Which role might work best for you?
Leadership
- Chief Information Security Office (CISO): C-suite leadership overseeing strategy and business risk.
- Cybersecurity Manager: Leadership of a cybersecurity team. Often a smaller team of just a few people responsible for security oversight for an organization.
- Principal Security Consultant: While this is largely more of a technical role, principal level and higher roles commonly require team leadership, coaching, and mentoring as well as oversight on all technical components of delivery in consultation.
Engineering
- Application Security Engineer: Security for apps, focused more on the ability to code, understanding programming languages, securing apps following best practices such as is seen in OWASP.
- Computer Network Architect: Overseeing architectural security for networks, including legacy, cloud, virtual, containers and Internet of Things (IoT).
- Cybersecurity Analyst: A general role for cybersecurity that could be applied to many roles within cyber. Typically involves lower level tasks for security including review of logs, alerts, and configurations. In smaller organizations may be a jack of all trades ‘security’ person.
- Cybersecurity Engineer: Built upon former cybersecurity analyst experience, but with a larger scope of responsibilities involving network architecture or other considerations for cyber setup and security.
- IT Auditor: A certified auditor that performs compliance and security assessments and recommendations using solutions like that promoted by ISACA.
- Penetration Tester: Emulate attacks of a remote actor, or malicious insider, to scan a network, validate services, attempt exploitation, and/or exfiltrate data to proof out vulnerabilities and provide assurances security exists as expected in production. Make sure you have a signed legal agreement for all activities for yourself and the company. This role typically requires certification with something such as Ethical Hacker.
- Security Administrator: Typically a block and tackle job tied to information security operations for core networking and solutions security.