The need for cybersecurity professionals has never been greater. Given the ever-expanding roles of technology, data and AI in the enterprise, the need to protect, detect and remediate against cyber attacks is of existential importance across every sector.
At the same time, organizations of all kinds are grappling with the much-discussed cybersecurity talent shortage. A wide variety of opportunities abound, and the field needs a diverse array of talents and skills.
As an aspiring or current practitioner weighing possible career options, consider the following eight cybersecurity roles.
1. Security administrator
Seniority: Entry-level to midlevel
The security administrator is an operational role overseeing an organization’s security on a day-to-day basis and troubleshooting and triaging problems as they arise. Typical tasks might include the following:
- network scanning;
- activity monitoring;
- security tool configuration and support;
- secure data backup management;
- user account administration;
- user privilege management; and
- security policy implementation, in partnership with governance, risk and compliance teams.
2. Security operations center analyst
Seniority: Entry-level to senior-level
The security operations center (SOC) analyst role involves uncovering potential cyber attacks by monitoring for unusual digital activity. SOC analysts use traditional log monitoring, as well as more advanced AI-based tools, that alert to suspicious behavior.
Many cybersecurity professionals’ first jobs are in the SOC, and an entry-level analyst could go on to hold any number of positions in the field.
While junior SOC analysts’ responsibilities are operational in nature — reviewing and processing alerts from security tools to weed out false alarms and escalate potential red flags — senior SOC analysts shoulder more advanced responsibilities. These might include the following:
- handling high-priority security incidents;
- researching emergent threats and incorporating findings into the monitoring and analysis framework;
- training and managing junior analysts;
- researching cybersecurity trends, tools and technologies and making recommendations for adoption; and
- engaging in threat hunting and threat management.
Regardless of seniority, a SOC analyst needs an eye for detail, the ability to troubleshoot and an interest in threat research.
3. Digital forensic engineer
Seniority: Entry-level to senior-level
As the term suggests, digital or computer forensics involves retroactively investigating confirmed security incidents, such as data breaches. Digital forensic engineers — also known by titles such as cyber forensic investigators and computer forensic analysts — seek to uncover and understand the scope of attacks, who perpetrated them and how.
A digital forensic engineer’s responsibilities may include the following:
- gathering and analyzing digital evidence, including log and alert data;
- recovering and analyzing data from damaged or corrupted devices;
- documenting the sequence of events that unfolded during a security incident;
- providing evidence and analysis to legal and law enforcement teams; and
- offering expert analysis and testimony in judicial proceedings.
To be successful in this role, a digital forensic engineer must have the following:
- strong problem-solving skills;
- advanced technical abilities, with expertise in programming, ethical hacking and OSes;
- an understanding of the legal requirements involved in evidence gathering; and
- an avid interest in piecing together evidence to make a case.
While many digital forensic engineer, analyst and investigator roles require significant experience, related entry-level positions do exist. In some cases, for example, junior technicians may need only a bachelor’s degree and relevant technical skills to get started in digital forensics.
4. IT auditor
Seniority: Entry-level to senior-level
The IT auditing role involves evaluating an organization’s security practices and technological infrastructure to assess the following:
- security gaps and corresponding business risks;
- adherence to compliance laws; and
- efficiency and effectiveness of the overall security deployment.
After assessing an organization’s risk profile, an IT auditor makes formal recommendations for improvement to key stakeholders. Other key responsibilities of an IT auditor include developing, implementing and updating the audit framework.
IT auditors need strong interpersonal skills and the ability to build relationships across their organizations; the ability to interpret and implement security frameworks; and an interest in meeting regulatory requirements effectively and efficiently.
5. Application security engineer
Seniority: Midlevel to senior-level
The application security engineering role focuses on protecting an organization’s applications from attackers throughout the software development lifecycle and the application lifecycle. Appsec engineers may work in standalone teams or as integrated members of DevSecOps teams.
An appsec engineering position typically involves the following:
- identifying and implementing security controls — including hardware, software, techniques and procedures — and establishing internal security standards to prevent unauthorized application access;
- working closely with developers and software architects to ensure they use secure coding practices;
- implementing application logging, authentication and authorization systems; and
- creating a framework for assessing incorporation of binaries from public libraries such as GitHub to ensure security.
Today’s appsec engineers may also oversee API security and recommend best security practices for third-party application use.
6. Network security engineer
Seniority: Midlevel to senior-level
Network security engineers aim to minimize network security vulnerabilities without sacrificing uptime. They need technical skills, the ability to troubleshoot problems as they arise and extensive knowledge of common and emerging cyber threats.
A network security engineer’s responsibilities typically include the following:
- deploying, configuring, managing and testing network security hardware and software — including routers, firewalls, VPNs and endpoint devices — to defend against cyber threats;
- managing network access;
- monitoring the network for unusual activity;
- troubleshooting network security issues; and
- supporting the development of network security policies, processes and designs.
Today’s network security engineers may manage infrastructure in traditional on-premises, cloud or hybrid environments.
7. Penetration tester
Seniority: Midlevel to senior-level
Also known as ethical hackers, pen testers work to proactively uncover enterprises’ security vulnerabilities by modeling attacker behavior. Pen testers try to breach networks and systems by exploiting known and unknown technical vulnerabilities and by engaging in social engineering. Their goal is to uncover security weaknesses before malicious hackers do.
Necessary skills include the following:
- building automated scripts;
- keeping up with security vulnerabilities disclosed publicly and on the dark web;
- creating detailed pen test reports identifying exploitable weaknesses; and
- recommending policy changes and updates to user training methods.
Pen testers may work for dedicated in-house teams or for third-party firms that serve multiple organizations.
8. Security architect
Seniority: Senior-level
The security architect role overlooks the entire security posture of an organization. It includes the following responsibilities:
- drafting security policies that align with the organization’s risk appetite;
- architecting remediation and mitigation plans in case of cyber attacks; and
- identifying new security and technology trends to incorporate into the cyber framework.
For security architects who are managers — leading teams of security engineers — people and communication skills are also important.