What is an IT security specialist?
Simply, IT security is the protection of information systems and computer systems from theft or damage to the hardware or software they may infringe on the integrity of the system or service they provide. This is a growth area for IT, with more and more businesses and organisations relying on computer systems to run their daily operations. Computer systems now include smart devices, televisions, and small devices part of the Internet of Things. IT security analysts can specialise in areas such as:
- cloud security
- internet security
- mobile security
- network security
Skills an IT security specialist needs
Here are the two key skills we think any IT security specialist needs to be great at computer security:
- Problem Solving – IT security problems aren’t always easy to spot and a security specialist needs to be able to anticipate the problem before it occurs. They should also be good at understanding how an IT issue may impact on other computer systems or networks and the wider organisation.
- Adaptability – Ability to quickly pick up and understand technologies and adapt as required in incident response situations
Responsibilities of an IT security expert
The roles and responsibilities within IT and computer security can be broad, depending on industry. For example, some security experts focus on information security and training internal staff how to best secure information and data, whilst others focus on exposing vulnerabilities within a system, so that others can mitigate them.
IT security typically involves – but is not limited to – the following areas:
- Identify security issues and risks associated with security events and manage the incident response process.
- Participate in the incident response and investigation process for identified security events.
- Perform network and system forensics in response to security incidents.
- Optimize and customize security-monitoring tools in order to improve detection.
- Hunt for signs of security anomalies.
- Work with various business units to conduct vulnerability scanning and respond to vulnerability reports.
- Respond to incident reports.
Types of software security jobs
Cloud Computing Security: responsible for the architecture of an organisation’s IT security, and often the corresponding design and policies to support cloud application, networking, server and storage solutions.
Software Security Engineer: these are diverse roles where engineers are tasked with doing anything from employee training programs around IT security, to developing the security aspects of applications and software programmes.
Security Consultant: these roles are usually focused on the cybersecurity of an organisation. Security consultants encourage best practice IT security management, and assist organisations, usually on a project basis, with implementing or improving their IT security.
Security Analyst – optimising operation of the information technology (IT) and telecommunications services and support for and organisations staff and systems. Responsible for the processes, monitoring, reporting and operations of the IT security framework.
- Experience with network intrusion detection and analysis tools such as Bro, Sourcefire, Snort and Wireshark.
- Experience solving problems with scripting languages such as Perl, Python, PowerShell or Bash
- Expertise in analysis of TCP/IP network communication protocols such as SMTP, FTP, HTTP, DNS, SSL, Authentication
- In-depth knowledge of security monitoring and incident response.
- Knowledge of conducting security investigations.
- Solid understanding of network protocols and architecture.
- Candidate should be highly analytical with the ability to derive facts quickly, methodically, and accurately.
- Experienced with ethical hacking, firewall and intrusion detection/prevention technologies are a plus
- Knowledge of common platforms used in corporate environments, such as Windows and Linux
Education & Requirements for working in IT security
There is no specific degree or qualification required for an IT security job, however the following education and experience would be advantageous for anyone applying for a security role:
- Bachelor’s degree in computer science
- Certifications such as CISSP and SANS
- SAP Security knowledge e.g. GRC and IDM.