Torchora
Back to Home

Key Responsibilities and Required Skills for Information Security Administrator

💰 $75,000 - $120,000

Information SecurityCybersecurityIT

🎯 Role Definition

We are hiring an Information Security Administrator to design, deploy, monitor, and continually improve the security posture of our enterprise systems and cloud environments. This hands-on role partners with IT, engineering, and business stakeholders to implement security controls, lead incident response and remediation, manage identity and access, administer SIEM and detection tools, and ensure compliance with regulatory and internal security standards. The ideal candidate balances technical depth (SIEM, firewalls, vulnerability scanning, cloud security) with strong communication, documentation, and risk-focused decision-making.

📈 Career Progression

Typical Career Path

Entry Point From:

  • IT/System Administrator with security responsibilities
  • SOC Analyst / Security Operations Technician
  • Network Administrator or Network Security Engineer

Advancement To:

  • Senior Information Security Administrator
  • Security Engineer or Cloud Security Engineer
  • Information Security Architect
  • Information Security Manager or Head of Security Operations

Lateral Moves:

  • Compliance Analyst / Risk Analyst
  • Identity & Access Management (IAM) Engineer
  • Endpoint/EDR Engineer

Core Responsibilities

Primary Functions

  • Design, implement, and maintain enterprise security controls across on-premises and cloud platforms (AWS, Azure, GCP), ensuring controls are aligned with NIST, ISO 27001, PCI DSS, and HIPAA where applicable.
  • Operate and manage SIEM solutions (e.g., Splunk, QRadar, Azure Sentinel) for real-time log aggregation, correlation rules, alert tuning, and creation of dashboards and executive reports that drive measurable security outcomes.
  • Lead incident detection and response activities: receive alerts, validate incidents, coordinate containment and eradication actions, perform root cause analysis, and deliver post-incident reports with remediation roadmaps.
  • Administer identity and access management (IAM) systems including SSO, MFA, role-based access control, and privileged account lifecycle management, ensuring least-privilege access and automated provisioning/deprovisioning workflows.
  • Execute continuous vulnerability management: schedule and run authenticated/unauthenticated scans (Nessus, Qualys), triage findings, prioritize remediation by business risk, and track exceptions and mitigation activities to closure.
  • Configure and manage network and perimeter security devices including firewalls (Palo Alto, Fortinet, Cisco), VPNs, IDS/IPS, and web application firewalls; implement secure network segmentation and micro-segmentation strategies.
  • Maintain endpoint protection and EDR platforms (CrowdStrike, Microsoft Defender, SentinelOne): create detection rules, manage quarantine workflows, and coordinate remediation with endpoint teams.
  • Perform application and infrastructure hardening: establish and enforce secure baselines, secure configuration standards, and configuration drift control across servers, containers, and cloud services.
  • Manage cryptographic services and certificate lifecycle: issue and renew TLS certificates, manage PKI infrastructure, and ensure encryption of data at rest and in transit using industry-standard algorithms and key management practices.
  • Support cloud security operations: implement CSPM/CWPP controls, enforce IaC security checks, secure cloud workloads and identities, and monitor cloud-native logs and alerts for suspicious activity.
  • Run regular security assessments, technical risk assessments, and threat modeling for new projects or major changes, producing prioritized remediation plans that map to business impact.
  • Develop, test, and maintain incident playbooks and run tabletop exercises with cross-functional teams to validate and improve incident response, business continuity, and disaster recovery processes.
  • Monitor, analyze, and escalate security telemetry from application logs, endpoint events, network flows, and cloud audit trails to detect suspicious behaviors and lateral movement.
  • Coordinate and manage third-party security assessments, vendor risk reviews, penetration tests, and remediation plans; validate proof of remediation and maintain vendor security documentation.
  • Administer DLP, email security (proofpoint/secure email gateways), and data classification tools to reduce data exfiltration risk and enforce handling policies for sensitive information.
  • Maintain compliance artifacts and evidence for audits (internal and external), support audit requests, and work with compliance and legal teams to address control gaps and remediation timelines.
  • Automate routine security tasks and workflows using scripts (Python, PowerShell, Bash) and orchestration tools to accelerate incident response, onboarding/offboarding, and configuration management.
  • Tune alerting thresholds, reduce false positives, and measure SOC effectiveness using metrics (MTTR, MTTD, mean time to containment) and service-level agreements for security operations.
  • Create and maintain clear, audience-appropriate documentation: runbooks, SOPs, security standards, risk registers, and monthly/quarterly executive-level security metrics and status reports.
  • Manage secure change control for security appliances and configurations, validate changes in test environments, and coordinate deployment while communicating risk and rollback plans to stakeholders.
  • Coordinate with application development teams to integrate secure development lifecycle practices, review container and cloud deployment security, and perform code-dependency scanning for vulnerabilities.
  • Perform forensic collection and evidence preservation during investigations while working with legal counsel, HR, and law enforcement as required to support incident escalation and potential legal actions.
  • Oversee the lifecycle and monitoring of privileged access solutions (PAM), ensuring session recording, approval workflows, and periodic access reviews are completed and audited.
  • Establish and deliver security awareness training programs and phishing simulation initiatives to reduce human risk, measure campaign outcomes, and iterate on training content and cadence.
  • Implement and maintain monitoring for regulatory controls and technical requirements (e.g., PCI-DSS segmenting, HIPAA technical safeguards), and translate audit findings into prioritized remediation projects.

Secondary Functions

  • Partner with product, DevOps, and infrastructure teams to translate security requirements into secure architecture, CI/CD pipeline checks, and deployment guardrails.
  • Provide subject matter expertise to procurement and vendor management during security reviews, contract negotiations, and SLA discussions.
  • Support ad-hoc security requests from business units, such as risk assessments for mergers & acquisitions or new vendor integrations.
  • Assist in budgeting and planning for security investments including tooling, managed detection and response, and professional services for assessments and remediation.
  • Mentor junior security staff and SOC analysts, provide training, and contribute to hiring and interview processes to grow security capability.
  • Maintain an inventory of security tools and licenses, evaluate new tools, and recommend replacements or consolidation to reduce tooling sprawl and cost.

Required Skills & Competencies

Hard Skills (Technical)

  • SIEM administration and tuning (Splunk, QRadar, Elastic SIEM, Azure Sentinel): log ingestion, correlation, alerting, dashboards.
  • Incident response and digital forensics: triage, containment, evidence preservation, root-cause analysis, playbook development.
  • Vulnerability management and remediation workflows using tools like Nessus, Qualys, Rapid7, or open-source scanners.
  • Identity and access management (Okta, Azure AD, Active Directory, SAML, OAuth, MFA): RBAC, provisioning/deprovisioning, privileged access controls.
  • Network security & perimeter devices: firewalls (Palo Alto, Fortinet, Cisco), IDS/IPS (Snort, Suricata), secure VPNs and segmentation.
  • Endpoint security & EDR platforms (CrowdStrike, Microsoft Defender, SentinelOne) and endpoint patch management strategies.
  • Cloud security fundamentals and tooling (AWS IAM, Azure AD, GCP IAM, CSPM/CWPP, CloudTrail, CloudWatch, GuardDuty, Security Center).
  • Scripting and automation (Python, PowerShell, Bash) for log parsing, alert enrichment, orchestration, and remediation tasks.
  • Encryption, PKI, certificate lifecycle management, and secure key management practices.
  • Compliance frameworks and audit readiness: NIST CSF, NIST 800-53, ISO 27001, PCI DSS, HIPAA, GDPR requirements mapping.
  • DLP, email security, and data classification tool administration and tuning.
  • Security architecture and secure configuration baselines for servers, containers, network devices, and cloud infrastructure.
  • Penetration testing lifecycle coordination and remediation validation; familiarity with common tooling and methodologies.
  • Experience with PAM solutions (CyberArk, BeyondTrust) and secure remote access controls.

Soft Skills

  • Strong written and verbal communication: produce clear incident reports, executive summaries, and technical runbooks.
  • Analytical and investigative mindset with attention to detail and an evidence-based approach to incident validation and remediation.
  • Collaboration and stakeholder management: able to work across IT, engineering, legal, and business teams to drive security outcomes.
  • Prioritization and time management in a fast-paced environment with competing operational and project demands.
  • Problem-solving orientation and ability to operationalize policy into repeatable technical controls and automation.
  • Discretion and professionalism when handling sensitive security incidents and confidential data.
  • Training and mentoring aptitude to upskill SOC analysts, administrators, and cross-functional partners.
  • Adaptability and continuous learning mindset given evolving threats, technologies, and regulatory landscape.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology, or equivalent practical experience.

Preferred Education:

  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or related field.
  • Relevant professional certifications such as CISSP, CISM, CompTIA Security+, CEH, GCIH, or GIAC variants (GCIA, GSEC).

Relevant Fields of Study:

  • Computer Science
  • Cybersecurity / Information Security
  • Information Systems / Information Technology
  • Network Engineering / Electrical Engineering

Experience Requirements

Typical Experience Range:

  • 3–7 years of progressive experience in information security, security operations, or network/system administration with security responsibilities.

Preferred:

  • 5+ years in security operations or administering enterprise security controls, with demonstrable experience managing SIEM, incident response, vulnerability management, IAM, and cloud security.
  • Prior experience in a SOC environment or as an analyst with hands-on incident response and forensics.
  • Proven track record supporting regulatory compliance programs and participating in external audits.
  • Experience working in cross-functional environments, supporting DevOps/Cloud teams, and automating security processes via scripting and orchestration.
Explore More Careers