Well paid entry-level InfoSec jobs?

ArabianKnight

First I want to say I'm glad I found this forum, it is excellent!

As a former US Army infantryman the jobs out there are miserable! I want to change my career to IT security in the CND/IR area and need to get ahead any way I can. I am currently working on getting multiple certs through self study, but am still deciding on the online school I want to go too.


I want to work for a Government contractor like General Dynamics, SAIC, CACI, Northrop Grumman, and Booze Allen amongst others. Anyone currently working for the government in a net defense/IA/or entry level security position?

Generally how well do these positions pay? I'm shooting for 65k+, and with my security clearance too I think that is achievable.

My current certification plan is A+, Network+, Security+. Then MCITP-EA, and some GIAC certs. With the degree in InfoSec I think this will be a winning combo. I know I have no IT experience but want to get a great entry position.

Any helpfull tips, suggestions?

thenjduke

The security clearance will help you but for 65k a year it might be a little hard. You might start somewhere between 50 60k a year.

phantasm

Most grunts I know (former 11B) don't have security clearances... but either way. A career in info sec isn't going to happen over night. You'll generally start in the helpdesk or a NOC doing entry level support roles for a few years. Pay is subject to experience and location. As for security certs, Security+ is a good start, so good on you for that. Adegree in InfoSec will help, but again you'll need practical experience before you can land a decent paying job. I've spent 3yrs in the industry and just broke $60k. First job paid $32k, second paid $45k and now this one, I still don't work in infosec, but I'm hoping more for network engineer anyway.

I'm sure some of our resident InfoSec guys will be along. You should also try searching for Security in this forumn, there is a lot of information already on here.

Thanks for serving and best of luck in your new career.

tpatt100

I have 20 years in the military. 4 in the Marine Corps and 16 in the National Guard. I got my security clearance through the Guard since I was in a Signal MOS. Did you have a comsec position in infantry? Just curious as to how you got the clearance. I would double check to make sure its active also.

I work for and used to work for two of those companies you listed. My first job with a clearance paid 30K and that was over a decade ago. I jumped up over the years. I just broke the six figure mark recently but to be honest.....

You might want to take a realistic approach to what you want and what you are "worth". Government contracting peaked already and in my opinion is going to head downwards due to the government wanting to cut defense spending. IT contractors imo are grossly over compensated compared to the private sector and I have ran into too many people who think they are worth what they are getting paid for. Then when they try and look for a job in the private sector asking for what they currently get and wonder why they get laughed at.

Me? I have been planning and preparing focusing my studies on the private sector's methods of IA and C&A work. Trying to find a means to get HIPAA experience/knowledge. But mainly trying to map DOD models to HIPAA so I can tell my next employer "well my experience is this but it crosses over this way and that way".

At my last contract we had some Windows admins that had no business being Windows admins. Lacked experience on basic stuff like how to RDP to a box.

My next job which I start next week the minimum for anybody to get hired was 8 years experience, four year degree and CISSP and or CISA. So far? That is all they have hired from what I noticed when I checked names out on LinkedIn.

If I were you set a realistic goal for help desk or maybe if somebody is desperate you can get a shot at a NOC somewhere. And if you get the 65K with no experience? Grats. Just don't go expecting everybody else to offer you that much.

rwmidl

First, welcome to TE! As others have said, to get InfoSec jobs, you are going to need experience (unless you are extremely lucky!). I like the idea of getting the CompTIA triad (A+, N+, Sec+). I'd look at then getting either an OS cert (Win7, XP, Linux+) - then you have met your DoD 8570 requirements. Look for landing a position doing help desk/entry level NOC work. It's grunt work, not that glamorous but most of us on here started working on the help desk. That is where you learn your chops, so to speak.

ArabianKnight

For those of you wondering, I was in a Stryker brigade in the army and everyone had to get a Secret clearance. I also did the security contracting for a bit in Iraq and you had to have a clearance.

I am in the reserves now trying to change careers and working on my TS/SCI. I want to finish the CompTia certs before the end of the year so Im certified for life, then I decided on MCITP:EA because well, all I have used were Windows OS's.

If I can I would like to sneak my way around having to learn hardcore programming and working with code all day, as an Incident Handler how important is this?

I have seen some job postings for contractors on there websites for positions like Network Defense Watch Officer, Network Security Analyst Incident Handle, Cyber Incident Analyst 1 and other similar positions I have seen. I got these from the Northrop Grumman site, all are entry level

Anyone performing similar jobs that care to tell us more about the job and the typical work day.

earweed

CACI is currently hiring in Montgomery, Alabama for level 1 helpdesk which is as good as you'll probably get but your clearance would definitely help. They pay in the high 30's for entry level and that's probably your best bet.

white96gt

Your going to have to start out like everyone else who enters IT. This usually means help desk making 30's - 40's. IT is all about experience especially security. How can you secure a system when you have never worked with it? Having military experience and clearance helps a lot, but you need to get the experience and lots of it.

ArabianKnight

Thanks, I understand the help desk requirement but don't see how that relates to accruing experience for a network security job, unless the position is specific for infosec. I thought help desk is just helping people find the computer switch and troubleshooting computer problems. Most job postings ask for Related Experience in that specific field. I have no problem starting at the bottom, just a little confused how the relevant experience fits in.

earweed

Help desk is generally how most IT people enter the field. Either that or doing PC tech work or if they are lucky desktop support.

phantasm

ArabianKnight wrote: »

Thanks, I understand the help desk requirement but don't see how that relates to accruing experience for a network security job, unless the position is specific for infosec. I thought help desk is just helping people find the computer switch and troubleshooting computer problems. Most job postings ask for Related Experience in that specific field. I have no problem starting at the bottom, just a little confused how the relevant experience fits in.

I understand your confusion so let me put it this way, think of the old Army adage of crawl, walk and run.

Crawling: Tier I Helpdesk/NOC work - Exposes you to basic issues and troubleshooting.
Walking: Tier II position - Exposes you to advanced troubleshooting and more responsibility as well as the chance to learn advanced topics (this is where a lot of mentoring occurs and really grooms you for later in your career).
Running: Tier III and beyond work - This would be your Network Engineers and Security Engineers and Sr. Analysts. Here's where your career wants to be. You can't be a Security guy without having experience troubleshooting both systems (Windows and Linux and possibly some MAC *shudder*) and networks. As a Security guy you'll need to understand both and how they interact with each other.

For example, our Security people write ACL's (access control lists) to permit or deny which subnet or single IP is permitted or denied through the network. This sole action requires an understanding of the application and the network. I wouldn't permit an individual with no experience to even touch a router without direct supervision, even then they need at least a CCNA in my opinion.

It can be done to go straight into Security, but I wouldn't bet on it. Also, a B.S. in CS and an M.S. in IA would be my preferred route. However I went to DeVry and did Technical Management and am deciding on either IA or Telecom Management for my M.S. but that is a decision you will make depending on your career and interests.

ArabianKnight

Thanks for the input, so the engineer is above analyst and you do not need to take separate paths to get to engineer. For example it would go something like, help desk-admin-analyst-engineer, with a security option somewhere in there if you want it.

phantasm

For the most part yes, job titles are generally interchangeable with the exception of Engineer. The Engineer is usually the top position in that are of study. As such you could be called a Helpdesk Technician or Helpdesk Analyst and it could be the same thing. It all depends on the company and it's heirarchy. For example, my very first IT job was labeled as an IT Analyst, next I was a Network Technician and then Network Technician II. Finally and currently I'm a Network Analyst III which is a Tier II position in a NOC. From here I goto Tier III (God willing) and then onto Engineering. But that is still some time off more than likely.

Either way, start in a NOC or Help Desk and do some time. Learn your field and try and work with the security guys/girls if you can from time to time to get some experience. Just understand that if you land a Government job you may have the clearance but no the need to know so being in the security group might require further approval from management. Either way, study the security certs and other certs you like, get some experience and then it will fall into place. It just takes time and a lot of hard work.

tpatt100

Helpdesk did not help me much at all security wise. It was the first step because I had no real world experience with networks besides the POS home network I had which never had real problems because nobody but myself used it.

At my last job and the new one I start next week I will have to scan, collect reports. Manually audit the machines which means logging into each one and checking configurations for HPUX/Windows/Red Hat, etc, etc. Then take the scans upload them, create reports and so on and so on.

I have to really get good at Linux not to administer them but to know where to go to check the audits. Most of the audits are general "unix" audits and most don't have "Click here-here-here" and look for this. They are general so depending on what "Nix" OS your on it could be a slightly different command or in a different location.

I can fly through the Windows audits because I was a sys admin for a few years but I had to cram through a Server 2008 book because things had changed or moved from 2003 Server.

And I Googled those jobs. They say "0" experience if you have a four year degree or four years experience in lieu of a degree. That is standard language in DoD contractor land. It also says they want a CEH, GHIC or CISSP none of which you will get with no experience.

The entry level is HR speak to give them flexibility in finding somebody. Not that a hiring manager is going to hire you with zero experience because the position says so.

Hada944

I don't have much experience, but I received two job offers from GEneral Dynamics for Ft. Meade, MD. Two things that helped me the most. TS/SCI clearance and Sec+. If you want to work for DoD contractors skip the A+ and N+ and go straight for the Sec+. With that one cert you are qualified at the Tech II Level and the MGT I level (WRT - 8570). While having both the A+ and N+ only qualifies you for Tech I level (8570). Skip them.

I joined the Air National Guard as an Infrastructure Technician. This experience has helped me quite a bit, you should look into it. That is also how I got my TS.

I do have a lot of college degree's but they didn't help since I did not list them.

Starting salary (it seems like an entry-level gig) if 65K. That's in MD, which ain't that good. But at least it's a start and I can move up.

Good luck to you.

Cory

ArabianKnight

Thanks for the input people, I am currently deciding to pursue Sec+ or Net+ after the A+, and I may do both anyway just to learn some networking. Definitely before the end of the year though. Dont see many positions wanting A+ or Network+, but do see plenty for Security+.

Also, whats the difficultly level to learn MCITP:EA compared to the CompTia certs?

By the way, Im using Army E-Learning Skill Soft online and used the Mike Myers book for the A+ cert. Anyone else using Army E-Learning for their certs as well?

earweed

MS is a lot harder.

CrapMasterZero

I graduated from college last year (BSEE) and got a job at a government agency (as a federal employee, not a contractor). At the moment I do C&A work (I am not in a technical position but I get to learn a lot about crypto, key management etc.)

I get paid around 65K (but I also live in a high cost area). In my experience most of the tech admin type security work is done by contractors. We govies mostly focus on IA components in programs and do a lot of management and compliance. I don't have any certs yet but am required to get one soon as part of IAWF. Good luck and apply for Federal Career Intern Program (FCIP) type jobs...that's how I got mine. These are for entry-level jobs for recent college graduates and gives agencies a quick way to hire new talent. I didn't have to go through the normal process where I would have to write KSAs, wait for months etc.

The place I work in only hires Engineers and Computer Scientists through this program so if you have some other degree you will have to go through the direct route (i.e. compete with every one else) which is much harder.

phantasm

CrapMasterZero wrote: »

The place I work in only hires Engineers and Computer Scientists through this program so if you have some other degree you will have to go through the direct route (i.e. compete with every one else) which is much harder.

That's an under statement. I've been trying for a federal job since I got off of active duty... eight years ago. First they said get a degree, so I got my A.S. Then it was experience which I then got, then it was a B.S. degree and then certs. I've done it all and the last recruiter I talked to told me an M.S. would be a good thing to have. lol. The hell with it.

colemic

+1 to phantasm, you gotta know somebody in the system to get in. Especially now, when they are flooded with applicants. I have applied to probably close to 50 and have yet to get a call back on a single one. I made it through the first round on several, but ultimately was not selected (obviously, since I didn't even interview for any of them...)

Mike-Mike

I found several well paying IT jobs posted for the government here, but I don't think I am qualified for them, but I did find a government telecommunications job posted, I have 9 years experience with AT&T, an Associates, and hopefully 3 certs by the time the Nov 30th deadline passes, so I'm giving it a shot... would have never found it if it wasn't for this thread... thanks CrapMasterZero, I had to google FCIP

johnson4730

So I made this post and added you as a friend. I work for Booz Allen Hamilton and we are currently in the business of hiring a lot of security experts for some upcoming jobs.

I am on my way out of Booz Allen, but ill still make an effort to try to hook you up if you are interested.

With Booz Allen, you have about a 1% chance of getting a call back if you send a resume.

Your screen name is Arabian Knight, do you speak Farsi or Arabic? Is so, are you willing to relocate to Bahrain?

You said you are pursing a TS/SCI clearance, ETA on when this is complete?

It will be really hard to get you in without a degree, I didnt notice if you said you had one. Send me a message offline and we can discuss further.

tpatt100

colemic wrote: »

+1 to phantasm, you gotta know somebody in the system to get in. Especially now, when they are flooded with applicants. I have applied to probably close to 50 and have yet to get a call back on a single one. I made it through the first round on several, but ultimately was not selected (obviously, since I didn't even interview for any of them...)

My first job was in a federal building and I learned quickly you better not piss a government employee off. Why? odds are if you tick off somebody their dad,mom, uncle, aunt, grandmother, grandfather, golf buddy, former war buddy etc will come down and holler at you