Observation on IT Security jobs out there

Matt2Matt2 Member Posts: 97 ■■□□□□□□□□
In perusing what's out there (at least in the Pacific Northwest), it seems the majority of the IT Security jobs are either management related, or auditing and compliance related. With a few SOC type positions thrown in.

It's disappointing to see VERY few of the hundreds of positions include actual administration and monitoring of the Security related systems. I think some of that is due to company size and having roles focused on specific (and sometimes narrow) areas of responsibility. And two, companies that want someone to tell them what's needed but have the general IT department handle.

Yes I'm sure I'm missing some of the "why".

Sure would be nice to see more roles that include hands on administration and monitoring of systems by someone who knows IT Security. I get tired with just program management, and happen to like variety and get bored with a narrow focus.

Comments

  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    You're missing the "why" because most companies are hiring for a position they don't understand. Unless you live in security-land, you don't know what's required to live in security-land. So you throw a random job description out there that you think you need even though it usually isn't. The only companies I've seen and talked to that actually hire for their security needs are those that actually have CISOs or !experienced! Infosec Managers already working there.

    In my experience you don't see a lot of security administration jobs because most companies default to administering those systems through standard sysadmins or network admins. Some companies are catching on and hiring analysts/security admins, but even then those job descriptions aren't well thought-out or understood by their drafters. I love when I see InfoSec manager jobs asking for risk management and governance while the description also says the person should be in charge of nessus scans and AV console management. Two totally different worlds.....
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Maybe tweak the search settings too? I tend to find more technical listings, sometimes they tend to lump network engineering as the same thing. If I search for "information security" I'll find one set of jobs, if I search CISSP, likely another, then security analyst, yet another, worth playing around with the queries if you're having trouble finding local positions.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    You're missing the "why" because most companies are hiring for a position they don't understand.

    That's pretty much true of many IT job postings. Most people working in HR don't understand IT so the job postings often are way outdated when looking for candidates, or the job requirements are insane for the position they really want to hire for. Like a junior level position that require so much expertise most senior level employees would have trouble qualifying to it. And when you apply and don't meet the job posting requirements your application ends up in the trash, never making it to the hiring manager that can't understand why no one applied for the job. Some ads read must have 5 years experience administrating Server 2012, which is impossible since it was release less than 4 years ago.
    Still searching for the corner in a round room.
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Banks usually always have security jobs that aren't necessarily auditing or management. Usually searching for "Security Analyst" comes up with a good amount of relevant stuff.
Sign In or Register to comment.