What Does a Security Specialist Do?
What is a Security Specialist?
Security Specialist is a catchall description for a wide variety of entry- to intermediate-level IT security jobs. In the majority of cases, you will be responsible for designing, testing, implementing and monitoring security measures for your company’s systems. You’ll see a fair amount of crossover in this role with Security Analysts, but junior-level specialists usually have to deal with a lot more administrative tasks.
In addition, Security Specialists tend to be all-rounders. You’ll know how to configure firewalls and implement compliance measures. But you’ll also be adept in pen testing, auditing, and post-incident analysis. In some cases, you may be the one responsible for developing an infosec strategy, recommending security products, and even training other employees.
Security Specialist Job Responsibilities
As part of your day-to-day tasks, you could be required to:
- Analyze and establish security requirements for your systems/networks
- Defend systems against unauthorized access, modification and/or destruction
- Configure and support security tools such as firewalls, anti-virus software, patch management systems, etc.
- Define access privileges, control structures and resources
- Perform vulnerability testing, risk analyses and security assessments
- Identify abnormalities and report violations
- Oversee and monitor routine security administration
- Develop and update business continuity and disaster recovery protocols
- Train fellow employees in security awareness, protocols and procedures
- Design and conduct security audits to ensure operational security
- Respond immediately to security incidents and provide post-incident analysis
- Research and recommend security upgrades
- Provide technical advice to colleagues
In a large organization, you will typically report to a Security Manager.
Security Specialist Careers
Security Specialist Career Paths
- Security Administrator
- Network Administrator
- System Administrator
After becoming a Security Specialist, you can aim for a senior-level security job such as a:
The highest paid and highest ranked security jobs include:
The term “Security Specialist” is also known in the business as an:
- Information Security Specialist
- IT Security Specialist
- Computer Security Specialist
- Network Security Specialist
Security Specialist Salaries
Payscale has two categories for IT Security Specialists:
- The median salary for an Information Security Specialist is $75,263 (2019 figures). Overall, you can expect to take home a total pay of $47,177 – $119,556.
- The median salary for a Computer Security Specialist is $72,223 (2019 figures). Overall, you can expect to take home a total pay of $39,920 – $107,887.
Total pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Security Specialist Job Requirements
In the world of IT Security Specialist job listings, it pays to narrow your options by choosing the appropriate salary & experience level. For example, we’ve seen a specialist job with the OECA that only requires 1 year of full-time work experience and no specific degree. But we’ve also seen a Cyber Security Specialist position with a well-known defense firm that requires a 4-year degree in Computer Science or a related field, 5-8 years of experience in security & programming, CISSP certification and Government Clearance.
Because specialists have a hand in many IT security projects, you can build your experience in all kinds of ways. Internships and bootcamps are good, but so too are MOOCs, volunteer projects, and specialist certifications (e.g. CEH). Attending cyber security conferences can help you create a network of contacts. You may also want to reach out to current specialists in your preferred arena (e.g. finance) to learn more about the realities of the work. Are they doing a lot of repetitive administrative tasks? Do they have a lot of control over projects? Ask away.
It’s going to depend on the job. In entry-level positions, you may be able to get away with an associate’s degree or 4 years of experience in lieu of a degree. For higher-level positions, many employers will expect a bachelor’s degree in Computer Science, Cyber Security or a related technical field. Don’t have a BS? You could consider a master’s degree with a concentration in IT security, training and/or professional certifications.
For entry-level positions, requirements can be as low as 1-2 years. For senior-level positions, expectations climb to 5+ years of experience with extensive work in IT security.
We’re going to hedge a little, since every employer is going to have very specific needs. That being said, it’s always good to ground yourself in fundamentals such as:
- IDS/IPS, penetration and vulnerability testing
- TCP/IP, computer networking, routing and switching
- DLP, anti-virus and anti-malware
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- Windows, UNIX and Linux operating systems
- ISO 27001/27002, ITIL and COBIT frameworks
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- C, C++, C#, Java or PHP programming languages
- Security Information and Event Management (SIEM)
In basic terms, Security Specialists play independently but work well with others. In other words, employers want to see you have strong oral and communication skills, a curious, analytical mind and the ability to solve complex technical problems.
Certifications for Security Specialists
We’ve listed some – but by no means all – of the options available. If you have time, reserve a 1/2 hour to scroll through job descriptions on LinkedIn – employers often specify precisely what certifications they favor. Security+ is always popular.
- Security+: CompTIA’s popular base-level security certification
- CCNA: Cisco Certified Network Associate – Routing and Switching
- CEH: Certified Ethical Hacker
- GSEC / GCIH / GCIA: GIAC Security Certifications
- CISSP: Certified Information Systems Security Professional