Skip to main content

Common Cybersecurity Roles

In this article, we will explore jobs, disciplines, and specializations within cybersecurity when deciding your path for entering the Cybersecurity industry.

What We’ll Be Learning

Cybersecurity is a fast-growing industry with various career paths. In this article, we will explore a variety of disciplines and specializations within cybersecurity so that you can make the most informed decision when deciding what track best suits your background, skills, and goals.

We will cover broad categories within Cybersecurity as well as list specific job titles that fall within each category. As the industry is rapidly evolving, this list represents just one possible way of categorizing roles. You will find that the job titles under each category are often used interchangeably by recruiters and hiring managers.

Discipline 1: Incident Response (IR)

Incident Response

Cybersecurity Incident Response, or IR, consists of the activities and response procedures from the moment a data breach is suspected all through the post-incident response closure.

Incident responders typically work as part of a team within an organization to handle all aspects of major cybersecurity incidents. According to NIST, effective incident response involves the following steps:

  • Preparation
  • Detection and Analysis
  • Containment
  • Eradication and Recovery
  • Post-Incident Activities

Some examples of major cybersecurity incidents that IR professionals will be called upon to handle include, but are not limited to:

  • data exfiltration
  • ransomware
  • distributed denial-of-service (DDoS) attacks
  • malicious code.

Job Titles

Job descriptions for this sort of role might include the following job titles:

  • Cyber Incident Response Analyst
  • Incident Response Consultant
  • Cyber Detection Analyst
  • Insider Threat Response Analyst

Remember, this list is not all-inclusive! Make sure to look at the specific descriptions, skills, and certifications in job descriptions to fully understand roles as you job search.

Responsibilities

An IR role is typically responsible for detecting and assessing cyber threats and incidents. This individual will often work alongside other analysts as part of the Incident Response Team (IRT). An IR analyst may also be responsible for monitoring sources of potential cybersecurity incident notifications and conducting digital forensics.

Required Skills

  • An understanding of various security methodologies, processes, and technical security solutions (i.e. firewalls, proxies, and intrusion detection systems).
  • Strong knowledge of various operating systems.
  • A background in using different forensic analysis tools in incident response investigations is also helpful.

Discipline 2: Governance, Risk, and Compliance (GRC)

GRC

Individuals in this specialty develop plans, policies, and procedures as well as assess risk and monitor compliance with regulatory requirements. They often use regulatory frameworks (NIST Cybersecurity Framework, ISO 27001, COBIT, FFIEC) to develop and assess enterprise information security and risk management programs.

Job Titles

Job descriptions for this sort of role might include the following job titles:

  • Cyber GRC Analyst
  • Cyber GRC Consultant
  • Cyber GRC Advisor
  • Information Security Risk Analyst
  • Information Security Risk and Compliance Analyst

Remember, this list is not all-inclusive!

Responsibilities

Cybersecurity GRC professionals work cross-functionally with other information security teams to identify and monitor risks to the business. They ensure that legal and regulatory requirements regarding cybersecurity and data privacy are understood and managed. GRC Analysts will conduct risk assessments that assess security controls across different domains and formulate appropriate risk scoring so potential business impacts and likelihoods are identified.

Required Skills

  • Knowledge of regulatory and nonregulatory frameworks such as NIST, ISO, COBIT, DFS, FFIEC, to name a few.
  • An understanding of various security methodologies, processes, and technical security solutions helps (i.e. firewalls, proxies, and intrusion detection systems), although deep technical expertise is not needed.
  • Effective project and time management, as well as sharp analytical and communication skills, are essential.

Discipline 3: Threat Intelligence

Threat Intelligence

Threat intelligence professionals help an organization identify and mitigate potential threats and vulnerabilities in its operations. Cyber threat intelligence specialists often conduct digital forensics analysis and adversary targeting in order to identify, monitor, assess, and respond to cyber threats.

Job Titles

Job descriptions for this sort of role might include the following job titles:

  • Cyber Threat Intelligence Analyst
  • Security Researcher
  • Threat Hunter
  • Cybercrime Analyst
  • Cyber Threat Investigator

Remember, this list is not all-inclusive!

Responsibilities

Cyber Threat Analysts can be responsible for providing strategic, tactical, and operational analysis before or during ongoing incidents. They will collect and analyze threat information from various sources and then convert that into finished reports and assessments. They work with other internal information security teams, third-party vendors, and industry partners to gather and share information that assists with incident response.

Required Skills

  • Keen analytical skills and an ability to synthesize complex information from a variety of disparate sources.
  • Knowledge of advanced persistent threats and key threat intelligence models such as MITRE is also highly recommended and sought after by hiring managers.
  • Able to collaborate with external parties, including peer analysts and threat intelligence vendors.

Discipline 4: Security Operations

Security Operations

Specialists in this domain often design, implement, operate, and maintain cybersecurity controls. The primary purpose of security operations personnel is to safeguard assets including information, systems, devices, and facilities. Patch and vulnerability management, as well as configuration management, are considered critical to security operations.

Job Titles

Job descriptions for this sort of role might include the following job titles:

  • Security Operations Analyst
  • Information Security Engineer
  • Security Operations Center (SOC) Analyst
  • Cloud Security Engineer Remember, this list is not all-inclusive!

Responsibilities

Security Operations Analysts are typically responsible for security monitoring and incident management. They are also involved in the design, development, and implementation of software to optimize security operations. They perform reviews of all systems and applications, monitor security logs, and report any security concerns to senior members of the security operations team. Security Operations Analysts may also need to work cross-functionally with other internal cyber teams on vulnerability management and system architecture and configuration-related issues.

Required Skills

  • Well-versed in the technical infrastructure of an organization.
  • Have a solid understanding of security concepts applied to various operating systems, applications, networking, cloud, and mobile devices.
  • Knowledge of SIEM, familiarity with attack frameworks and mitigation are also valuable skills to have for these types of roles.
  • Depending on the specific role within security operations, it may be necessary to have skills in one of the following domains: Network Operations and Architecture, Operating Systems, Identity and Access Management, Programming, Cloud Computing, Databases, or Cryptography.

Discipline 5: Offensive Security

Offensive Security

Often referred to as cybersecurity testers, these are the individuals who hack into systems to find problems. They look for security gaps and vulnerabilities before an attacker does. Offensive cyber security teams actively test the network’s defenses and provide valuable insights through technical findings and remediation reports.

Job Titles

Job descriptions for this sort of role might include the following job titles:

  • Pen Tester
  • Threat Hunter
  • Red Teamer
  • Cybersecurity Tester
  • Exploit Developer
  • Ethical Hacker (sometimes known as a “white hat” hacker)
  • Vulnerability Researcher

Remember, this list is not all-inclusive!

Responsibilities

Offensive security professionals actually attempt to exploit systems. They try to defeat security controls and break into a targeted system or application to demonstrate the flaw. They will document and formally report testing initiatives, along with remediation recommendations. Pen Testers/Red Teamers must stay up to date on the latest malware and design new testing methods to identify vulnerabilities.

Required Skills

  • Possess deep technical knowledge of cybersecurity concepts.
  • Have coding and programming skills as pen testing often requires specialized tools and techniques.
  • Familiarity and knowledge of offensive security tools and frameworks such as Metasploit, BurpSuite, CoreImpact is often required.
  • The ability to articulate complex technical findings to different audiences, often in the form of written reports, is also a key skill.

Discipline 6: Data Privacy & Protection

Data Privacy & Protection

Data privacy professionals ensure an organization is in compliance with applicable privacy laws and regulations. They do so by knowing where an organization’s most sensitive data lies and how to properly secure it. They will develop policies and procedures, and liaise with information security and legal/compliance teams.

Job Titles

Job descriptions for this sort of role might include the following job titles:

  • Data Privacy Analyst
  • Data Privacy Consultant
  • Data Privacy Officer
  • Privacy and Compliance Analyst

Remember, this list is not all-inclusive!

Responsibilities

Data privacy analysts will support the development and implementation of privacy plans, policies and procedures. They will research and stay abreast of new developments in the legal and privacy realm, work with other internal teams, and identify risks to personal and confidential data.

Required Skills

  • Strong research, writing, analytical, and critical thinking skills as well as project management capabilities.
  • Knowledge of basic privacy laws, regulations, and control frameworks (CCPA, GDPR) is often desired.

Conclusion

Cybersecurity is a vast industry consisting of many different specializations. As you can see, there is no one-size-fits-all job type within cybersecurity. As the industry continues to mature, aspiring cybersecurity professionals should consider what career path best suits their skills, experience, and interests. For example, the skills needed to be a pen tester aren’t necessarily the same skills required to get a risk and compliance role. Starting as a cybersecurity analyst provides opportunities to follow your interests and determine a career path that is right for you.