Levels of InfoSec

shawnx715shawnx715 Member Posts: 30 ■■■□□□□□□□
I was thinking about this the other as I was looking at posting to get into the InfoSec world.

What are different levels of InfoSec roles? For instance, is SOC Analyst more entry level than Incident Response? Security Architect higher then Pen Testing? etc etc.

Just curious for what are some entry level roles I should look at when applying for InfoSec jobs.


  • aderonaderon Member Posts: 404 ■■■■□□□□□□
    I'd say that's an extremely difficult question to answer lol. For one, it's going to be extremely opinionated. Two, an architect at one company could be doing less technical work than a technician at another, so job titles are kind of meaningless in that way. And then there's also the fact that other than just levels, there's also different types of work: compliance, assurance, research, forensics, management, offensive, defensive, development, etc. They're all different and require different strengths and skills to be successful. So, I don't think you could really qualify one as being harder than the other in a lot of respects.

    But, just for the hell of it, and at the risk of invoking forum wrath, I'm going to rank them in my own opinionated, ridiculous, inaccurate, incomplete, and completely biased fashion haha:

    From least difficult, to most difficult
    Security Product Tech Support Tier 1
    SOC Technician
    Social Engineering
    Compliance/Info Assurance
    Security Analyst
    Security Product Tech Support Tier 2
    Penetration Testing (Automated Tools/Compliance crap)
    Threat Hunting + Intel
    Cloud Security
    Network Security
    Security Engineer
    Solutions/Sales Engineer
    Incident Response
    Security Product Tech Support Tier 3
    Penetration Testing (Manual)
    Security Architect
    Malware Analysis/Reversing
    Exploit Dev

    Regarding your question about entry level roles. From what it sounds like you're interested in, I'd say these would be worth shooting for. Keep in mind that these will likely require a tour of duty in non-security related IT fields first before someone will hire you:

    Security Product Tech Support Tier 1
    SOC Technician
    Security Analyst

    Also, most of those terms are pretty interchangeable. You can kind of mix and match and do whatever you want.

    SOC Analyst
    Technical Support Analyst
    Security Technician

    So just play around w/ the terms, since most places will name the same jobs differently. This post probably wasn't helpful at all haha, but the question is very difficult.
    2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    Aderon is spot on with the variability of roles within security. Since there are no predesignated definitions, different companies use wildly different titles for the same role. Honestly, this can sometimes provide some insight into how much the company values information security.

    Here in Virginia, the state positions can be even worse. There is a working title, which is separate from the role title. A quick search on the role title of "Information Technology Specialist II" yields positions as far ranging as:

    Java Developer
    Business Analyst
    Information Security Engineer
    Information Security Analyst
    Jr Java Developer

    All of that said, positions that are more entry level positions are sometimes named to make them stand out. If I were looking for more entry level jobs, I would key in on jobs with junior, entry, associate and sometimes analyst in the title.

    The next major tier would be senior, engineer, lead, etc.

    By no means exhaustive, and you will constantly see jobs that don't fit these categories, but that has been my general experience.

    Hope it helps.
  • jibtechjibtech Member Posts: 424 ■■■■■□□□□□
    Delete this. Post put into the wrong forum. I feel stupid. icon_sad.gif
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    aderon wrote: »
    But, just for the hell of it, and at the risk of invoking forum wrath, I'm going to rank them in my own opinionated, ridiculous, inaccurate, incomplete, and completely biased fashion haha:
    I love the disclaimer! But you're dead on. Titles and levels in security seem more goofy than any other IT specialty I've worked in. Just yesterday i met with Security Managers who don't have anyone to manage. In some companies an analyst is the lowest level, but then you'll see SANS courses taught be an analyst. Then enter the intelligence community and it seems like an analyst isn't entry level at all. Then step up to the engineer level, where most of the job ads don't mention any sort of engineering at all, but instead IR, some forensics and maybe pentesting. It really is all over the map.

    Also, i seems like the salaries don't also scale with difficulty level. You might get someone who does forensics or even reverse engineering, but many compliance people get paid way more but on a technical skill level there is no comparison at all.
  • shawnx715shawnx715 Member Posts: 30 ■■■□□□□□□□
    Thanks you all very much! All the info was very helpful!

    @aderon it was exactly what i was looking for.
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    I look at the job description more than anything. Companies are always trying to water down titles/salaries, but beefing up the job requirements.
  • IronmanXIronmanX Member Posts: 323 ■■■□□□□□□□
    Look at the job description.
    Job titles are not accurate.

    Even job descriptions are not accurate.
    I once got into a position and asked for a raise a couple of months in due to the position's job description and even the interview description of the job not matching what was actually being done.
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    It depends on what your strengths are and are not. Your probably not going to start off working in cryptography without a Ph.D. in crypto so we can safely say that avenue is out.

    Do you have a hardware, software or GRC background? Each of these skillsets will determine whether employers will look at you for a particular position or not? Problem with security and there are many, is that security itself touches everything to some regard. Making it tough for people to zero in on one specialty or another.

    - b/eads
Sign In or Register to comment.