As the security threat landscape evolves, so do the roles that security professionals play. Chief security officers (CSOs) and chief information security officers (CISOs) are seeing the scope of their responsibilities expand. Other professionals, such as security analysts and engineers, are finding they need to know more about working with other groups within their organizations. Newer roles such as malware analyst and security incident responder are emerging to better combat threats.
The effectiveness of any security-focused job depends on clear definitions of roles and strong communication up and down the line as to the tasks and responsibilities for which each player is responsible. Job hunters will also want to see a well-defined job description. Crafting a good job description is a big challenge, because each company has different needs and has its own expectations for each role on the security team.
Having a common baseline for each security role provides a good starting point for companies as they assign duties and responsibilities. It also helps anyone looking for a job in security to identify the roles for which they are best suited. To that end, CSO has produced a series of articles that help management build job descriptions for key security roles.
It’s also important to understand the skills and experience that a particular security role requires. CSO has interviewed top practitioners in a range of security roles to provide a first-hand narrative of the path they took to the jobs and what’s required of them.
The articles below also provide information on salaries and certifications typically required for each role. They also discuss requirements that are specific to certain industries such as healthcare and finance.
The chief information security officer has a big, mission critical job. Make sure you spell out the CISO's duties and expectations for the role.
A thorough, clear job description will ensure that security analysts stay on the same page with management expectations.
A good information security architect straddles the business and technical worlds. Writing a solid, clear job description ensures that both sides understand the role.
The IT security engineer is on the front line of protecting a company's assets from threats. The job requires strong technical, organizational and communication skills.
Security role profiles
A CISO typically has a technical information security or IT risk background, but the path that leads to the role can vary greatly. Here’s how one CISO landed his first job in the position.
The proliferation of ransomware and other attacks has increased demand for experts who can analyze how the software works and devise a response.
While the path to security architect varies, anyone considering the role should have a passion for IT infrastructure and protecting data.
The role is a fairly new one in many companies, and qualified candidates are in high demand. Learn how one IT security engineer landed his current job, the skills and training that helped him get there, and where his sights are set now.
The move to security consultant can be rewarding and challenging (in a good way), but be prepared to market and sell yourself and your services.
A wide range of technical skills and curiosity about the mechanics and goals of an attack are key for effective incidence response.
Developers with a security focus will be in strong demand, especially for financial, cloud and Internet of Things applications.
The role is a fairly new one in many companies, and qualified candidates are in high demand. Learn how one IT security engineer landed his current job, the skills and training that helped him get there, and where his sights are set
There are many more openings for security systems administrators than qualified applicants. That creates opportunities for IT professionals willing to get the training and certification.
This in-demand role calls for a rare combination of superior communication skills and security chops. Learn how one information assurance analyst landed his current job, the skills and training that helped him get there, and where his sights are set now.
Data security strategist is a fast-growing career, and one that will get even hotter as data from AI and IoT initiatives pours into enterprises.