieve cost control and identify any opportunities for improved cost management.
- Demonstrate consistent behavior in line with the Company’s Health, Safety and Environment (HSE) and Risk Management policies, procedures and standards.
- Demonstrate behavior in line with CEC values, standards and expectations of a professional workplace.
- Participate as an effective team member in working collaboratively with leaders, peers and relevant others (including from other teams) to achieve business goals.
Qualifications and Experience
- Grade 12 School Certificate.
- Bachelor’s Degree in Computer Science, Information Technology, Electrical and Electronics Engineering or equivalent.
- Professional certification such GIAC Security Essential Certification (GSEC), Certified Information Security Professional (CISSP) or Certified Ethical Hacker (CEH) will be a distinct advantage.
- Registered Member of the Engineering Institution of Zambia or Information Communication Technology Society of Zambia.
- Minimum of 3 years extensive hands-on experience in information security in a reputable organisation.
- Strong capability in cyber analytics for information security and Vulnerability and Patch Management.
- Proven knowledge of cyber attacker tactics, techniques and procedures, malware, network and computer forensics.
- Demonstrated Project Management Skills.
- Knowledge of TCP/IP/ Unix / Linux based Operating Systems.
- Working knowledge of scripting language such as Python, Bash, etc.
- Detailed knowledge of ICS and SCADA Systems.
- Ability to conduct Penetration Testing and Incident Handling & Analysis.
- Hands-on skills in network technologies.
If you are keen on the above position, kindly email your application to [email protected]. Please indicate the job title in the subject line of your e-mail and use your full name and the job title as the filename of your application (e.g., BwalyaJirambo_Engineer – Cyber Security). The application should consist of your letter and CV only, in a single document. Hardcopy applications will not be accepted. The closing date is: Thursday, 21 June 2018.