Torchora
Back to Home

Key Responsibilities and Required Skills for IT Security Administrator

💰 $70,000 - $115,000

ITSecurityCybersecurityOperations

🎯 Role Definition

The IT Security Administrator is responsible for the implementation, configuration, monitoring, and ongoing administration of the organization's security infrastructure. This hands-on role focuses on protecting systems, networks, endpoints, and cloud services through proactive vulnerability management, log analysis, access controls, and incident response. The IT Security Administrator works closely with IT operations, engineering, compliance, and business stakeholders to reduce risk, enforce security policies, and maintain regulatory compliance (e.g., NIST, ISO 27001, PCI DSS).

📈 Career Progression

Typical Career Path

Entry Point From:

  • IT Support Technician / Desktop Support
  • Network Administrator or Systems Administrator
  • Junior Security Analyst / SOC Tier 1 Analyst

Advancement To:

  • Senior IT Security Administrator
  • Security Engineer / Security Architect
  • SOC Manager or Incident Response Lead
  • Cloud Security Engineer or Compliance Manager

Lateral Moves:

  • Network Security Engineer
  • Identity and Access Management (IAM) Specialist
  • Compliance / Risk Analyst
  • Cloud Operations / DevSecOps Engineer

Core Responsibilities

Primary Functions

  • Design, deploy, and maintain network and host-based security controls including firewalls, next-generation firewalls (NGFW), IDS/IPS, VPNs, and web application firewalls to protect corporate networks and cloud environments.
  • Administer, tune, and maintain the Security Information and Event Management (SIEM) system (e.g., Splunk, QRadar, Sentinel) to ensure reliable log collection, parsing, alerting, and forensic searchability.
  • Perform continuous vulnerability management by scheduling and running vulnerability scans, triaging results, coordinating remediation with infrastructure teams, and tracking risk acceptance or mitigation plans.
  • Lead incident detection and response activities: validate alerts, perform containment and eradication steps, coordinate cross-team remediation, and document post-incident reports and lessons learned.
  • Implement and manage endpoint protection platforms (EPP/EDR) across Windows, macOS, and Linux systems; investigate alerts and coordinate endpoint isolation and remediation.
  • Configure and enforce Identity and Access Management (IAM) policies including least privilege access, role-based access controls (RBAC), multifactor authentication (MFA), privileged access management (PAM), and periodic access reviews.
  • Develop, update, and enforce security policies, standards, and procedures in alignment with regulatory and industry frameworks (NIST CSF, ISO 27001, CIS Controls, PCI DSS).
  • Conduct network and host-level hardening by maintaining secure baseline images, patch management processes, and automated configuration management (Ansible, Chef, or similar).
  • Perform proactive threat hunting using threat intelligence feeds, IOC feeds, and endpoint telemetry to uncover stealthy or targeted attacks.
  • Maintain encryption and key management services (PKI, TLS/SSL certificate lifecycle) to ensure data-in-transit and data-at-rest protections across applications and infrastructure.
  • Manage cloud security posture for IaaS/PaaS services (AWS, Azure, GCP): implement security groups, IAM roles, CloudTrail/CloudWatch logs, and cloud-native security controls and automation.
  • Build and maintain dashboards, reports, and KPIs that communicate security posture to technical teams, leadership, and auditors.
  • Conduct risk assessments (technical and procedural) for new projects, third-party integrations, and major system changes to identify security gaps and remediation actions.
  • Perform secure configuration and administration of email security solutions (SPF, DKIM, DMARC, anti-phishing tools) and DLP controls to reduce risk of data exfiltration.
  • Participate in patch management lifecycle: evaluate criticality, test updates in lab environments, schedule deployments and verify successful remediation across endpoints and servers.
  • Coordinate penetration tests and red-team exercises with external vendors; validate findings, prioritize remediation, and drive closure of high-risk items.
  • Support application security by reviewing architecture for security weaknesses, coordinating with developers on secure coding practices, and integrating SAST/DAST outputs into remediation workflows.
  • Maintain inventory and asset classification for all systems and services; ensure security tagging, criticality rating, and appropriate monitoring/controls based on sensitivity.
  • Configure and manage network segmentation, micro-segmentation, and secure VLANs to reduce attack surface and lateral movement risk.
  • Keep systems and controls documented: runbooks, run-through incident simulation procedures, and standard operating procedures for containment and recovery.
  • Ensure backup and disaster recovery solutions align with security requirements; validate encryption of backups and test restores as part of business continuity planning.
  • Stay current on emerging threats, attacker techniques, and security tooling; recommend and implement improvements to the security stack and operational playbooks.

Secondary Functions

  • Provide subject matter expertise to project teams and business units during architecture design and procurement to ensure security is built into solutions from the start.
  • Conduct security awareness briefings and collaborate with HR to support phishing simulation and end-user education programs.
  • Support security audits and compliance assessments by preparing evidence, participating in control walkthroughs, and remediating auditor findings.
  • Maintain vendor relationships for security products and manage licenses, renewals, and escalations with vendors and MSPs.
  • Assist with secure onboarding and offboarding processes to ensure access revocation and asset reclamation are completed in accordance with policy.
  • Contribute to security automation initiatives—script routine tasks (PowerShell, Python, Bash) and integrate tooling via APIs to reduce manual toil and accelerate incident response.
  • Support forensic collection and chain-of-custody activities when investigations require detailed evidence preservation and analysis.
  • Participate in cross-functional agile ceremonies for security-focused projects, provide estimations, and support sprint goals related to security remediation and enhancements.

Required Skills & Competencies

Hard Skills (Technical)

  • Strong hands-on experience with SIEM administration and alert engineering (e.g., Splunk, IBM QRadar, Microsoft Sentinel): ingestion, use-case creation, correlation rules, and performance tuning.
  • Firewall and NGFW administration experience (Palo Alto, Cisco ASA/Firepower, Fortinet, Check Point): rule creation, NAT, VPN, and high-availability configuration.
  • Endpoint protection and EDR administration (CrowdStrike, Carbon Black, Microsoft Defender ATP): deployment, policy configuration, and threat response.
  • Vulnerability scanning and remediation workflows using tools such as Nessus, Qualys, Rapid7, or OpenVAS and ability to interpret CVSS, remediation timelines, and exceptions.
  • Incident response and digital forensics fundamentals: IOC triage, host and network forensics, memory analysis, and evidence preservation.
  • Identity and access management (Azure AD, Okta, Active Directory) including MFA, SSO, RBAC, and privileged account management.
  • Cloud security knowledge (AWS, Azure, GCP): cloud-native logging, security posture management, IAM, and secure network design.
  • Scripting and automation (PowerShell, Python, Bash) to automate repetitive security tasks, log parsing, and remediation playbooks.
  • Security frameworks and compliance knowledge (NIST, ISO 27001, CIS Controls, PCI DSS, GDPR) and evidence preparation for audits.
  • Network security fundamentals (TCP/IP, routing, VLANs, IDS/IPS) and experience with packet capture and analysis (Wireshark, tcpdump).
  • Application security basics: SAST/DAST tool familiarity, secure coding concepts, and remediation guidance for common vulnerabilities (OWASP Top 10).
  • Certificate management and PKI experience including TLS configuration, certificate lifecycle, and trust chain validation.
  • Data loss prevention (DLP) and email security configuration and tuning (proofpoint, Mimecast, Microsoft Defender for Office 365).
  • Log management and retention planning, including efficient storage, indexing, and searchability of security logs.

Soft Skills

  • Strong analytical and problem-solving skills with the ability to triage complex security incidents under pressure.
  • Clear, concise communication and the ability to explain technical security concepts to non-technical stakeholders and leadership.
  • Collaborative team player who partners with engineering, operations, and business units to drive security improvements.
  • Time management and prioritization skills; able to manage multiple security projects, incidents, and requests simultaneously.
  • Attention to detail and a methodical approach to documentation, runbooks, and compliance evidence preparation.
  • Curiosity and continuous-learning mindset to stay ahead of threat actor techniques and new security tools.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or equivalent work experience and technical certifications.

Preferred Education:

  • Master's degree in Cybersecurity, Information Assurance, or related technical field.
  • Advanced certifications such as CISSP, CISM, or GIAC are highly desirable.

Relevant Fields of Study:

  • Computer Science
  • Cybersecurity / Information Security
  • Information Systems / IT Management
  • Network Engineering

Experience Requirements

Typical Experience Range: 3 – 7 years of combined systems, network, and security experience with at least 2 years focused on security administration, SIEM, or incident response.

Preferred:

  • 5+ years of progressive experience in IT Security or SOC environments.
  • Hands-on experience administering SIEM platforms, enterprise firewalls, EDR solutions, and cloud security controls.
  • Demonstrated experience responding to security incidents, conducting root cause analysis, and implementing long-term mitigations.
  • Relevant certifications: CompTIA Security+, CEH, CISSP, CISM, GCIA, GCIH, or equivalent.
  • Experience working in regulated industries (finance, healthcare, government) and supporting audit/compliance requirements.
Explore More Careers