Set Your Own Job Title?

Potentially getting a job where I can set my own job title. It's a mix of security and systems engineering. My career focus is on security engineering, but I'd like to transition to penetration testing at some point.

I'm thinking maybe "Senior Security Engineer" would be pretty interesting, but I've also juggled the idea of using a title like "Senior Penetration Tester" that sets me up for what I actually want to do. Not sure if that borderlines on unethical, but was just an idea that popped into my head.

So anyways, I guess the question is, if you could choose "the best" security title, what would you choose? I'm aware this is fairly subjective, just looking for opinions.

Find more posts tagged with

Comments

SteveLavoie

You know.. a title is only a title, your actual job task definition will define what your next boss would consider important. Your idea of Senior Sec Engineer is better and close less door than Senior Pen tester. Also, in my opinion, you can't be senior whatever if you don't have a few years in that role... Perhaps I am too modest, but job title inflation is a real problem. I agree that you need to have a title corresponding to your job task for your resume, but the next guy could choose a job title like Packet ninja

IMHO, it only show an immature HR dept, or a company wanting to give itself a startup look (or is a startup).

N7Valiant

Wouldn't that depend largely on what your duties were? I generally want to use honesty in my approach, so I wouldn't put Senior Penetration Tester if A) there wasn't a junior and

I didn't do any penetration testing.

Because I wouldn't want the resume to fall apart if someone is actually diligent enough to call your previous employer and ask questions.

TechGuru80

I'm confused...if you get to pick your title, why would you ever choose anything less than like VP / Director of InfoSec or CISO / CSO.

Welly_59

I could call myself a clown, but it doesn't mean I'm funny.

aderon

TechGuru80 wrote: »

I'm confused...if you get to pick your title, why would you ever choose anything less than like VP / Director of InfoSec or CISO / CSO.

I don't want to be perceived as being a managerial/number cruncher/etc.

aderon

SteveLavoie wrote: »

You know.. a title is only a title, your actual job task definition will define what your next boss would consider important. Your idea of Senior Sec Engineer is better and close less door than Senior Pen tester. Also, in my opinion, you can't be senior whatever if you don't have a few years in that role... Perhaps I am too modest, but job title inflation is a real problem. I agree that you need to have a title corresponding to your job task for your resume, but the next guy could choose a job title like Packet ninja IMHO, it only show an immature HR dept, or a company wanting to give itself a startup look (or is a startup).

I agree with the majority of this, but if a recruiter is browsing for potential pen testers, from a keyword perspective "pen tester" is a direct hit. I'm not worried about the subsequent interview because I'd be in the same spot knowledge-wise with or without the title. Also, I'll see if they accept "packet ninja" :P

TheFORCE

Use your job description and tasks to come up with the title. Like others said, if you are not actually doing the job of an actual pen tester you can't claim the title of a pen tester, let alone at senior level.

aderon

Since some people have asked: I'd be doing systems and security engineer in AWS and in their corporate network. To include windows and linux systems administration, VMWare, active directory, SCCM, IIS web farm management, any manner of security appliance or technology (VPN, Firewalls, SIEM, IPS, Password Vaults, Vulnerability Scanners and Management, MDM, whitelisting applications, Content Filter, Endpoint protection and encryption, PKI, etc), automation with Python, Powershell, and Bash, and even a bit of help desk if it's needed. I'd also be responsible for maintaining and troubleshooting their AWS environment as necessary.

From a "customers" perspective, I'd be an endpoint for internal employees who are having generic technical issues and also an endpoint for the devops teams to coordinate their needs with. I'd also obviously have direct responsibilities towards my team and my manager.

I'm a little shaky on some of the windows specific stuff (For example, I don't have any powershell experience) and vmware, but everything else I've worked with before and have experience with.

There will be 3 other people with the exact same set of responsibilities. It's a brutal amount of work (imo), but they're paying me substantially more than what I was making before at my last security engineering position (in the order of 40-50k more) and I'll be given stake in the company.

I legitimately have no idea what title I should choose for all that. You could say almost anything.

TheFORCE

If you will get stake in the company, you should get a corporate title on-top of your functional title, like VP, Senior Security engineering if you will be the senior guy who will be responsible for the rest of team.

E Double U

Welly_59 wrote: »

I could call myself a clown, but it doesn't mean I'm funny.

You don't have to be funny for people to laugh at you, clown

EANx

A lesson I learned early on was that the title needs to match the responsibilities. Another lesson was that most times, the word "Senior" or "Sr." is more driven by ego than it is any sort of additional responsibility. Based on what you listed above and where you want to go, I would go with something like Systems and Security Engineer. The title doesn't need to be flashy and as you stated, you could make a case for anything given the wide range of responsibilities. Don't lock yourself into something you may want to change.

TheFORCE wrote: »

If you will get stake in the company, you should get a corporate title on-top of your functional title, like VP, Senior Security engineering if you will be the senior guy who will be responsible for the rest of team.

Just because someone gets a stake doesn't mean a title comes with it but it does mean they want you to feel like part of the family. And honestly, you want to stay away from official corporate titles unless terms like "fiduciary duty" are familiar work terms.

soccarplayer29

Based on your duties you outlined I think Senior Security Engineer, Senior Security Architect, Systems Security Engineer, Cybersecurity Engineer, etc. would all work.

I kind of like the Cybersecurity in the title. If you get some hands on pentesting skills/duties and have that listed on your resume future employers could make the correlation. And if asked you could say in your role you did a mix of blue team/red team by implementing the defenses and also conducting internal penetration testing to identify weaknesses in our defenses or something.

Danielm7

aderon wrote: »

Since some people have asked: I'd be doing systems and security engineer in AWS and in their corporate network. To include windows and linux systems administration, VMWare, active directory, SCCM, IIS web farm management, any manner of security appliance or technology (VPN, Firewalls, SIEM, IPS, Password Vaults, Vulnerability Scanners and Management, MDM, whitelisting applications, Content Filter, Endpoint protection and encryption, PKI, etc), automation with Python, Powershell, and Bash, and even a bit of help desk if it's needed. I'd also be responsible for maintaining and troubleshooting their AWS environment as necessary.

From a "customers" perspective, I'd be an endpoint for internal employees who are having generic technical issues and also an endpoint for the devops teams to coordinate their needs with. I'd also obviously have direct responsibilities towards my team and my manager.

Sounds like systems engineer with some security work thrown on top of it and somehow doing part time helpdesk too. Doing that and calling yourself a penetration tester doesn't make sense at all. They have three people doing the same job and are letting each of them make up their own titles? What if one picks Sr engineer, the next picks systems admin, and they both have the same tasks?

Either way, that is in no way the job description of a penetration tester.

TechGromit

aderon wrote: »

I'm thinking maybe "Senior Security Engineer" would be pretty interesting, but I've also juggled the idea of using a title like "Senior Penetration Tester" that sets me up for what I actually want to do. Not sure if that borderlines on unethical, but was just an idea that popped into my head.

Why aim so low? I'd put down "CEO of Engineering".

TheFORCE

EANx wrote: »

Just because someone gets a stake doesn't mean a title comes with it but it does mean they want you to feel like part of the family. And honestly, you want to stay away from official corporate titles unless terms like "fiduciary duty" are familiar work terms.

And at the same time you don't want to be the guy that lost lots of cash when the company decides to go public and starts awarding VP level people with more options because of the corporate title.

Earlier in my career I worked for a company that had started with just 2-3 technicians that were doing everything for this company's stores across their region.

The company started growing and management went to these 3 guys and offered them senior titles, then offered them manager titles, director titles, EVP titles etc etc.

Long story short, one of these guys never accepted any of that because he thought the same way, "dont want to get involved with all that".

The other 2 guys... one ended up being the CIO/CTO of the company, the other guy ended up being the EVP IT Operations Director for the company's stores across 4 states. The other management roles were fullfilled over the years with people from the outside.

The guy that always declined the promotions and titles still worked as a Desktop Support guy and reported to a new Desktop Support manager. He ended up 4-5 levels down in the hierarchy from the people he used to work with.

These two people ended up getting huge bonuses I'm talking 50k-100k bonuses plus their salary was matched in stock options on top of that. While the guy that never accepted was getting the 90k-100k salary. How do I know this? Every quarter we would look at the financial statements of the company when they were reporting earnings and these guys were there. Public companies have to disclose that info, who gets it and how much.

I was at the Helpdesk at the time and thought this person was always bitter and unwilling to help anyone, later on was told the story from the IT Operations Director and everything made sense.

Point of the story, someone offers you something for your services, dont decline it, someone tells you to write your own job description, dont decline it.
Because later someone else will do it for you and you wont be as happy about it.

Fulcrum45

A friend of mine was given this opportunity and tried really hard for "Digital Buhdda" (he's a big guy). His boss recognized that his title wouldn't fly with some people -ie the customers. The idea was nixed rather quickly.

EnderWiggin

Cybersecurity Engineering Official

NetworkNewb

Fulcrum45 wrote: »

A friend of mine was given this opportunity and tried really hard for "Digital Buhdda" (he's a big guy). His boss recognized that his title wouldn't fly with some people -ie the customers. The idea was nixed rather quickly.

lol hey, if you never try something it will never happen!

aderon

soccarplayer29 wrote: »

If you get some hands on pentesting skills/duties and have that listed on your resume future employers could make the correlation. And if asked you could say in your role you did a mix of blue team/red team by implementing the defenses and also conducting internal penetration testing to identify weaknesses in our defenses or something.

That's a good point. I could just ask for permission to do pen testing work while I'm employed there. I don't believe they'll say no. And then that way I can add it as a bullet point somewhere on the resume.