Category Archives: Skills in Demand

Application Security Engineers

Skills in demand: Application Security Engineers

Skills in demand: Application Security Engineers

The need for Application Security Engineers has grown dramatically as legacy applications are moved to the web.  Application Security Engineers can be focused on enterprise or mobile applications, but their overall goal is similar:  consider all system vulnerabilities of applications from design/development through implementation and maintenance.  This is a subject matter expert with strong knowledge of IT architecture, hardware, web security, identity and access management, application firewalls, intrusion detection as well as threats and vulnerabilities.

What it takes

Hands on experience with secure code review, static analysis security testing, dynamic application security testing and strong knowledge of web development technologies.  A deep understanding of threat/attack modeling is also critical as well as the ability to interact with cross-functional teams.

Compensation
Base compensation can range from $100-175K, often with additional incentives.  Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

 

Application Security Architect

Skills in demand: Application Security Architect

Skills in demand: Application Security Architect

The need for Application Security experts has grown dramatically as enterprise systems become more and more complex.  While Application Security Engineers can be focused on a variety of enterprise or mobile applications, the Application Security Architect must understand how applications fit into a multi-tiered architecture.  They must consider all system vulnerabilities and their relationship to each application from design/development through implementation and maintenance.

What it takes

This is a subject matter expert with strong knowledge of IT architecture, hardware, web security, identity and access management, application firewalls, intrusion detection as well as threats and vulnerabilities.  AppSec Architects often have deep technical knowledge and hands on experience with secure code review, static analysis security testing, dynamic application security testing and strong knowledge of web development technologies.  An overall understanding of complex systems and expertise in threat/attack modeling is critical as well as the ability to interact with cross-functional teams.

Compensation
Base compensation can range from $150-200K, often with additional incentives.  Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

This was originally published in the June  2016 Issue of SCMagazine

Information Security Architects

Skills in demand: Information Security Architects

An Overview of the Role of Information Security Architects

Information Security Architects are the backbone of the design and strategy for strong information security organizations. While they can be focused in specific areas like application security or infrastructure security within very large companies, they often oversee the overall security strategy and determine delivery and implementation of security solutions. This is not only a subject matter expert with strong knowledge of many facets of information security programs, it is also a highly visible role within leadership and will often report directly into the CISO or CIO.

What it takes

Security architects often rise out of hands on engineering positions which gives them in-depth knowledge of implementation and configuration of security tools and best practices. The ability to utilize hands-on technical knowledge and translate that information into long-term security strategy is critical, as is the ability to collaborate and communicate effectively with senior leadership.

Compensation

Base compensation can range from $120K to $175K, often with additional incentives. Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

This was originally published in the March 2016 Issue of SCMagazine

Security engineer, identity management

Skills in demand: Security engineer, identity management

An Overview of the Role of Security engineer, identity management

Understanding who your users are and what, exactly, they have access to within your system is critical for any enterprise. Identity and access management (IAM) engineers must have a strong understanding of the complex work flow within a system. In these roles, business acumen is just as important as technical acumen due to the interrelationship between the technology, business needs and overall corporate policy. This is a subject matter expert with strong knowledge of IT systems architecture, web security, identity and access management, public key infrastructure (PKI), single sign on (SSO), federating identity to cloud services as well as threats and vulnerabilities.

What it takes

Solid experience in configuration, administration and troubleshooting IAM technologies along with strong communication skills and the ability to work with internal and external customers. These roles often have a strong strategic component due to the ever changing tools, corporate policies and industry specific regulations.

Compensation

Base compensation can range from $120K to $175K, often with additional incentives. Independent contract rates can be higher.

– Domini Clark, principal, Blackmere Consulting; founder and director of strategy, InfoSecConnect.com.

This was originally published in the October 2015 Issue of SCMagazine

 

incident response manager

Skills in Demand: Incident Response Manager

An Overview of the Role of Incident Response Manager

Cybersecurity incidents are on the rise around the world and the need for experienced incident response professionals is outstripping the available supply of talent. The incident response manager role is responsible for managing high-impact incidents on a large, often global, scale. Responsibilities include developing IT security incident response process, collaborating with key stakeholders and finding unique security solutions for critical vulnerabilities. This is a technical expert, an intelligence expert and someone who has the ability to influence immediate change within an organization in the midst of high pressure situations. Continue reading Skills in Demand: Incident Response Manager

information security analyst

Skills in demand: Information security analyst

Overview of the Information Security Analyst

As global organizations work to stay ahead of cyber attacks, they require information security analysts to help steer them through risk assessment, vulnerability assessment and defense planning. The role of information security analyst is growing and can provide a strong path for upward mobility.

Continue reading Skills in demand: Information security analyst