The 8 Hottest Security Jobs of 2015
There is an unprecedented demand for highly-skilled professionals capable of building holistic programs, security into new and existing networks, assessing security on a real-time basis as new vulnerabilities are identified and disclosed, and acting as front-line defenders across various industries. Meanwhile, the number of entrants into the workforce has not kept up with this demand, leaving a significant gap in capacity to adequately protect businesses from attacks. At the same time, the lack of clarity and consistency in job profiles, competency models, skills assessment contribute to a sub-optimal deployment of these scarce resources. Openly Secure has built upon the work of previous efforts to identify and validate the hottest security jobs, the top eight list of roles define the apex of professional skill in the field:
1. Chief Information Security Officer (CISO) / Chief Security Officer (CSO)
A CISO/CSO is a C-level management executive whose primary task is to oversee the general operations of an organization’s IT security department and other related staff. The organization’s overall security is the foremost concern of the CISO/CSO. As such, persons who aspire to become a CISO/CSO must demonstrate a strong background in IT strategy and security architecture.
2. Application Security Engineer / Architect
Application Security Engineer / Architect is a mid to high-level employee who requires the demonstrated technical abilities necessary to conduct operational testing of applications before initial deployment and as they are subsequently updated. Competence is assessed on the ability to identify the program avenues most riddled with flaws and holes that give malicious actors access to important content or systems. Applications from the web are particularly vulnerable to malicious exploitation, frequently infecting visitors’ computers with troublesome viruses and other malware that can create access pathways for data exfiltration or worse.
3. Network Security Engineer / Architect
Network Security Engineer / Architect is a mid to high-level employee who requires deep-technical experience and knowledge with security controls (firewalls, IDS/IPS, authentication etc.), TCP/IP, security systems (routers, switches, antivirus, content filtering, etc.), and hands-on experience with network security appliances / tools (e.g. Check Point, Juniper, Websense, Splunk, CyberArk, Blue Coat, F5, Forescout). Network security is a big pain point for companies and Network Security Engineers / Architects will continue to be in demand to protect critical infrastructure and keep their technology platforms safe from ongoing cyber threats like malware and hacking.
4. Security Information and Event Management (SIEM) Analyst
SIEM Analyst includes the dual abilities to identify indicators that show a malicious incident has occurred and to initiate swift, appropriate, and comprehensive responses. Because savvy adversaries can devise attacks to mimic old attack vectors and create easy ways to bypass defenses, mastery here includes the ability to differentiate between incidents that represent less sophisticated attacks from those that must be analyzed in-depth and defeated by rigorous incident response.
5. Senior Security Engineer
A Security Engineer is a mid-level employee who is responsible for building and maintaining the IT security solutions of an organization. In this capacity, Security Engineers configure firewalls, test new security solutions, and investigate intrusion incidents, among other duties, all while reporting to the Security Manager. Engineers use their technical knowledge of current attacks to identify flaws and weaknesses in the composition and design of networks, remote access schemes, systems and applications to specify solutions, verify the solutions that have been implemented, and rapidly adjust designs based on new threat and attack information as acquired.
6. Cloud Security Architect
Cloud Security Architect is a high-level SME (subject matter expert) employee for cloud security architecture, standards, and guidelines. In this role he/she will be responsible for defining security architecture for Private Cloud, lead design, planning and implementation of risk mitigating security solutions, identify inter-dependencies of the different technologies deployed within the cloud, and perform security design reviews to asses security implications for introduction of new or differing technologies within the environment. Experience with big data, visualization, continuous integration / continuous deployment environment, and high availability / clustered solutions is an absolute must.
7. Senior Incident Responder
Senior Incident Responder is a mid to high-level employee who requires the ability to deploy and manage active measures to contain incidents identified by analysts – including rapid and accurate assessment of malware, isolation, characterization, and reverse engineering. It also includes the ability to recognize attacker-introduced local changes, suspect interactions, and targets that have been triggered to evoke malicious behaviors, as well as the ability to develop and rapidly deploy eradication tools.
8. Security Consultant (Various)
Security Consultants is a high-level employee or contractor with a demonstrated knowledge across networks, databases and all the latest tools and appliances to combat threats and attacks. This is one job where hands-on experience really counts. Security consultants can range from security generalists, GRC experts, and security engineers.
Looking for more information?
Fill out the form below to contact us.