Entry-level InfoSec Positions?

Psydrox

Me again, planning for the future as always! These positions are under the possible assumption that you already have some schooling behind you (bachelors in computer related field and/or a few beginner certs)

I would like to discuss some entry-level positions in the Cyber/Information security field (I am working on a word doc)

So far, all I have down is a Security Analyst.

Does anyone have any more entry-level positions they can think of? I'd love to write down anything possible.

soccarplayer29

I think it is important to frame this discussion as not listing entry level IT positions but rather entry level InfoSec positions for which education/certs/general IT experience has already been accomplished. (Correct me if this isn't what you're looking for).

Also keep in mind that titles vary greatly so this is going to be difficult. I'd check job boards for more information.

Here is what comes to mind:

• Junior/Security Analyst
• NOC/SOC Analyst
• Application Security Specialist
• Information Assurance Analyst
• IT Auditor
• Security Assessor
• Security Engineer
• Cyber Analyst
• Security Consultant
• Network Analyst

636-555-3226

Just search Dice.com for "security" or "cissp." Plenty to pick from.

Keep in mind, though, that every org is different. There's a bunch in my area looking for Security Analysts and Security Admins and list CISM, CRISC, CISA as preferred/desirable certs along with policy creation, risk management, business continuity planning, penetration testing, etc. Lots of companies trying to find that once-in-a-blue-moon-guy that actually can do every single security thing in the world and that already works for a consulting firm making 200k a year but want him to accept a junior position making 70k a year working under the 60-year old Network Manager who doesn't know or understand squat about security.

renacido

636-555-3226 wrote: »

Just search Dice.com for "security" or "cissp." Plenty to pick from.

I don't recommend CISSP as a search term for entry-level infosec jobs. Sec+, GSEC, and SSCP are better.

To add to soccarplayer29's list:

- Security Administrator
- System Security Specialist
- Penetration Tester

Psydrox

Awesome thanks guys!

soccarplayer29 wrote: »

I think it is important to frame this discussion as not listing entry level IT positions but rather entry level InfoSec positions for which education/certs/general IT experience has already been accomplished. (Correct me if this isn't what you're looking for).

Also keep in mind that titles vary greatly so this is going to be difficult. I'd check job boards for more information.

Here is what comes to mind:

• Junior/Security Analyst
• NOC/SOC Analyst
• Application Security Specialist
• Information Assurance Analyst
• IT Auditor
• Security Assessor
• Security Engineer
• Cyber Analyst
• Security Consultant
• Network Analyst

What is NOC/SOC?

636-555-3226

renacido wrote: »

I don't recommend CISSP as a search term for entry-level infosec jobs. Sec+, GSEC, and SSCP are better.

To add to soccarplayer29's list:

- Security Administrator
- System Security Specialist
- Penetration Tester

I agree, I agree, but in my area unfortunately uneducated employers (which is 99% of them) list CISSP, CISM, CISA, etc for their entry-level security roles

Psydrox

636-555-3226 wrote: »

I agree, I agree, but in my area unfortunately uneducated employers (which is 99% of them) list CISSP, CISM, CISA, etc for their entry-level security roles

You also bring up a good point, how do you know when a potential employer is asking too much (certs and duties included) for the role and payscale they are searching for?

renacido

NOC - Network Operations Center - usually 24/7 monitoring of the IT infrastructure for failures or signs of imminent failure, and they handle low-level troubleshooting and fix actions, escalate the issue if warranted.

SOC is Security Ops Center - monitors events, alerts, logs, flows, etc for signs of intrusion, misuse, compromise, etc. they triage, prioritize, and respond to possible security incidents. Primarily a cyber incident response team.

I wouldn't worry so much about recruiters asking for too many or ridiculously high level certs for entry level jobs. Just identify the certs that apply for the roles you want and work on those. HR can ask for stupid high qualifications for entry level jobs but what happens then is no one with those qualifications is willing to do entry level work or work for entry level salary, the position goes unfilled until they figure it out.

Yes it does happen especially with CISSP because it's the most well known security cert and it requires full time experience doing security work so it's one of the more credible certs, but most hiring managers do check job ads for errors and it's not as common that the postings ask for overqualified people as some make it out to be.

renacido

636-555-3226 wrote: »

I agree, I agree, but in my area unfortunately uneducated employers (which is 99% of them) list CISSP, CISM, CISA, etc for their entry-level security roles

I know there are some job postings out there like that, true enough, but either they don't actually screen for those certs or the position is vacant indefinitely. People with CISSP and CISM typically have 15-20 years experience and wouldn't even reply to a recruiter if the job pays less than 100k.

Danielm7

When I looked for my first security role I searched indeed for "information security" which gave me a whole pile of different sorts of jobs. As others mentioned, different companies look at titles differently. Some places you'll start as an engineer, when in the next company you can't even consider that until you have 7+ years. So, just do general searches and filter though, if you only search for analyst positions you might miss other entry level roles that use goofy names like specialist, technician, etc.

Remedymp

Psydrox wrote: »

You also bring up a good point, how do you know when a potential employer is asking too much (certs and duties included) for the role and payscale they are searching for?

It has nothing to do with that. It has to do with the Keyword searches by the intelligent search engines that go out and grab jobs descriptions based on a keyword. In this case, CISSP is the most search term in security, kind of like MCSE for desktop support people. At the RSA conference, this was brought up and some of the companies said they hope to address it soon.

beads

OP;

Your premise appears to be centered on breaking into the InfoSec field with no mention as to what it is your already capable of performing in IT let alone IT. Start with what it is you have done and feel comfortable doing in IT in general and what it is you feel your qualified and likely to succeed in performing in InfoSec. Is your background in programming and development? Look to penetration testing and scripting. Infrastructure and Administration? Audit or Security operations would be a good fit.

I seriously recommend every InfoSec career start with at the very least one year in audit. Why? Because its essential to learn to speak and perform the business of business to include all those silly business analysis and project management skills security itself relies upon and only becoming more critical. You will find in the longer run security is going to become the business of IT. A little less ivory tower and much more business logic orientated than IT logic.

-b/eads

bpenn

beads wrote: »

I seriously recommend every InfoSec career start with at the very least one year in audit. Why? Because its essential to learn to speak and perform the business of business to include all those silly business analysis and project management skills security itself relies upon and only becoming more critical. You will find in the longer run security is going to become the business of IT. A little less ivory tower and much more business logic orientated than IT logic.

-b/eads

I agree with this. I have been doing auditing along with my other duties and I feel the knowledge has benefited me and will benefit me more in the future as I progress my career.