Torchora
Back to Home

Key Responsibilities and Required Skills for Information Security Technician

💰 $ - $

Information SecurityCybersecurityIT

🎯 Role Definition

An Information Security Technician is a hands-on cybersecurity practitioner responsible for protecting an organization's information systems, networks, endpoints, and cloud resources. This role focuses on day-to-day security operations including monitoring, incident response, vulnerability management, security tool administration (SIEM, EDR, firewalls), access control, and implementing security best practices to reduce risk and ensure compliance. The Information Security Technician works closely with IT, DevOps, compliance, and business teams to detect, analyze, and remediate security events while documenting activities and contributing to continuous improvement of the security posture.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Desktop Support / IT Support Technician with security responsibilities
  • Network Administrator or Systems Administrator with security-focused tasks
  • Junior SOC Analyst or Jr. Security Operations Technician

Advancement To:

  • Security Analyst / SOC Analyst II
  • Vulnerability Management Analyst or Endpoint Security Engineer
  • Information Security Engineer / Cybersecurity Engineer

Lateral Moves:

  • Compliance Analyst / IT Auditor
  • Cloud Security Technician
  • Identity & Access Management (IAM) Specialist

Core Responsibilities

Primary Functions

  • Monitor security alerts and logs across SIEM, EDR, firewall, and IDS/IPS platforms; triage, investigate, and escalate incidents according to playbooks to minimize impact and meet SLA targets.
  • Conduct first-line incident response including containment, eradication, recovery, and post-incident documentation; coordinate with IT operations to ensure timely remediation and service restoration.
  • Perform routine vulnerability scans on networks, servers, endpoints, and cloud workloads; validate findings, prioritize remediation by risk, and track remediation with stakeholders until closure.
  • Manage endpoint protection solutions (anti-malware, EDR/XDR) by deploying agents, tuning detection rules, investigating alerts, and applying updates to reduce false positives and increase detection fidelity.
  • Configure, maintain, and troubleshoot firewalls, VPN concentrators, web proxies, and network access controls to enforce secure connectivity and segmentation requirements.
  • Administer identity and access controls including provisioning/deprovisioning, password resets, privileged access reviews, and multi-factor authentication (MFA) onboarding, ensuring least privilege is enforced.
  • Perform log collection, normalization, and enrichment tasks; build and refine SIEM correlation rules, dashboards, and reports to improve situational awareness and detection coverage.
  • Execute security configuration audits of Windows, Linux, macOS, network devices, and cloud resources to ensure adherence to hardening baselines (CIS, STIGs) and implement remediation where gaps are found.
  • Support threat hunting activities by researching indicators of compromise (IOCs), applying threat intelligence feeds, and running targeted queries across telemetry sources to identify stealthy adversary activity.
  • Assist in forensic data collection and chain-of-custody procedures for compromised systems, preserving evidence, capturing volatile artifacts, and collaborating with senior security engineers or external forensics teams.
  • Participate in patch management by coordinating security patch testing and deployment, verifying successful patch application, and reporting on patch compliance metrics.
  • Implement and maintain security monitoring integrations for cloud platforms (AWS, Azure, GCP) and SaaS applications; ensure cloud logs, flow data, and configuration drift are visible to security teams.
  • Conduct security awareness support tasks such as creating or distributing phishing tests, compiling user training reports, and helping remediate user-reported security incidents.
  • Execute configuration management and change control for security appliances and services, documenting changes, and participating in scheduled maintenance windows to reduce service disruption.
  • Perform network traffic analysis and packet captures when investigating suspicious network behavior, providing technical summaries and recommendations to engineers and management.
  • Maintain and update security documentation including runbooks, incident response playbooks, architectural diagrams, and standard operating procedures to support repeatable and auditable processes.
  • Support compliance evidence collection and remediation activities for standards such as PCI DSS, HIPAA, ISO 27001, and NIST frameworks; prepare artifacts and assist auditors during reviews.
  • Assist in the deployment and tuning of Data Loss Prevention (DLP) and email security gateways to prevent data exfiltration and reduce phishing risk.
  • Manage and rotate cryptographic keys, certificates, and PKI components; troubleshoot TLS/SSL issues and coordinate certificate renewal workflows to avoid service outages.
  • Participate in security projects such as secure configuration rollouts, segmentation initiatives, security tool deployments, and testing of security controls in development and production environments.
  • Maintain inventory of security systems, licenses, and asset security status; track lifecycle and support renewal planning for critical security tooling.
  • Provide end-user security support and remediation guidance for compromised accounts, suspicious emails, and device hygiene to reduce repeat incidents and improve organizational security posture.
  • Collaborate with cross-functional teams during onboarding of third-party vendors, evaluating their security posture, and ensuring contractual and technical controls are in place for data protection.

Secondary Functions

  • Assist in compiling and analyzing security metrics and KPIs for leadership reporting, including incident volume, mean time to detect/respond, and vulnerability remediation rates.
  • Support continuous improvement efforts by proposing automation and orchestration improvements (SOAR playbooks) to reduce manual tasks and accelerate response.
  • Help maintain a threat intelligence repository by ingesting external feeds, tagging IOCs, and sharing relevant context with the SOC and engineering teams.
  • Engage in periodic tabletop exercises and simulated incident drills to validate response processes and identify gaps in people, process, and technology.
  • Provide technical input for security requirements during procurement, vendor evaluations, and contract reviews to ensure security-by-design.
  • Mentor junior IT staff on security best practices, secure configuration standards, and basic incident identification to build overall security awareness in IT operations.

Required Skills & Competencies

Hard Skills (Technical)

  • Security information and event management (SIEM) administration and rule development (e.g., Splunk, IBM QRadar, Microsoft Sentinel).
  • Endpoint detection and response (EDR/XDR) tools experience (e.g., CrowdStrike, Carbon Black, Microsoft Defender ATP, SentinelOne).
  • Network security device configuration and troubleshooting: firewalls (Palo Alto, Cisco ASA/Firepower, Fortinet), VPNs, and IDS/IPS.
  • Vulnerability scanning and management tools (e.g., Nessus, Qualys, Rapid7) and remediation prioritization workflows.
  • Incident response fundamentals, forensic collection tools, and evidence handling (Volatility, FTK Imager, OSQuery).
  • Familiarity with cloud security concepts and tooling for AWS, Azure, or GCP (CloudTrail, GuardDuty, Azure Sentinel, Security Center).
  • Identity and access management (IAM), SSO, and MFA configuration experience (Okta, Azure AD, LDAP).
  • Knowledge of scripting or automation (PowerShell, Python, Bash) for task automation, remediation, and log parsing.
  • Security frameworks and compliance knowledge (NIST CSF, ISO 27001, PCI DSS, HIPAA) and ability to map controls to technical implementations.
  • Email security and anti-phishing technologies (Proofpoint, Mimecast, Office 365 Security).
  • DLP, data classification, and encryption technologies understanding; TLS/SSL and PKI lifecycle management.
  • Basic operating system administration and hardening for Windows, Linux, and macOS environments.
  • SIEM log ingestion, parsing, normalization, and dashboard creation; ability to write efficient queries and correlation rules.
  • Familiarity with container and orchestration platform security basics (Docker, Kubernetes) and associated logging/monitoring.
  • Experience with vulnerability remediation tracking systems, ticketing integration (JIRA, ServiceNow), and patch management tools.

Soft Skills

  • Analytical mindset with strong problem-solving skills to triage complex security incidents under pressure.
  • Clear and concise written and verbal communication for documenting incidents, producing reports, and briefing stakeholders.
  • Team-oriented collaborator who partners with IT, DevOps, and business teams to implement security controls without impeding delivery.
  • Attention to detail and disciplined approach to following security processes, change control, and audit requirements.
  • Time management and prioritization skills to handle competing incidents, maintenance tasks, and project work.
  • Continuous learner mentality to keep pace with evolving threats, tools, and security best practices.
  • Customer-service orientation when supporting internal users and helping non-technical staff remediate security issues.
  • Ability to explain technical risks and mitigation options in business terms for non-technical audiences.

Education & Experience

Educational Background

Minimum Education:

  • Associate degree in Information Technology, Computer Science, Cybersecurity, or equivalent hands-on experience.

Preferred Education:

  • Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field.

Relevant Fields of Study:

  • Information Security / Cybersecurity
  • Computer Science or Software Engineering
  • Network Engineering / Telecommunications
  • Information Systems / IT Management

Experience Requirements

Typical Experience Range:

  • 1–4 years of hands-on information security, SOC, or systems/network administration experience with security responsibilities.

Preferred:

  • 3+ years in security operations, incident response, or vulnerability management; demonstrable experience with SIEM/EDR tools and cloud security controls.
  • Certifications such as CompTIA Security+, CEH, SSCP, GIAC GCP/Cloud, or Microsoft/AWS cloud security certs are a plus.
Explore More Careers