20 Top Information Security Jobs

Which ones match your abilities and interests?

InfoSec Crime Investigator / Forensics Expert

The thrill of the hunt. You never encounter the same crime twice.

Analyzes how intruders breach infrastructure in order to identify additional systems networks that have been compromised. Want to see the face of your enemy behind bars? It’s a thrill like no other – being pitted against the mind of the criminal and having to reconstruct his lawless path.

Application Penetration Tester

You’re an ethical hacker. It takes equal parts technical ability and creativity.

This expert contributes an integral piece to the company’s software development life cycle. Expect to do everything from developing code to reverse engineering binaries to examining network traffic.

Security Architect

Do this one right and you could put everyone else on this list out of work.

Understands business needs as well as technology and environmental conditions and can translate them into a security design that allows the organization to efficiently carry out its activities while minimizing risk. Like the captain of a ship, this is the individual who makes or breaks actual systems, protocols, and applications.

Computer Crime Investigator

Brain and badge. The final step in catching the bad guys is yours.

Includes both sworn law enforcement officers and civilian employees. Entrusted with the preservation, acquisition, storage, detailed analysis, and clear reporting of digital evidence from many sources: almost every contemporary crime has a digital footprint.

Prosecutor Specializing in InfoSec Crime

The “bad guys” are smarter, harder to catch. You have to be smarter.

Government attorney who guides law enforcement investigations into computer crimes and represents the state in lawsuits against defendants accused of technology crime.

System, Network, and/or Web Penetration Tester

You can be a hacker, but do it legally and get paid a lot of money.

Finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. When things go wrong, this is the person whom we all need to ask for help.

Forensic Analyst

It’s CSI for cyber geeks.

Focuses on collecting and analyzing data from computer systems to track user-based activity that could be used internally or in civil / criminal litigation. This job requires the analyst to “go deep” into a system, find out what went wrong, what’s still wrong, and trace it to the perpetrators and recommend fixes.

Malware Analyst

Only go if here if you’ve been called. You know who you are.

Examines malicious software to understand the nature of the threat. This usually involves reverse-engineering the compiled executable to figure out how the program interacts with its environment.

Technical Director and Deputy CISO

Top technical dog. Manages and directs the analysts and engineers that make info security happen.

This expert has to be a strong support for the Chief Information Security Officer (CISO) by succeeding at the famous People – Process – Technology triangle. You have the enviable role of technology focus, but never forget people and process.

Network Security Engineer

If there’s one indispensable person, it’s the network person. This is where the action is.

Designs, implements, and manages a network so that proper security is built into the overall infrastructure. Understanding both network principles and security allows this person to build a robust network that provides proper functionality and the correct level of security. This is a common starting point for people who become “top guns” in cybersecurity.

Incident Responder

The secret agent of tech geekdom.

When the security of a system or a network has been compromised, the incident responder is the first line defense during the breach. You have to be technically astute and able to handle stress under fire.

CISO / ISO or Director of Security

Seems like I can get a lot done with little push-back.

Connects legal, regulatory, and local organizational requirements with risk taking, financial constraints, and technological adoption. You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player.

Security Analyst

High-level protection. You set the policies that keep your company out of the news.

Researches and analyzes security threats that may affect a company’s assets, products, or technical specifications. These folks dig into the technical protocols and specifications for a greater understanding of security threats than most of their peers, identifying strategies to defend against attacks through intimate knowledge of the threats.

Security Operations Center Analyst

Part human guard dog of the network and part cyber detective.

Entrusted with configuration, customization, and examination of output from security tools and software installed on the network. This cyber-warrior is on the front line and has to have nerves of steel and high intellect.

Vulnerability Researcher / Exploit Developer

Wow, I can’t believe you actually do that. Talk about thinking outside the box.

Makes the absolute declaration that an application or the OS the organization is using or considering using is safe or unsafe. You are providing proactive approaches to security, finding out how much damage and what type has been done in order to keep systems secure and up and running.

Intrusion Analyst

You’re the gatekeeper. As intruders try to find their way in, it’s up to you to close the doors.

This expert is responsible for monitoring traffic, blocking unwanted traffic from and to the internet and dealing with attackers. Firewalls and IPS technology are the starting points for hardening the network against possible intrusion attempts.

Security Auditor

Should be a top gun job. With financial sector fiasco, auditors are going to be very sought after.

Measures and reports on the risk to the organization by measuring compliance with policies, procedures, and standards. You find the holes and recommend patches to get the company safe.

Security-savvy Software Developer

This one is very rare.

You’re ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker. This person leads all developers.

Cyber Careers

There's a critical shortage of cybersecurity professionals in the public and private sectors. Recently, the Department of Labor reported zero percent unemployment in information security jobs and a study by Cisco Systems reported those jobs were among the highest paying IT jobs.

For Teachers

If you are a teacher or school administrator, Cyber Aces is also a great way to introduce your students to cybersecurity. The three online course modules teach the fundamentals of cybersecurity in an easy to use, engaging way and help students discover and develop their interest and skills.

Learn from the best

The SANS Cyber Aces curriculum was developed by the SANS Institute, the most trusted and the largest source for information security training and security certification in the world. Meet some of the leaders in the cybersecurity field who are behind the design and development of the online tutorials.

Learn the fundamentals

SANS Cyber Aces Online makes available, free and online, selected courses from the professional development curriculum offered by The SANS Institute, the global leader in cyber security training.