Feature
CAREERS • 10 min read

Eight Careers in Defensive Security

With an ever-increasing number of threats lurking in the shadows, the demand for skilled defenders of our digital realm is at an all-time high. If you're an aspiring security professional or simply intrigued by the world of digital defence, you're in the right place!

Professionals in this field gain the opportunity to continuously enhance their skills, adapt to evolving technologies, and play a crucial role in maintaining the stability of digital systems.

So, in this guide, we're diving into the eight core careers in defensive security and how TryHackMe serves as an invaluable resource, providing you with the tools and knowledge necessary to excel in your defensive security career!

1. SOC Analyst

A Security Operations Centre Analyst, also known as a SOC Analyst, works in a SOC team to monitor, analyse, and respond to security issues as the front line of a company's cyber defences. The SOC Analyst role includes implementing and incorporating tools and technologies to identify security threats and vulnerabilities to prevent cyber attacks further.

Level 1 SOC Analysts can expect a starting salary of £31,554, with an average salary of £37,647 ($69,530) after some experience. Meanwhile, SOC Analysts of (Levels 2 and 3) can expect to earn £40,715 upwards.

SOC Analyst responsibilities

SOC Analysts are responsible for:

  • Continuously monitoring and investigating the security alerts queue
  • Monitoring the health of security sensors and SIEM (Security Information and Event Management) infrastructure
  • Collecting data and context necessary to initiate Level 2 escalation
  • Delivering scheduled and ad-hoc vulnerability assessment reports
  • Configuring and managing the security monitoring tools

SOC Analyst entry requirements

A degree isn’t necessary to become a SOC Analyst, although this can help. Additionally, obtaining SOC Analyst certifications, such as the CySA+, Security+, and Network+, from CompTIA, can be the doorway into the industry. However, becoming a certified SOC Analyst isn’t a requirement for entry-level roles.

SOC Analyst training

To build and develop your knowledge, start with our Introduction to Cyber Security and Pre-Security learning paths and upskill with our SOC Level 1 learning path!

Take it a step further with our SAL1 (Security Analyst Level 1) Certification, designed to validate your foundational skills in threat detection, investigation, and response, giving you a competitive edge in the industry.

Once you’ve secured a SOC team role, our new SOC Level 2 learning path can advance your career, help you transition into a Level 2 position, and strengthen your core technical skills.

2. Information Security Analyst

The main objective of a Security Analyst is to ensure the security of an organisation's systems and data. This includes identifying and addressing security incidents, performing audits, and implementing security measures. Objectives of Security Analysts include ensuring the confidentiality, integrity, and availability of data, preventing unauthorised access, and maintaining compliance with organisational and legal requirements.

On average in the UK, an Information Security Analyst earns £45,875, which can range from £34,000 to £63,000. In the United States, this is almost double at $85,979 on average, with salaries ranging between $71,618 and $99,200.

Security Analyst responsibilities

A Security Analyst protects an organisation, both internally and externally.

  • Identify, monitor, and address security incidents as soon as possible
  • Perform internal and external audits, with threats lurking both inside and outside an organisation
  • Creating policies and implementing security measures
  • Keeping up-to-date with the best practices in Information Security will protect the organisation from cyber-attacks
  • Keeping the organisation’s software up-to-date and documenting all security issues or breaches

Security Analyst entry requirements

While having a degree can certainly enhance your prospects in the field, it's not always a strict requirement to become an Information Security Analyst. Many employers in the information security field consider practical skills, experience, and certifications to be equally or even more important than a formal degree. Continuous learning, certifications (like CompTIA Security+, CISSP, and CEH) and networking within the cyber security community are key elements for success in this role.

Security Analyst training

3. Incident Responder

The primary objective of an Incident Responder is to ensure an organisation is well-prepared and equipped to identify, manage, and recover from security incidents promptly and effectively.

In the UK, the total pay range for Incident Responders is between £19,486 and £64,357, depending on experience, with an estimated average pay of £34,041. In the US, the average salary ranges between $49,913 and $111,332 per year.

Incident Responder responsibilities

  • Developing and maintaining incident response plans
  • Utilising advanced tools for early detection of security incidents
  • Continuously monitor and analyse the organisation's networks and systems for security breaches or intrusions
  • Document incidents thoroughly from discovery to resolution, including the creation of detailed incident reports which may be shared internally or with external stakeholders
  • Conduct forensic analysis to gather evidence, which might be used in legal proceedings, and to understand the incident's cause and ramifications
  • Develop and implement strategies to contain the incident and prevent further damage, while preserving evidence for future analysis and potential legal action

They also aim to ensure compliance with legal and regulatory requirements, educate and train staff on security awareness, and contribute to continuously improving the organisation's incident response capabilities.

Incident Responder entry requirements

A degree is not strictly required to become an Incident Responder. Practical experience, relevant certifications (such as GIAC Certified Incident Handler), and strong analytical skills are often prioritised in hiring for this role.

Incident Responder training

4. Security Auditor

The goal of a security auditor is to secure an organisation’s information assets. It is their job to suggest improvements to an organisation’s network or procedures to properly align it with the best practices and government regulations. Regularly auditing and assessing organisations is important for optimal security.

UK: The average salary for a Security Auditor is £37,798 per year, with a range from £28,000 to £51,000. US: The salary ranges from around $72,489 to $112,300, with an average salary of around $84,833.

Security Auditor responsibilities

  • Conduct comprehensive audits to evaluate the organisation's information systems and security controls. Assess compliance with applicable laws, regulations, and standards
  • Generate detailed audit reports highlighting findings and recommendations. Document audit processes and findings to ensure a transparent audit trail
  • Provide advice on rectifying identified security weaknesses and advise on best practices in information security
  • Verify that identified issues have been addressed and conduct follow-up audits to ensure the implementation of recommended security controls
  • Contribute to the organisation's security awareness program by providing training and resources to staff

Security Auditor entry requirements

A degree is beneficial but not always mandatory for a career as a Security Auditor. Practical experience, relevant certifications (such as Certified Information Systems Auditor - CISA), and a strong understanding of security frameworks and standards are highly valued in this role. Many security auditors enter the field with a combination of education, certifications, and hands-on experience in cyber security.

Security Auditor training

5. Security Engineer

The primary objective of a Security Engineer is to safeguard an organisation's computer systems and networks from cyber threats. The training on TryHackMe aims to equip individuals with the necessary skills to build secure systems, networks, and software. This includes learning about network security engineering, system security engineering, software security engineering, and risk management & incident response.

On average, Security Engineers earn between £35,000 and £60,000 annually in the UK. Meanwhile, in the US, salaries range between $65,000 and $155,000 annually.

Security Engineer responsibilities

  • Designing Security Infrastructure: Develop and implement security frameworks to protect the organisation's systems and networks
  • Monitoring and Analysis: Continuously monitor the organisation's security posture and analyse for potential threats and vulnerabilities
  • Incident Management: Respond to and mitigate security incidents and breaches, ensuring minimal impact and improving the security posture to prevent future incidents

Security Engineer entry requirements

If you’re wondering how to become a Security Engineer, luckily, a degree is also not compulsory. Practical skills and hands-on experience are often more crucial, while relevant security engineer certifications are optional, but can be a fantastic way to prove your skills and knowledge. If you do decide to obtain certifications, CompTIA Security+, CompTIA Network+, CISA, CISM, and CISSP are highly recommended!

Security Engineer training

6. Security Architect

A Security Architect plays a crucial role in designing and overseeing the implementation of security systems to protect an organisation from threats.

In the United States, the average salary ranges from $87,000 to $158,000 with a median of around $121,934 to $131,932. In the United Kingdom, the average salary is around £75,000 to £84,412.

Security Architect responsibilities

  • Designing Security Infrastructure: They are responsible for designing the security architecture and ensuring that it mitigates threats while aligning with business objectives.
  • Incident Response Planning: They play a vital role in planning and responding to security incidents and breaches.
  • Compliance and Auditing: Ensuring compliance with legal and regulatory requirements and conducting audits to assess the effectiveness of security measures.
  • Security Policies and Procedures: They develop and implement security policies, protocols, and procedures to safeguard information assets. This includes the maintenance of said policies and procedures.

Security Architect entry requirements

Practical experience, deep technical knowledge, and relevant certifications (such as Certified Information Systems Security Professional - CISSP or Certified Information Security Manager - CISM) are often considered more crucial than a degree. Security architects typically demonstrate expertise in designing and implementing secure systems, and employers may prioritise hands-on experience and certifications over formal education.

Security Architect training

7. Forensic Investigator

The primary aim of a Forensic Investigator is to examine digital devices and cyber environments to uncover evidence of cyber crimes and other digital misconduct. They play a pivotal role in the legal system by assisting law enforcement agencies and organizations in solving crimes.

On average, Forensic Investigators earn between £30,000 and £55,000 per year in the UK, while in the US, the salary range is between $45,000 and $120,000 per year.

Forensic Investigator responsibilities

  • Evidence Collection and Analysis: Collect, preserve, and analyse digital evidence to assist in cyber crime investigations.
  • Reporting and Documentation: Create detailed reports documenting the process and findings, which can be used in court or for internal purposes.
  • Legal Compliance and Advisory: Ensure legal compliance in digital environments, and advise on the legal aspects of digital and cyber operations.
  • Cyber Crime Investigations: Collaborate with law enforcement and other stakeholders to investigate and solve cyber crimes.

Forensic Investigator entry requirements

The real essence of being a forensic investigator lies in a relentless curiosity and an eye for detail that can spot anomalies in a sea of data. It's a career built on continuously adapting to new challenges and staying ahead of cybercriminal trends. This role requires a blend of investigative skills similar to that of a detective and the technical prowess of an IT expert. While certifications, such as GCFA and GCIH, are helpful, are just part of the toolkit.

Forensic Investigator training

8. Threat Hunter

The primary objective of a Threat Hunter is to proactively identify, isolate, and mitigate threats that traditional security measures may overlook. By employing a mix of analytical and technical skills, Threat Hunters delve into networks and endpoints to spot anomalies and thwart potential threats before they escalate into significant incidents.

On average, Threat Hunters earn between £40,000 and £70,000 per year in the UK, while in the US, the salary range is between $70,000 and $130,000 per year.

Threat Hunter responsibilities

  • Threat Identification: Diligently search through network, system, and data anomalies to pinpoint and address potential threats before they escalate into more severe security issues.
  • Threat Intelligence Interpretation: Leverage threat intelligence platforms to collect and analyse data on emerging threats, applying the insights gained to enhance the organization's defensive measures.
  • Response Coordination: Upon confirming malicious activities, collaborate with security teams to devise and execute incident response strategies to mitigate the confirmed threats.

Threat Hunter entry requirements

To thrive as a threat hunter, you must immerse yourself in a constantly evolving environment where formal education is secondary to hands-on skills and real-world experience. This profession demands a keen analytical mindset, adeptness in navigating complex cyber environments, and a relentless pursuit of emerging threats. Certifications like the GIAC Certified Incident Handler (GCIH), Certified Threat Intelligence Analyst (CTIA), and EC-Council Certified Security Analyst (ECSA) are highly valued but not necessary, providing practical knowledge and skills directly applicable to the role.

Success in threat hunting hinges on continuous learning, active engagement with the latest cyber security trends, and a robust network within the cybersecurity community. This role requires a unique blend of technical expertise, creativity in problem-solving, and a proactive approach to identifying and mitigating potential cyber threats.

Threat Hunter training

  • Vulnerability Research module - Familiarise yourself with the skills, research methods, and resources used to exploit vulnerable applications and systems
  • Threats and Risks module - Understand how security engineers help their organisations identify threats and risks to better manage them
  • Threat Emulation module - Understand the core concepts of threat emulation and learn how to execute adversarial activity through different threat emulation frameworks
  • Endpoint Security Monitoring module - Understand what is expected and what is abnormal within a Windows system
  • Recent Threats module - Learn about the latest industry threats and gain hands-on experience identifying, exploiting, and mitigating critical vulnerabilities

We can help!

With hands-on, interactive cyber security learning, TryHackMe makes it easier to launch into the industry and continually upskill based on new threats and trends. Our real-world training prepares you for work responsibilities, and achieving sought-after skills for all cyber security roles.

TryHackMe courses are suited to all users - from the complete beginner to the seasoned hacker - making learning engaging, entertaining, accessible, and affordable.

We also recommend checking out our guide to Securing Entry-Level Roles in Cyber Security, which includes our top tips for achieving an entry-level role!

authorJabba
Feb 13, 2024

Recommended

Get more insights, news, and assorted awesomeness around cyber training.

from-the-military-to-cloud-security-architect-how-steven-upshaw-used-tryhackme-to-reinvent-his-careerBlog • 3 min read

From the Military to Cloud Security Architect : How Steven Upshaw Used TryHackMe to Reinvent His Career

When Steven Upshaw retired from the U.S. military in 2021 after 25 years of service, he wasn’t sure what was next. What he did know was this: he still had the drive to serve, solve problems, and continuously grow.

how-tryhackmes-advanced-endpoint-investigations-learning-path-builds-the-cross-platform-expertise-modern-threats-demandBlog • 4 min read

How the Advanced Endpoint Investigation Learning path builds the cross-platform expertise modern threats demand

The Advanced Endpoint Investigations Path is a hands-on, lab-driven journey built to close the growing skill gap in digital forensics and incident response.

improving-incident-preparedness-with-tryhackmes-new-tabletop-exercises-ttx-productBlog • 4 min read

Improving incident preparedness with TryHackMe’s new tabletop exercises (TTX) product

We’ve launched a free TTX product that allows SOC and IR teams to create custom tabletop exercises within minutes. Organisations can use AI to tailor tabletop scenarios to their environment by providing details on their industry, common attack types, architecture and more.

Join over 640 organisations upskilling their
workforce with TryHackMe

TryHackMe for Business

We use cookies to ensure you get the best user experience. For more information contact us.

Read more