Torchora
Back to Home

Key Responsibilities and Required Skills for IT Security Services Specialist

💰 $80,000 - $140,000

IT SecurityCybersecurityInformation TechnologySecurity Operations

🎯 Role Definition

The IT Security Services Specialist designs, deploys, operates and optimizes security services and tooling to detect, respond to, and prevent cyber threats. This role partners with network, systems, cloud and application teams to ensure secure configurations, automate repeatable protections, drive incident investigations, and maintain compliance with regulatory and internal security standards. The Specialist is expected to translate threat intelligence into actionable detection rules, manage vulnerability lifecycles, lead platform integrations, and provide operational guidance to SOC analysts and engineering teams.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Security Analyst / SOC Analyst with experience in alert triage, investigations, and SIEM use.
  • Systems Administrator or Network Administrator who has taken on security-focused responsibilities (firewalls, IDS/IPS).
  • Cloud Engineer or DevOps Engineer with an emphasis on cloud security and automation.

Advancement To:

  • Senior Security Engineer / Security Architect (design and lead enterprise security initiatives).
  • SOC Manager / Incident Response Manager (lead operational teams and strategy).
  • Information Security Manager / Head of Security Operations (oversee program-level security functions).

Lateral Moves:

  • Cloud Security Engineer
  • DevSecOps Engineer
  • Compliance / Risk Analyst

Core Responsibilities

Primary Functions

  • Lead the implementation, tuning, and maintenance of SIEM and log management solutions (deployment, ingestion, parsers, normalization, alert tuning, use-case coverage and content lifecycle).
  • Design, deploy and operate endpoint protection and EDR solutions including policy design, detection rule creation, automated response playbooks, and forensic data collection for investigations.
  • Conduct incident detection and response activities: initial triage, containment, root cause analysis, full investigation, and remediation coordination while documenting timelines and actions in the incident management platform.
  • Manage vulnerability scanning and remediation programs: schedule regular scans (authenticated and unauthenticated), validate findings, prioritize remediation with asset owners, and verify fixes to reduce exposure windows.
  • Develop, test and maintain security monitoring detections and telemetry across OS, network, cloud and application layers using MITRE ATT&CK mapping to ensure high-fidelity alerts and measurable coverage.
  • Configure and manage identity and access management (IAM) platforms: enforce least-privilege models, administer role-based access control, perform access reviews, and troubleshoot SSO/SAML/OAuth issues.
  • Implement and maintain cloud security controls in AWS/Azure/GCP including CSPM/CWPP tooling, cloud-native logging (CloudTrail, Azure Monitor), network segmentation, security groups and secure IAM policies.
  • Harden servers, network devices and cloud resources by applying secure configuration baselines, Group Policy, CIS benchmarks, and automated compliance checks to reduce attack surface.
  • Integrate threat intelligence feeds into security tooling to enable proactive detection, IOC blocking, and enrichment of alerts for faster analyst triage and response.
  • Build and maintain automation (PowerShell, Python, Infrastructure as Code) to streamline repetitive security tasks such as alert enrichment, remediation orchestration, and configuration drift detection.
  • Evaluate, onboard and manage third-party managed security service providers (MSSPs), threat intelligence vendors, and security tool vendors; define SLAs and continuously measure vendor performance.
  • Implement security logging and monitoring standards, ensure accurate time synchronization, log retention and secure storage for forensic readiness and compliance requirements.
  • Maintain and update playbooks and runbooks for common incident types; conduct tabletop and technical exercises to validate detection and response capabilities across teams.
  • Perform security assessments including penetration testing coordination, application security reviews, network architecture reviews and remediation tracking with engineering teams.
  • Work with patch management and change control teams to prioritize and verify security patch deployment across servers, endpoints and network devices, minimizing risk while maintaining operational stability.
  • Provide subject matter expertise and technical guidance to engineering teams to implement secure design patterns, encryption, key management and secure API integrations.
  • Operate and tune network security controls such as firewalls, IDS/IPS, web proxies and URL filtering to enforce policy and reduce exposure to web-borne threats.
  • Maintain and report on security metrics and KPIs (MTTR for incidents, detection coverage, vulnerability remediation timelines, false positive rates) to leadership and stakeholders.
  • Ensure compliance with regulatory and industry frameworks (PCI-DSS, HIPAA, SOX, GDPR) by supporting audits, providing evidence, and remediating control gaps.
  • Lead root cause analysis and post-incident reviews; identify systemic improvements, implement corrective actions and monitor effectiveness to prevent recurrence.
  • Provide on-call support for escalated security incidents, coordinate cross-functional response, and maintain communication with senior stakeholders during critical events.
  • Design and implement secure backup, encryption, and disaster recovery procedures for critical systems to ensure confidentiality, integrity and availability throughout incident scenarios.
  • Collaborate with the security awareness program to provide technical inputs, create simulated phishing and training exercises, and coach teams on secure behaviors.
  • Document security architectures, system dependencies, and configuration baselines; maintain asset inventories and classification to support accurate risk assessments.
  • Participate in change control and DevOps pipelines to embed security gates (SAST/DAST scanning, secret detection) and provide fast feedback to development teams.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis.
  • Contribute to the organization's data strategy and roadmap.
  • Collaborate with business units to translate data needs into engineering requirements.
  • Participate in sprint planning and agile ceremonies within the data engineering team.
  • Provide regular security status reports, executive summaries and incident trend analysis to stakeholders and governance forums.
  • Mentor junior security analysts and provide structured training to raise the team's detection and investigation capabilities.
  • Assist procurement and legal teams in evaluating security clauses, SLAs and data protection requirements for vendor contracts.
  • Maintain an up-to-date knowledge base of common attack patterns, detection tactics and remediations for use by the SOC and engineering teams.

Required Skills & Competencies

Hard Skills (Technical)

  • Strong hands-on experience with SIEM platforms (Splunk, Elastic Stack/ELK, Microsoft Sentinel, QRadar) including content development, advanced searching, and ingestion pipelines.
  • Endpoint detection and response (EDR) expertise (CrowdStrike, Carbon Black, Microsoft Defender for Endpoint, SentinelOne) with experience building detection rules and automated containment.
  • Vulnerability management and scanning skills (Tenable/Nessus, Qualys, Rapid7) and the ability to prioritize and drive remediation across teams.
  • Cloud security skills for AWS/Azure/GCP: knowledge of IAM, VPC/network design, CloudTrail/CloudWatch/Monitor, security posture management and native security controls.
  • Identity and Access Management (Okta, Azure AD, Active Directory) including SSO, MFA, RBAC, privileged access controls and access review processes.
  • Network security knowledge: firewalls, IDS/IPS, VPNs, TLS/SSL, secure network architecture and packet-level troubleshooting.
  • Incident response tooling and methodology proficiency; familiarity with NIST, SANS, and MITRE ATT&CK frameworks for structured investigations and playbook development.
  • Scripting and automation (Python, PowerShell, Bash) to develop integrations, orchestration playbooks, remediation scripts, and CI/CD security gates.
  • Forensic analysis skills: memory and disk analysis, log correlation, chain-of-custody awareness and use of forensic tools for evidence collection.
  • Configuration management and infrastructure-as-code experience (Ansible, Terraform, CloudFormation) to enforce secure baselines and drift remediation.
  • Application security fundamentals: SAST/DAST tools, OWASP Top 10, secure coding guidance and coordination with Dev teams for remediation.
  • Experience with PKI, encryption, key management and secure certificate lifecycle processes.
  • Familiarity with regulatory frameworks and compliance requirements (PCI-DSS, GDPR, HIPAA, SOC2) and the ability to map technical controls to requirements.
  • Knowledge of monitoring and observability best practices including log retention, tagging, correlation and alert prioritization.
  • Experience integrating and consuming threat intelligence feeds and sharing indicators of compromise (IOCs) via TIPs or threat platforms.
  • Hands-on experience with cloud-native and host-based hardening frameworks and benchmarks (CIS, STIG).

Soft Skills

  • Excellent written and verbal communication skills for clear incident reporting, executive briefings and cross-team collaboration.
  • Strong analytical and investigative mindset with meticulous attention to detail and a methodical approach to troubleshooting.
  • Ability to prioritize competing urgent tasks and manage time effectively in a high-pressure incident environment.
  • Collaborative team player capable of influencing engineering, product and operations teams without direct authority.
  • Strong stakeholder management and the ability to translate technical risk into business impact for leadership decision-making.
  • Teaching and mentoring aptitude to upskill SOC analysts and engineering peers.
  • Problem-solving mindset with a focus on continuous improvement and automation of repetitive tasks.
  • High levels of integrity and discretion when handling sensitive security incidents and confidential information.
  • Adaptability and willingness to learn new security technologies, threats, and frameworks as the threat landscape evolves.
  • Project management skills for leading cross-functional security initiatives and delivering on timelines.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Information Systems, or equivalent work experience and proven technical expertise.

Preferred Education:

  • Master's degree in Cybersecurity, Information Security, Computer Science, or related field and/or advanced professional certifications.

Relevant Fields of Study:

  • Cybersecurity
  • Computer Science
  • Information Systems
  • Network Engineering
  • Software Engineering

Experience Requirements

Typical Experience Range:

  • 3 to 7 years of progressive experience in cybersecurity, security operations, or IT engineering roles with demonstrated experience across monitoring, incident response, and security tool administration.

Preferred:

  • 5+ years of focused experience in security operations or security engineering roles, including significant exposure to cloud security, SIEM/EDR platforms, vulnerability management and incident handling.
  • Relevant certifications such as CISSP, CISM, CISA, GIAC (GCIH/GSEC/GCIA), CompTIA Security+, CEH, or cloud security certifications (AWS/Azure Security Specialty) are strongly preferred.
Explore More Careers