People talk about the cybersecurity job market like it’s a monolith, but there are several different roles within cybersecurity, depending not only on your skill level and experience but on what you like to do.
In fact, Cybercrime Magazine came up with a list of 50 cybersecurity job titles, while CyberSN, a recruiting organization, came up with its own list of 45 cybersecurity job categories.
Similarly, OnGig.com, a company that helps firms write their job ads, analyzed 150 cybersecurity job titles and came up with its own top 30 list. This article is based on research I did with Springboard, one of the first cybersecurity boot camps with a job guarantee and 1:1 mentorship.
In particular, CyberSeek.org, a joint industry initiative looking at the cybersecurity job market, offers an interactive list of not only the various positions within cybersecurity but offers you a career path showing how you can get promoted.
The complicated part is that these titles and roles aren’t standardized, and they constantly change as the industry evolves. The National Institute for Science and Technology, in its National Initiative for Cybersecurity Education workforce framework, does try to standardize positions using the notions of:
Tasks (the action the person performs)
Knowledge (the concepts the person has to know)
Skills (the capability of acting)
Organizations can use these concepts to create roles and teams to perform the tasks they need.
Something else to keep in mind: Human resources departments may not understand the cybersecurity job market or how to hire people in that field, according to the 2020 SOC Skills Survey from Cyberbit.
There are a few distinctions we have to draw here. Cybersecurity job roles are differentiated by the level of experience required and whether you’re red-team (offensive) or blue-team (defensive). Offensive roles (like penetration testers) will typically require more experience as you build your understanding of the defensive practice.
So what are some of the most common cybersecurity job roles, and how are they different from each other? Some more entry-level positions, typically requiring a certification such as a CompTIA Security+, include:
Cybersecurity Analyst: The cybersecurity analyst is responsible for protecting both company networks and data. In addition to managing all ongoing security measures, the analyst is also responsible for responding to security breaches and protecting company hardware, such as employee computers.
Security Engineer: Security engineers are tasked with planning and executing a company’s information security strategy and maintaining all security solutions. They can also be responsible for documenting the security posture of their company and any issues or measures taken under their watch. Security engineers tend to be more defensive than their analyst peers.
Security Consultant: The security consultant is responsible for evaluating a company’s security posture on a contract basis, while also serving as an advisor to other IT employees. The goal of the consultant is threat management, and they will often plan, test, and manage the initial iterations of a company’s security protocols. Consultants tend to be outside of an organization, while cybersecurity analysts will be internal.
Advanced Threat Analyst: The advanced threat analyst will monitor computer networks to prevent unauthorized access to files and systems. They also provide reports to senior leadership involving the technical defense capabilities of the company.
Information Security Assessor: The information security assessor reviews and makes recommendations about a company’s security posture. They do this by interviewing IT employees, reviewing the security of the network, and testing for vulnerabilities. The assessor also reviews the security policies and procedures of the company.
Penetration Tester: The penetration tester is hired to hack the company’s computer networks legally. Testers may also use social engineering tactics and attempt to gain information by pretending to be someone of trust verbally. If vulnerabilities are found, the penetration tester will make recommendations to heighten security.
Higher-level positions, typically requiring a certification such as Certified Information Systems Security Professional (CISSP) and at least five years of experience, include:
Information Security Analyst: The information security analyst is responsible for protecting the company network and maintaining all defenses against an attack. The analyst may also implement the company’s disaster recovery plan in the event of network outages. Incidentally, according to ongoing, this is the most requested cybersecurity job description by employers.
Information Security Manager: The information security manager develops policies and procedures aimed at securing the company network. They oversee information security analysts while ensuring that the company complies with information security standards and norms. As a manager, they are responsible for hiring and training new information security analysts.
Also Read:
