Security Roles Defined

 

Computer Network Defence are experts in Information Security Recruitment placing specialists into rewarding InfoSec roles that are appropriate for their background and experience.

 

Information Security Roles

This page details all known roles within the IT Security field.  In reality the roles will combine many skills from other roles and the variations are infinite; it's purpose is for newcomers to the field to understand the types of work available. The job titles vary as greatly as the skill sets required to perform them.  The most common are "Computer Security Specialist" and "Information Security Specialist". These are broad terms that apply to the many specific positions responsible for designing, testing, implementing and monitoring solutions to security problems in computer systems and the interaction of people with those systems.

 

In larger companies, there are management level positions such as Chief Information Security Officer, Information Security Architect, Security Director, etc.  These positions have largely managerial and overview responsibilities, although the skill levels required in each position depend upon the size of the company and how each organization defines the job title.

 

In smaller companies, one person could fill three or four or all of the roles outlined here.

 


 

Information Security Recruitment:  If you are looking for people or work click here

 

Links to Job Descriptions

 

Chief Information Security Officer

Global Head of IT/Information Security

Information Security Architect

Information Security Director

Privacy Officer

Data Protection Officer

Information Security Analyst

Cross-Platform Security Architect

Information Systems Auditor

Information Security Auditor

Sys/App/Information Security Manager

Disaster Recovery Specialist

Security Architect

Penetration Tester

Ethical Hacker

Assurance Validator

Vulnerability Assessor

CHECK Team Leader

Security Engineer/Administrator

Security Auditor

Security Analyst

Source Code Auditor

Security Researcher

Forensics Engineer

Computer Security Incident Response Team Member

Cryptographer

Cryptanalyst

Virus Technician

Security Sales Account Manager

Security Pre-Sales Engineer

Security Post-Sales Engineer

Security Software Developer

Intrusion Detection Specialist


Chief Information Security Officer
Global Head of IT / Information Security

The Chief Information Security Officer is a high-level management position responsible for the entire computer security department and staff. Traditionally this position generally exists in large organizations, like Fortune 500 companies or key government agencies, that have large computer security staffs and systems. However, as the requirement for information security is becoming more widely recognised the role is appearing in smaller organisations, though often the role will include hands on technical work. Extending titles with Chief and Global Head may be barred for political reasons.


Information Security Architect
Information Security Director

We have seen the Information Security Architect title used for very different roles, the first for the individual who heads up a security design team building a new enterprise network or  taking one through a tech refresh.  An Information Security Architect or Information Security Director is also used as follows: directs organization-wide security technology. This role is responsible for the integration of IT systems development with security policies and information protection strategies. It also has responsibility for developing, maintaining, and publishing corporate information security standards, procedures, and guidelines. Provides technical guidance and training to information "owners," corporate security officers, and IT associates, and designs and implements programs for user awareness, compliance monitoring, and security compliance.

 

Typically the word "Information" shows this is a more managerial position than a "Security Architect", which is generally a much more technical position.


Cross-Platform Security Architect

This role develops and ensures policies for the secure management of security systems across platforms, including development and maintenance of encryption policies, intrusion detection, and network authentication. The success of this position is greatly dependent on the individual's ability to create and maintain relationships with programmers, risk assessment staff, auditors, security department, and installation personnel.


Privacy Officer
Data Protection Officer

The Privacy Officer develops and implements policies and procedures to guarantee that only those with the right to access confidential information can do so. This is particularly important in education and health-care organizations where privacy is regulated by law.


Information Security Analyst

This position conducts information security assessments for organizations. They interview employees to learn about current information security policies, then evaluate them, write reports on their findings, present their reports to management, and recommend strategies for improvement. Again, the use of "Information" in the title normally implies a more managerial, less technical role.


Information Systems Auditor
Information Security Auditor

An Information Systems Auditor tests the effectiveness of computer information systems, including the security of the systems and reports their findings. They determine whether a computer system safeguards assets, maintains data integrity, allows organizational goals to be achieved effectively and uses resources efficiently. They usually work with others in the business and IT departments in a cooperative effort to ensure the security of the systems.

Responsible for auditing a network against a given policy or standard such as a System Security Policy, ISO17799, ISO27001, NSA Clamp Down etc.  Depending on the scope the audit might cover Operating System settings such as within the registry, firewall configuration, IDS Policy and tuning, Business Continuity Plans, Processes, Training and Personnel.  The role is usually well paid due to the diverse skillset required and the ability to instil trust and impart advice. This is often a role performed by an outside consultant.


Security Analyst

Usually specified as Junior or Senior.  Responsible for assisting in the coordination effort to remediate security alerts and respond to information security related incidents.


Security Auditor

This job title has a number roles associated with it, see also Information Security Auditor above.  A security auditor analyses operating system and file access logs to detect inappropriate access or nefarious activity. The role is usually found in the financial or public sectors such as Government and Defence.


Systems/Application/Information Security Manager

The Security Manager creates and develops security measures to safeguard information against accidental or unauthorized modification, destruction, or disclosure. Coordinates with management, programmers, risk assessment staff, auditors, facilities, and other security departments to identify and plan for security in all aspects of data, applications, hardware, telecommunications, and computer installations.


Disaster Recovery Specialist

Disaster recovery specialists design and implement programs to recover processes and data lost in a disaster. They might use Disaster Recovery Planning (DRP) software to identify data and computer systems that may need to be recovered, plan offsite data storage and computing facilities, and test data recovery procedures.

Although not typically considered a "computer security" position, it actually is the most basic type of computer and information security. "What happens when my computers are no longer available?" The normal description focuses on natural disasters, but recovery is just as important in a malicious attack, and securing critical and sensitive data stored offsite can be a huge challenge as well.


Security Architect - <specialism>

Firewallls - VPN - Content Management - IDS - IPS - Anti Virus


A security architect either designs a network to be secure or designs a particular security element such as the PKI infrastructure or IDS/IPS.  Security skills vary considerably, a thorough understanding of security threats is desirable though many become Security Architects from OS, networks, or database backgrounds.


Penetration Tester
Ethical Hacker
Assurance Validator

A penetration tester is an extremely specialised role, to be a pen tester it isn't sufficient to run a vulnerability scan, a true pen tester will be able to exploit the vulnerabilities and prove the system in question is truly vulnerable. To ensure the most current strategies and stay on top of the vulnerabilities and exploits, this is a full time role.

 

There is a specialization of Penetration Tester known as a "Red Team" Tester. This is a member of a group put together to perform penetration tests on the most critical infrastructure components of countries: utility companies, nuclear installations, atomic research facilities, military computer systems, etc.

 

See also Vulnerability Assessor, CHECK Team Leader


Vulnerability Assessor

Vulnerability assessors will scan a network and identify vulnerabilities producing a report prioritising the results.  Many will just run Nessus and charge a small fortune for the privilege, whilst others will engage numerous methods and tools to derive the information.  The difference between a vulnerability assessor and a pen tester is that the Pen Tester will attempt to exploit the vulnerabilities discovered.  Vulnerability assessment are often preferable as they are quicker and require a lower skill level than a pen test making them less expensive and less likely to cause an outage.

 

See also Penetration Tester, CHECK Team Leader


CHECK Team Leader

CHECK is a UK government  scheme run by CESG, aimed at ensuring the quality and integrity of Pen Testers assessing government networks and and the wider public sector of systems handling protectively marked information.  At present the scheme has been temporarily suspended following the departure of the team that tested the testers (confused?)   Needless to say the remaining CHECK Team Leaders are in great demand and can command HUGE salaries. The Check Service Assault Course has improved over the years and unlike many nameless civilian equivalents, candidates do fail.


Security Engineer/Administrator

Responsible for the installation and management of security systems across the entire organization's network, including IDS, firewalls, log capture, etc, in a smaller deployment they may also be responsible for monitoring and reacting to their output, though this would ordinarily fall to Security Analysts.


Source Code Auditor

A Source Code Auditor is responsible for reviewing application programming source code to identify potential security issues in how the application is built. Review should focus on things like santizing input, securing data as it is brought from one platform to another, identifying potential programming issues that could result in unauthorized access to data and system resources, or leaking of sensitive information.


Security Researcher

These used to be independent individuals who looked for new vulnerabilities in products. The notoriety and marketing potential their findings received drew the attention of a number of companies who employ them either full-time or purchase their research. Depending on the skills of the individual this can be extremely well paid.


Forensics Engineer

A Forensic Engineer preserves, identifies, extracts, and documents evidence stored in computers. They search through the computer for information that will help identify and prove the crime that was committed. They also compile computer evidence for legal cases and work on programs that help recover computer evidence. They often give expert testimony at trials.

 

AKA Computer Crime Specialist, Computer Forensic Investigator


Computer Security Incident Response Team Member

Computer security incident response team members work together with other team members to prepare for and provide rapid response to security threats such as virus attacks. They develop a procedural set of responses to security problems, including protocols for communication within the organization as well as any interaction with law enforcement agencies during computer security incidents.

 

These positions typically exist in large organizations and as independent groups usually funded by the government and research sectors.


Cryptographer

A Cryptographer is responsible for the security of electronic information, using encryption. Encryption is the transformation of data into some unreadable form to keep it private and hidden from anyone for whom it is not intended. Decryption is the transformation of encrypted information back into a comprehensible form.

 

These positions are normally research related, or working with security software companies to build cryptography into their products.


Cryptanalyst

This job analyzes hidden information, like an encoded message or encoded computer code, to figure out what the code means. The skill set is a mix of mathematics and computer cryptography.



Although formally these positions are in the government or espionage arenas, often malware/virus technicians use these skills to determine the intent of malicious software.


Virus Technician

This job analyzes newly discovered computer viruses and devises ways to defend against them.


Security Sales Account Manager

This is a typical sales position, where the product being sold is security solutions of some type. The product could be security applications, security appliances, services, auditing, managed monitoring services, etc. This would require a fairly in-depth knowledge of security issues and products to be successful.


Security Pre-Sales Engineer

Again, a typical sales position where the product being sold is security related. Responsible for providing presentations on the products offered, demonstrations of those products, configuration and sizing recommendations, and post-sales support as required to ensure future sales opportunities.


Security Post-Sales Engineer

This is a technical position responsible for assisting a customer with design and implementation of a security product into the organization, networks, and systems. Often Training of customers on the particular product and skillsets is involved.


Security Software Developer

This role can have two definitions:

  1. A Security Software Developer which actually develops security software. This person would participate in efforts to develop new software tools for monitoring computer networks and analyzing traffic on those networks. They would participate in software design, implementation and testing, and could also support customer deployments of software developed.
  2. A Security Software Developer could also be responsible for ensuring security is implemented in applications developed through the standard software development life cycle within an organization. In this definition, the software developed is not security specific.

Intrusion Detection Specialist

An Intrusion Detection Specialist has skills in:

  • Monitoring networks using a variety of tools to identify potential intrusions
  • Penetration testing
  • Software development and coding

 

This role will typically be in a large company or the government, as most smaller companies couldn't afford a dedicated staff member to perform this function. An Intrusion Detection Specialist will monitor the network/computers/applications, looking for traffic or events that could indicate an intrusion. He/She will then perform the research to determine if an intrusion occurred, how it occurred, and what information was obtained or damage was inflicted. Finally, this staff member will identify what changes are necessary to ensure the intrusion does not occur again, providing this information to the appropriate people to implement, whether that be network specialists, application developers, or help desk staff.