Top 20 Information Security Jobs
Which ones match your abilities and interests?
InfoSec Crime Investigator / Forensics Expert
The thrill of the hunt. You never encounter the same crime twice.
Analyzes how intruders breach infrastructure in order to identify additional systems networks that have been compromised. Want to see the face of your enemy behind bars? It’s a thrill like no other – being pitted against the mind of the criminal and having to reconstruct his lawless path.
Application Penetration Tester
You’re an ethical hacker. It takes equal parts of technical ability and creativity.
This expert contributes an integral piece to the company’s software development lifecycle. Expect to do everything from developing code to reverse engineering binaries to examining network traffic.
Do this one right and you could put everyone else on this list out of work.
Understands business needs as well as technology and environmental conditions and can translate them into a security design that allows the organization to efficiently carry out its activities while minimizing risk. Like the captain of a ship, this is the individual who makes or breaks actual systems, protocols, and applications.
Computer Crime Investigator
Brain and badge. The final step in catching the bad guys is yours.
Includes both sworn law enforcement officers and civilian employees. Entrusted with the preservation, acquisition, storage, detailed analysis, and clear reporting of digital evidence from many sources: almost every contemporary crime has a digital footprint.
Prosecutor Specializing in InfoSec Crime
The “bad guys” are smarter, harder to catch. You have to be smarter.
A government attorney who guides law enforcement investigations into computer crimes and represents the state in lawsuits against defendants accused of technology crime.
System, Network, and/or Web Penetration Tester
You can be a hacker, but do it legally and get paid a lot of money.
Finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. When things go wrong, this is the person whom we all need to ask for help.
It’s CSI for cyber geeks.
Focuses on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil / criminal litigation. This job requires the analyst to “go deep” into a system, find out what went wrong, what’s still wrong, and trace it to the perpetrators and recommend fixes.
Only go if here if you’ve been called. You know who you are.
Examines malicious software to understand the nature of the threat. This usually involves reverse-engineering the compiled executable to figure out how the program interacts with its environment.
Technical Director and Deputy CISO
Top technical dog. Manages and directs the analysts and engineers that make info security happen.
This expert has to be a strong support for the Chief Information Security Officer (CISO) by succeeding at the famous People – Process – Technology triangle. You have the enviable role of technology focus, but never forget people and process.
Network Security Engineer
If there’s one indispensable person, it’s the network person. This is where the action is.
Designs implements, and manages a network so that proper security is built into the overall infrastructure. Understanding both network principles and security allows this person to build a robust network that provides proper functionality and the correct level of security. This is a common starting point for people who become “top guns” in cyber security.
The secret agent of tech geekdom.
When the security of a system or a network has been compromised, the incident responder is the first line defense during the breach. You have to be technically astute and able to handle stress under fire.
CISO / ISO or Director of Security
Seems like I can get a lot done with little push-back.
Connects legal, regulatory, and local organizational requirements with risk taking, financial constraints, and technological adoption. You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player.
High-level protection. You set the policies that keep your company out of the news.
Researches and analyzes security threats that may affect a company’s assets, products, or technical specifications. These folks dig into the technical protocols and specifications for a greater understanding of security threats than most of their peers, identifying strategies to defend against attacks through intimate knowledge of the threats.
Security Operations Center Analyst
Part human guard dog of the network and part cyber detective.
Entrusted with configuration, customization, and examination of output from security tools and software installed on the network. This cyber-warrior is on the front line and has to have nerves of steel and high intellect.
Vulnerability Researcher / Exploit Developer
Wow, I can’t believe you actually do that. Talk about thinking outside the box.
Makes the absolute declaration that an application or the OS the organization is using or considering using is safe or unsafe. You are providing proactive approaches to security, finding out how much damage and what type has been done in order to keep systems secure and up and running.
You’re the gatekeeper. As intruders try to find their way in, it’s up to you to close the doors.
This expert is responsible for monitoring traffic, blocking unwanted traffic from and to the internet and dealing with attackers. Firewalls and IPS technology are the starting points for hardening the network against possible intrusion attempts.
Should be a top gun job. With financial sector fiasco, auditors are going to be very sought after.
Measures and reports on the risk to the organization by measuring compliance with policies, procedures, and standards. You find the holes and recommend patches to get the company safe.
Security-savvy Software Developer
This one is very rare.
You’re ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker. This person leads all developers.