20 Coolest Information Security Jobs

  • #1 Information Security Crime Investigator/Forensics Expert
  • #2 System, Network, and/or Web Penetration Tester
  • #3 Forensic Analyst
  • #4 Incident Responder
  • #5 Security Architect
  • #6 Malware Analyst
  • #7 Network Security Engineer
  • #8 Security Analyst
  • #9 Computer Crime Investigator
  • #10 CISO/ISO or Director of Security
  • #11 Application Penetration Tester
  • #12 Security Operations Center Analyst
  • #13 Prosecutor Specializing in Information Security Crime
  • #14 Technical Director and Deputy CISO
  • #15 Intrusion Analyst
  • #16 Vulnerability Researcher/ Exploit Developer
  • #17 Security Auditor
  • #18 Security-savvy Software Developer
  • #19 Security Maven in an Application Developer Organization
  • #20 Disaster Recovery/Business Continuity Analyst/Manager

#1 - Information Security Crime Investigator/Forensics Expert - Top Gun Job

The thrill of the hunt! You never encounter the same crime twice!

Job Description
This expert analyses how intruders breached the infrastructure in order to identify additional systems/networks that have been compromised. Investigating traces left by complex attacks requires a forensic expert who is not only proficient in the latest forensic, response, and reverse engineering skills, but is astute in the latest exploit methodologies.

Why It's Cool
"In the private world, the security guy just cleans up the mess to try and keep the ship afloat, but when criminals strike, the crime investigator gets to see that the bad guys go to jail. Want to see the face of your enemy... behind bars? It's a thrill like no other - being pitted against the mind of the criminal and having to reconstruct his lawless path."

How It Makes a Difference

  • "You are what stands between your organization and the hackers/malware out there."
  • "This is a core job that provides nuts and bolts technical security controls for any enterprise. When things go wrong, this is the person that we all need to ask for help. They are the ones that will be able to look at the more esoteric logs and determine what happened, write a script to deal with problems, etc."

#2 - System, Network, and/or Web Penetration Tester* - Top Gun Job

You can be a hacker, but do it legally and get paid a lot of money!

Job Description
This expert finds security vulnerabilities in target systems, networks, and applications in order to help enterprises improve their security. By identifying which flaws can be exploited to cause business risk, the pen tester provides crucial insights into the most pressing issues and suggests how to prioritize security resources.

Why It's Cool

  • "There is nothing like finding the magic back door that everyone says isn't there!"
  • "The power to understand how systems can be penetrated and misused is something less than one percent of people in the entire security industry know, let alone the average citizen."

How It Makes a Difference

"You're the one who gets to figure out how to make a computer do a new task - for example, scripting and batch jobs and integrating multiple applications. When you automate a process, not only do you get the thrill of solving the puzzle, but you get recognition, and even more difficult problems to solve. Eventually, you become the 'go-to' person."

#10 - CISO/ISO or Director of Security

Seems like I can get a lot done with little to no push back
Job Description
Today's Chief Information Security Officers are no longer defined the way they used to be. While still technologists, today's CISO/ISO's must have business acumen, communication skills, and process-oriented thinking. They need to connect legal, regulatory, and local organizational requirements with risk taking, financial constraints and technological adoption.
Why It's Cool

  • "Authority always wins."
  • "These people get to decide where to build the "watch towers", how many rangers are stationed in the park, where fires can be safely built, and the rules of engagement."

How It Makes a Difference

  • "You have the creative direction to influence and directly contribute to the overall security of an organization. You are the senior security player, the only one whom the CEO will trust."
  • "This position usually reports at a very high level, and gets to see and influence the big picture. You work with physical security, IT, the businesses, even the FBI and other law enforcement agencies."
  • "You are da Boss. You can pick and choose who does what, what gets done, and motivate and then share the credit with your people. You make a real impact on a daily basis."

#18 - Security-savvy Software Developer

Cool, because this is VERY rare.

Job Description
The security-savvy software developer leads all developers in the creation of secure software, implementing secure programming techniques that are free from logical design and technical implementation flaws. This expert is ultimately responsible for ensuring customer software is free from vulnerabilities that can be exploited by an attacker.

Why It's Cool

  • "You get to make something that actually runs and does something (and won't break under pressure)."
  • "These guys are the senior developers by virtue of their programming prowess."

How It Makes a Difference

  • "No security architecture or policy can compensate for poorly written, buggy, insecure software. If one pays the necessary attention to security when a product is initially developed, one doesn't need to go back and add security later on."
"This is where the rubber meets the road. These are the people making a difference where it really matters...in the software that runs the world."

Ishan Rastogi
MS Cyber Law & Information Security
Indian Institute of Information Technology