nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Observation on IT Security jobs out there

Matt2

In perusing what's out there (at least in the Pacific Northwest), it seems the majority of the IT Security jobs are either management related, or auditing and compliance related. With a few SOC type positions thrown in.

It's disappointing to see VERY few of the hundreds of positions include actual administration and monitoring of the Security related systems. I think some of that is due to company size and having roles focused on specific (and sometimes narrow) areas of responsibility. And two, companies that want someone to tell them what's needed but have the general IT department handle.

Yes I'm sure I'm missing some of the "why".

Sure would be nice to see more roles that include hands on administration and monitoring of systems by someone who knows IT Security. I get tired with just program management, and happen to like variety and get bored with a narrow focus.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

636-555-3226

You're missing the "why" because most companies are hiring for a position they don't understand. Unless you live in security-land, you don't know what's required to live in security-land. So you throw a random job description out there that you think you need even though it usually isn't. The only companies I've seen and talked to that actually hire for their security needs are those that actually have CISOs or !experienced! Infosec Managers already working there.

In my experience you don't see a lot of security administration jobs because most companies default to administering those systems through standard sysadmins or network admins. Some companies are catching on and hiring analysts/security admins, but even then those job descriptions aren't well thought-out or understood by their drafters. I love when I see InfoSec manager jobs asking for risk management and governance while the description also says the person should be in charge of nessus scans and AV console management. Two totally different worlds.....

Danielm7

Maybe tweak the search settings too? I tend to find more technical listings, sometimes they tend to lump network engineering as the same thing. If I search for "information security" I'll find one set of jobs, if I search CISSP, likely another, then security analyst, yet another, worth playing around with the queries if you're having trouble finding local positions.

TechGromit

636-555-3226 wrote: »

You're missing the "why" because most companies are hiring for a position they don't understand.

That's pretty much true of many IT job postings. Most people working in HR don't understand IT so the job postings often are way outdated when looking for candidates, or the job requirements are insane for the position they really want to hire for. Like a junior level position that require so much expertise most senior level employees would have trouble qualifying to it. And when you apply and don't meet the job posting requirements your application ends up in the trash, never making it to the hiring manager that can't understand why no one applied for the job. Some ads read must have 5 years experience administrating Server 2012, which is impossible since it was release less than 4 years ago.

markulous

Banks usually always have security jobs that aren't necessarily auditing or management. Usually searching for "Security Analyst" comes up with a good amount of relevant stuff.