Torchora
Back to Home

Key Responsibilities and Required Skills for Information Security Specialist

💰 $85,000 - $140,000

Information SecurityCybersecurityIT

🎯 Role Definition

The Information Security Specialist is a hands-on cybersecurity professional responsible for protecting enterprise information assets by designing, implementing and maintaining security controls, detecting and responding to threats, conducting risk assessments, and ensuring compliance with internal policies and external regulations. This role combines monitoring and incident response (SOC interaction), vulnerability management, application and cloud security, identity and access management (IAM), and security policy governance. The ideal candidate has practical experience with SIEM platforms, endpoint detection and response (EDR), vulnerability scanners, cloud security best practices (AWS/Azure/GCP), and frameworks such as NIST CSF, ISO 27001 and CIS Controls.

This job description is written to be ATS- and LLM-friendly with clear, keyword-rich responsibilities and skills to improve search and matching performance.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Security Analyst (SOC Analyst) transitioning to a broader security role
  • Network or Systems Administrator with security specialization
  • Cloud Engineer or DevOps professional focused on secure deployments

Advancement To:

  • Information Security Manager / Cybersecurity Manager
  • Security Architect or Cloud Security Architect
  • Senior Cybersecurity Engineer / Threat Intelligence Lead
  • Head of Information Security or Chief Information Security Officer (CISO)

Lateral Moves:

  • Compliance/GRC Analyst (PCI, HIPAA, GDPR)
  • Penetration Tester / Red Team Engineer
  • Cloud Security Engineer or DevSecOps Engineer

Core Responsibilities

Primary Functions

  • Lead detection and response activities across on-premises, hybrid, and cloud environments by managing alerts from SIEM platforms (Splunk, QRadar, Azure Sentinel), triaging incidents, performing root cause analysis, and executing containment and remediation steps to minimize business impact.
  • Design, implement and tune SIEM use cases and correlation rules to improve fidelity and reduce false positives; develop dashboards, runbooks, and automated playbooks for repeatable incident response workflows.
  • Conduct thorough vulnerability management lifecycle: schedule and run authenticated and unauthenticated scans (Qualys, Nessus), validate findings, prioritize risk based on asset criticality and threat context, coordinate remediation with IT teams, and verify fixes.
  • Perform threat hunting and proactive threat modeling using telemetry from endpoint detection (CrowdStrike, Carbon Black), network sensors, and cloud logs to identify stealthy adversary behavior and emerging attack patterns.
  • Execute digital forensics and malware analysis when incidents require investigation: collect volatile and persistent artifacts, preserve chain-of-custody, analyze binaries and scripts, and produce technical investigation reports for stakeholders.
  • Manage identity and access management (IAM) operations for provisioning, role-based access control (RBAC), SSO (SAML/OAuth), multifactor authentication (MFA) rollout and privileged access management (PAM) solutions to enforce least-privilege across systems.
  • Design, review, and enforce security architecture and secure configuration standards for endpoints, servers, network devices, containers and cloud services; participate in architecture reviews and change control to approve secure designs.
  • Lead cloud security assessments and implement cloud-native security controls (AWS Security Hub, Azure Defender, GCP Security Command Center); harden cloud workloads, manage IAM roles, secure S3/GCS buckets, and apply infrastructure-as-code security checks.
  • Run security assessments for applications and APIs including static and dynamic application security testing (SAST/DAST), dependency scanning, and secure code review support for development teams; help operationalize DevSecOps pipelines.
  • Develop, maintain, and communicate security policies, standards, procedures and guidelines that align with business goals and compliance requirements (NIST, ISO 27001, PCI DSS, HIPAA, GDPR).
  • Coordinate and support internal and external audits, regulatory assessments and compliance attestations; prepare evidence, remediate audit findings, and implement continuous improvement to meet audit requirements.
  • Manage endpoint security solutions including EDR, anti-virus/antimalware, host-based firewalls, and application control to detect and prevent compromise and lateral movement.
  • Configure, manage and optimize network security devices (next-gen firewalls, IDS/IPS, VPN concentrators) and collaborate with network teams to implement segmentation and traffic inspection strategies.
  • Perform third-party security risk assessments and vendor due diligence; evaluate supply chain security posture, review SOC 2 or ISO reports, and manage remediation of vendor-related security issues.
  • Maintain and report on security metrics and KPIs (mean time to detect/respond, patch cycle times, vulnerability remediation rates) to inform executive leadership and support data-driven security investments.
  • Implement data protection controls including encryption, key management, data loss prevention (DLP) policy enforcement and classification to protect sensitive and regulated information in transit and at rest.
  • Lead security awareness and phishing simulation programs to raise organizational security posture, measure user risk, and reduce successful social engineering attacks.
  • Build and maintain disaster recovery and business continuity plans related to security incidents; coordinate tabletop exercises and post-incident reviews to strengthen operational resilience.
  • Advise product and engineering teams on secure design patterns, threat models and risk trade-offs during product development and deployment lifecycles.
  • Manage patch management and configuration baselines for operating systems and third-party software, liaising with IT operations to prioritize high-risk fixes and verify deployment success.
  • Create detailed incident reports, executive summaries, and after-action reviews; communicate technical and business impact to stakeholders and recommend preventive controls.
  • Maintain and refine security runbooks, SOPs and automation scripts (PowerShell, Python) to accelerate detection, containment and recovery tasks.
  • Evaluate and implement emerging security tools and technologies; run proof-of-concepts, provide cost/benefit analysis, and operationalize vendor solutions when aligned to security roadmap priorities.
  • Participate in cross-functional risk reviews for major projects (M&A, cloud migrations) to ensure security requirements are embedded into project plans and deliverables.
  • Mentor junior security staff, provide hands-on training and establish best practices to grow team capabilities and institutional knowledge.

Secondary Functions

  • Provide timely support for compliance documentation requests and participate in evidence gathering for audits, certification renewals and regulatory inquiries.
  • Contribute to the organization's security strategy and roadmap by identifying gaps, recommending investments, and aligning priorities with business objectives.
  • Assist in creating and delivering security awareness content for new hire onboarding, executive briefings and developer training programs.
  • Collaborate with incident response and SOC teams during peak events and escalations; act as subject-matter expert for complex investigations.
  • Support cross-functional projects (cloud onboarding, application rollouts, network upgrades) by reviewing security requirements, performing risk assessments, and approving controls.
  • Maintain accurate asset inventories and data classification registries in coordination with IT asset management and data owners.
  • Help automate repetitive security tasks (log ingestion, alert triage, remediation workflows) to reduce manual effort and improve accuracy.
  • Engage with external partners, managed security service providers (MSSPs), and law enforcement when required to coordinate investigations or threat intelligence sharing.

Required Skills & Competencies

Hard Skills (Technical)

  • SIEM administration and use case development (Splunk, Elastic, QRadar, Azure Sentinel) — log ingestion, parsing, correlation, dashboarding and alert tuning.
  • Endpoint Detection & Response (EDR) management (CrowdStrike, Carbon Black, Microsoft Defender ATP) and incident containment techniques.
  • Vulnerability scanning and remediation workflows using tools like Qualys, Nessus, Rapid7, and remediation verification.
  • Network security: next-generation firewalls (Palo Alto, Cisco), IDS/IPS, VPNs, network segmentation and packet-level analysis.
  • Cloud security expertise (AWS/Azure/GCP): secure cloud configurations, IAM, CloudTrail/CloudWatch logs, and container security.
  • Identity and Access Management (IAM), SSO (SAML, OIDC), MFA implementation, and privileged access management (PAM) systems.
  • Digital forensics and incident response (DFIR): evidence collection, volatile memory analysis, and forensic tool usage.
  • Application security fundamentals: SAST/DAST tools, OWASP Top 10, secure SDLC practices and threat modeling.
  • Scripting and automation: Python, PowerShell, Bash for automation of detection, response and reporting tasks.
  • Configuration management and patching systems (SCCM, WSUS, Ansible) and secure baseline deployment.
  • Data protection: encryption, key management, DLP solutions and data classification controls.
  • Regulatory and framework knowledge: NIST CSF/800-53, ISO 27001, PCI DSS, HIPAA, GDPR compliance requirements.
  • Threat intelligence integration: STIX/TAXII, CTI feeds, and tactical use of intel to prioritize defenses.
  • Security orchestration, automation and response (SOAR) platforms design and playbook development.
  • Penetration testing fundamentals and familiarity with offensive toolsets to interpret findings and validate remediation.
  • Logging and monitoring of cloud-native services and containers (Kubernetes, Docker) and service mesh security concepts.
  • Business continuity, disaster recovery planning, and tabletop exercise facilitation.
  • Experience with security governance tools and GRC platforms for tracking controls and remediations.

Soft Skills

  • Strong analytical mindset with a methodical approach to complex incident investigations and risk analysis.
  • Clear, concise communication skills for technical and non-technical stakeholders, including C-suite briefings and audit interactions.
  • Collaborative team player who can partner with engineering, operations, legal and compliance to drive security outcomes.
  • Proactive, improvement-oriented mindset with the ability to prioritize work under pressure and during major incidents.
  • High attention to detail and documentation discipline when producing runbooks, reports and evidence for audits.
  • Coaching and mentoring ability to upskill junior staff and evangelize security best practices across the organization.
  • Ethical judgment, integrity and professionalism when handling sensitive data and investigative findings.
  • Project management and stakeholder management skills to lead security initiatives through to completion.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor’s degree in Computer Science, Information Security, Information Technology, Cybersecurity, or related technical field OR equivalent practical experience in security operations, engineering or architecture.

Preferred Education:

  • Master’s degree in Cybersecurity, Information Assurance, Computer Science, or MBA with cyber concentration.
  • Professional certifications such as CISSP, CISM, CEH, GCIA, GCIH, CRISC, or cloud certs (AWS Security Specialty, Azure Security Engineer).

Relevant Fields of Study:

  • Cybersecurity / Information Assurance
  • Computer Science / Software Engineering
  • Information Technology / Network Engineering
  • Criminal Justice with digital forensics focus
  • Risk Management / Compliance

Experience Requirements

Typical Experience Range: 3–7 years of progressive experience in information security, SOC, incident response, vulnerability management, or security engineering.

Preferred:

  • 5+ years operating in enterprise security roles with hands-on experience managing incidents, leading vulnerability programs, securing cloud environments and supporting compliance audits.
  • Demonstrated experience with SIEM, EDR, vulnerability scanners, cloud platforms, and scripting/automation for security use cases.
Explore More Careers