IT, SecOps & Cyber Security

Security Analysts create and monitor security processes and frameworks to protect business systems and networks from being illegally accessed. They conduct security risk assessments of network security devices, lead incident responses, monitor and respond to security control related incidents, investigate issues and liaise with vendors and technical teams to develop incident remediation plans. Certifications include CISSP, CISA and CISM. In conjunction, they’ll likely have good Business Analysis skills as well.

A Security Architect designs & build security structures for business systems, networks and applications. This includes vulnerability testing, intrusion detection systems, firewalls, IDAM systems and incident and event management systems and processes and more. They provide technical guidance, assess costs & risks, and establish security policies and procedures. Typically, they are familiar with ISO 27001/27002 and are certified with CISSP & CISM.

A Security Engineer takes a lead role in identifying, defining and implementing platform and company security requirements, and working within development and DevOps teams to help design secure architecture. They own all security procedures, architecture, documentation and standards compliance within the development, DevOps and SRE teams, and manage the monitoring and intelligence related to all cyber threats.

Penetration Testing or Ethical Hacking probes for, and exploits, security vulnerabilities in web-based applications, networks and systems. They design white box or black box tests that test system strengths and weaknesses enabling full risk assessments to be conducted. Tools used include Java, C++, Metasploit, Fortify and AppScan. They will likely be certified in OSCP, CREST, CEH, CPT or other similar qualification.

A Security Technical Consultant is an advisory role focused on risk mitigation and management from a technical perspective.  They assess technical security solutions & tools, recommending enhancements or improvements. They research threats and trends, provide feedback and report on security issues. They have knowledge of ISO 27001/27002, ITIL & COBIT frameworks, PCI, HIPAA, NIST, GLBA and SOX compliance and have strong technical capabilities across a broad range of platforms.

A Chief Information Security Officer (CISO) is the leader within a business responsible for establishing and maintaining the vision, strategy, and enterprise programme to ensure digital assets, systems and technologies are adequately protected and secure. They are accountable for strategic plans and road maps, disaster recovery and business continuity plans, security policies, protocols & controls, cyber incident responses and investigations of incidents and events.