Bath725x135

Security Roles Defined

There are a great variey of security positions, that can lead to a very diverse and long career.

Some roles withing the Information Security field are commonly known. We have all heard for firewalls and we are aware of antivirus products and protections against things like Malware or Phishing software. However, Information Security is becoming a larger part of every day life as technology grows and time goes by. Consider every single internet payment transaction, they must follow specific rules, guidlines and security protocols. Meaning that those processes must be written, defined, implemented, tested and reviewed and administrated upon.

We have displayed a handful of common job titles that you may come across within the information security field below for you to review. However, if you would like a more in depth discussion about opportunities, or careers within this sector. Be it within a consultancy such as ourselves, or in an End User or Vendor based environment. Feel free to call us on  01225 811 806

CISO

chief information security officer (CISO) is the senior-level executive within an organisation responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.

 

Information Security Architect

We have seen the Information Security Architect title used for very different roles, the first for the individual who heads up a security design team building a new enterprise network or  taking one through a tech refresh.  An Information Security Architect or Information Security Director is also used as follows: directs organization-wide security technology. This role is responsible for the integration of IT systems development with security policies and information protection strategies. It also has responsibility for developing, maintaining, and publishing corporate information security standards, procedures, and guidelines. Provides technical guidance and training to information "owners," corporate security officers, and IT associates, and designs and implements programs for user awareness, compliance monitoring, and security compliance.
Typically the word "Information" shows this is a more managerial position than a "Security Architect", which is generally a much more technical position.

Privacy Officer / Data Protection Officer
The Privacy Officer develops and implements policies and procedures to guarantee that only those with the right to access confidential information can do so. This is particularly important in education and health-care organizations where privacy is regulated by law.
Information Security Analyst

This position conducts information security assessments for organizations. They interview employees to learn about current information security policies, then evaluate them, write reports on their findings, present their reports to management, and recommend strategies for improvement. Again, the use of "Information" in the title normally implies a more managerial, less technical role.

Information Systems/Security Auditor

An Information Systems Auditor tests the effectiveness of computer information systems, including the security of the systems and reports their findings. They determine whether a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently. They usually work with others in the business and IT departments in a cooperative effort to ensure the security of the systems.

Responsible for auditing a network against a given policy or standard such as a System Security Policy, ISO17799, ISO27001, NSA Clamp Down etc.  Depending on the scope the audit might cover Operating System settings such as within the registry, firewall configuration, IDS Policy and tuning, Business Continuity Plans, Processes, Training and Personnel.  The role is usually well paid due to the diverse skillset required and the ability to instil trust and impart advice. This is often a role performed by an outside consultant.

Security Analyst

Usually specified as Junior or Senior.  Responsible for assisting in the coordination effort to remediate security alerts and respond to information security related incidents.

Security Auditor

This job title has a number roles associated with it, see also Information Security Auditor above.  A security auditor analyses operating system and file access logs to detect inappropriate access or nefarious activity. The role is usually found in the financial or public sectors such as Government and Defence.

Application/Information Security Manager

The Security Manager creates and develops security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. Coordinates with management, programmers, risk assessment staff, auditors, facilities, and other security departments to identify and plan for security in all aspects of data, applications, hardware, telecommunications, and computer installations.

Data Recovery Specialist

Disaster recovery specialists design and implement programs to recover processes and data lost in a disaster. They might use Disaster Recovery Planning (DRP) software to identify data and computer systems that may need to be recovered, plan offsite data storage and computing facilities, and test data recovery procedures.

Although not typically considered a "computer security" position, it actually is the most basic type of computer and information security. "What happens when my computers are no longer available?" The normal description focuses on natural disasters, but recovery is just as important in a malicious attack, and securing critical and sensitive data stored offsite can be a huge challenge as well.

Security Architect

- Firewallls - VPN - Content Management - IDS - IPS - Anti Virus - 

A security architect either designs a network to be secure or designs a particular security element such as the PKI infrastructure or IDS/IPS.  Security skills vary considerably, a thorough understanding of security threats is desirable though many become Security Architects from OS, networks, or database backgrounds.

Penetration Tester / Ethical Hacker
A penetration tester is an extremely specialised role, to be a pen tester it isn't sufficient to run a vulnerability scan, a true pen tester will be able to exploit the vulnerabilities and prove the system in question is truly vulnerable. To ensure the most current strategies and stay on top of the vulnerabilities and exploits, this is a full time role.
There is a specialization of Penetration Tester known as a "Red Team" Tester. This is a member of a group put together to perform penetration tests on the most critical infrastructure components of countries: utility companies, nuclear installations, atomic research facilities, military computer systems, etc.

CHECK Team Leader

CHECK is a UK government  scheme run by CESG, aimed at ensuring the quality and integrity of Pen Testers assessing government networks and and the wider public sector of systems handling protectively marked information.  At present the scheme has been temporarily suspended following the departure of the team that tested the testers (confused?)   Needless to say the remaining CHECK Team Leaders are in great demand and can command HUGE salaries. The Check Service Assault Course has improved over the years and unlike many nameless civilian equivalents, candidates do fail.

Vunerability Assessor

Vulnerability assessors will scan a network and identify vulnerabilities producing a report prioritising the results.  Many will just run Nessus and charge a small fortune for the privilege, whilst others will engage numerous methods and tools to derive the information.  The difference between a vulnerability assessor and a pen tester is that the Pen Tester will attempt to exploit the vulnerabilities discovered.  Vulnerability assessment are often preferable as they are quicker and require a lower skill level than a pen test making them less expensive and less likely to cause an outage.

Security Engineer


Responsible for the installation and management of security systems across the entire organization's network, including IDS, firewalls, log capture, etc, in a smaller deployment they may also be responsible for monitoring and reacting to their output, though this would ordinarily fall to Security Analysts.

Forensics Engineer

A Forensic Engineer preserves, identifies, extracts, and documents evidence stored in computers. They search through the computer for information that will help identify and prove the crime that was committed. They also compile computer evidence for legal cases and work on programs that help recover computer evidence. They often give expert testimony at trials.
AKA Computer Crime Specialist, Computer Forensic Investigator

Computer Security Incident Response Team

Computer security incident response team members work together with other team members to prepare for and provide rapid response to security threats such as virus attacks. They develop a procedural set of responses to security problems, including protocols for communication within the organization as well as any interaction with law enforcement agencies during computer security incidents.

These positions typically exist in large organizations and as independent groups usually funded by the government and research sectors.

Intrusion Detection & Prevention Specialists

An Intrusion Detection Specialist has skills in:
- Monitoring networks using a variety of tools to identify potential intrusions
- Penetration testing
- Software development and coding

This role will typically be in a large company or the government, as most smaller companies couldn't afford a dedicated staff member to perform this function. An Intrusion Detection Specialist will monitor the network/computers/applications, looking for traffic or events that could indicate an intrusion. He/She will then perform the research to determine if an intrusion occurred, how it occurred, and what information was obtained or damage was inflicted. Finally, this staff member will identify what changes are necessary to ensure the intrusion does not occur again, providing this information to the appropriate people to implement, whether that be network specialists, application developers, or help desk staff.

Cryptographer

A Cryptographer is responsible for the security of electronic information, using encryption. Encryption is the transformation of data into some unreadable form to keep it private and hidden from anyone for whom it is not intended. Decryption is the transformation of encrypted information back into a comprehensible form.

These positions are normally research related, or working with security software companies to build cryptography into their products.

Security Pre-Sales Engineer / Sales Engineer


Not a typical sales position, the product being sold is security related. You would be responsible for providing presentations on the products offered from the technical aspect, giving demonstrations of those products, configuration and sizing recommendations, and post-sales support as required to ensure future sales opportunities.

Post-Sales Engineer

This is a technical position responsible for assisting a customer with design and implementation of a security product into the organization, networks, and systems. Often Training of customers on the particular product and skillsets is involved.