Using the Internet, find at least five job postings for security administrators. What qualifications do the listings have in common? Did any of the listings include any qualifications that seemed unusual or different from what was expected? (“Management of Information Security”, p.515)
Job posting 1: “IT Security Administrator, Digital Hands, Tampa, FL”
Qualifications:
- Education-
- Bachelor’s degree in computer science or related field; or equivalent experience
- Certifications-
- CISSP, CompTIA Security+, Network+, SANS/GIAC (GSEC), are highly desired
- PMP Certification a plus
- Work Experience-
- 2+ years of experience in a Security Administration, preferably working within an MSSP (managed security service provider)
- 5+ years of experience in Information Technology role
- 2+ years project management experience
- Strong knowledge of policies, procedures, audits, and risk management
- Experience in information security, ideally in multi-platform environments preferred
- Operating systems knowledge and systems administration skills for various versions of UNIX, LINUX, and Windows and Windows Server
- Experience with analyzing security attacks and exploits
- Basic understanding of programming concepts and code
- Access Control Concepts, Methodologies, and Techniques
- Experience in the evaluation of new technology and security threats as they arise
- Familiarity with information security best practices
- Demonstrated documentation skills including creation of project metric reports and the creation of communication plans and change control documents
- Skills and Characteristics-
- A keen interest in security and the need for the Confidentiality, Integrity and Availability of information and information systems to be maintained
- Excellent Analytical skills
- Excellent communications, presentation, and listening skills
- Excellent organizational and time-management skills and the ability to multi-task and prioritize
- High level of integrity, judgment, and situational awareness
- Ability to work both independently and collaboratively with peers, across teams, and with management
- Flexibility and adaptability to change
- Flexibility with shift rotation
Remarks
The job posting requires a person with hands-on specialized technical experience in generic IT and in security, as well as a person with managerial skills. The candidate is expected to also be a quick learner, adapt to changes, and be open to responding to incidents at any time of day and work in shifts.
I found it surprising that the listing had as one of the desired certifications the PMP – the Project Management Professional Certification. I usually a mention of PMP on listings for IT development managers, and haven’t come across it in the information security realm before this.
Job posting 2: “Security Administrator, Vector Security, Warrendale, PA”
Link: https://www.linkedin.com/jobs/view/376239194
Qualifications:
- Education-
- Bachelors or better in Computer Science or related field
- Certification-
- Security related certifications is a plus.
- Work Experience-
- 1 – 2 years: IT security / compliance
- Skills and Characteristics-
- Familiar with security and compliance initiatives including HIPAA and PCI
- Knowledge of network design and infrastructure technologies including network protocols
- Understanding of information security technology systems and controls including firewalls and intrusion detection/prevention
- Excellent verbal and written communication skills
- Ability to facilitate meetings, track work, collaborate and influence people to take action to assist in the resolution of security gaps
- Ability to travel up to 25% of time.
- Team Player: Works well as a member of a group
- Detail Oriented: Capable of carrying out a given task with all details necessary to get the task done well
Remarks
Vector Security is looking for an entry level administrator with basic security knowledge, the aptitude for security concepts, and the attitude to be trained and rapidly learn and grow into the job. Their posting is straight-forward and doesn’t ask for any managerial certifications or experience.
Job posting 3: “Information Security Administrator, Beauty Systems Group, Denton, TX”
Qualifications:
- Education-
- B.S. Degree in Computer Science, Computer Engineering
- Certification-
- None listed
- Work Experience-
- 0-2 years IT/Security experience
- Experience in some or all of the following areas desirable: OS Security (Window, Linux, Sun), firewalls, IDS, routers and switches
- Skills and Characteristics-
- Excellent listening, verbal and technical writing skills
Remarks
This is an entry-level position and the company only requires rudimentary knowledge of security concepts, and prefers a candidate who is coachable and with good communication skills. No mention of security certifications or any specifics of security work experience are listed.
Job posting 4: “Security Administrator, TEKSystems, Miami, FL”
Link: https://www.teksystems.com/it-jobs/job/US/Miami-FL/Other/Security-Administrator/J3K80V62WCMMNG4G36X
Qualifications:
- Education-
- None listed
- Certification-
- None listed
- Work Experience:
- Significant SOX experience required
- A background in identity and access management activities such as provisioning, de-provisioning and recertification of access
- Enforcement of compliance to IT Security Policies and Procedures
- Skills and Characteristics-
- Knowledge of basic computer concepts
- Understanding of basic security
Remarks
The job listing states that it is for a senior security administrator. It is unusual, though. that a listing for a senior position has not specified education qualifications, security certifications, or managerial experience. It is also surprising that the required skills only mention knowledge and understanding of basic computer and security concepts.
Job posting 5: “Security Administrator, Beauty Systems Group, Denton, TX”
Link: http://www.careerbuilder.com/job/J3G3M7645YR8MQ5J0BW
Qualifications:
- Education-
- None listed
- Certification preferred-
- CCNA (Cisco Certified Network Associate)
- Security+
- CEH (Certified Ethical Hacker)
- Work Experience-
- CISCO LAN/WAN experience
- Experience in server, network and security services administrator
- Skills and Characteristics-
- None listed
Remarks
The listing is for a person with technical skills – especially someone with network and network security experience.
And while it lists the desired certifications, there is no mention of education qualifications.
It also makes no mention of managerial skills or soft skills.
References
- Whitman, Michael E. Management of Information Security, 5th Edition. Cengage Learning, 20160411. VitalBook file.