Interview Simulator Banner

Security Administrator Job Description

Monitor and manage corporate security devices and applications including Firewalls, Intruder Prevention Systems, Patch management Systems, Certificate Authority, Proxy Servers, Anti-Virus, Email Filters, Web Content Filters, Backup Devices and SSL Taps.

Security Admin Duties

  • Configure, support and evaluate security tools.
  • Review network designs and evaluate compliance to applicable security standards.
  • Conduct security audits and provide recommendations to mitigate risks.
  • Ensure compliance to security standards and policy.
  • Evaluate project initiation documents.
  • Design solutions, configure or support Firewalls, Content Engines, Intruder Detection or Prevention Systems.
  • Configure and support anti-virus software.
  • Configure and support patch management systems.
  • Produce or modify disaster recovery and business continuity work practices.
  • Configure and optimize server and desktop operating systems and enterprise patch management systems.
  • Knowledge of common protocols such as SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS and FTP.
  • Ensure representation in change management working parties.
  • Configure and support VPNs and enterprise gateway devices.
  • Administer remote access infrastructure.
  • Produce or update remote access policy.
  • Define and enforce controlled access to corporate security zones as required.

Key Competencies

  • Judgement and Decision Making
  • Situational Analysis
  • Specific Technical Knowledge

Skills, Knowledge and Experience

We found security role descriptions to be some of the least consistent in the industry in terms of standard duties and responsibilities across different organizations. Some roles are more technical in nature and some roles are more policy based. In many cases both sets of skills are desirable but the degree of technical vs business varies between organizations.


Employer Demand Skill
71% Knowledge of L4-L7 protocols such as SSL,HTTP,DNS,SMTP and IPSec
59% Strong understanding of firewall technologies Juniper / Cisco / Checkpoint
27% Packet Shaper, Load Balancer and Proxy Server knowledge
24% Intermediate to expert IDS/IPS knowledge
24% Understanding of information management and data classification
20% Investigations of security incidents
20% Demonstrated understanding of VPNs and remote access
15% Intermediate to expert virus protection and content filtering knowledge
15% Experience with web application vulnerability scanning tools such as IBM AppScan, HP Webinspect, Accunetix, NTO Spider, Burp suite Pro
10% Knowledge of encryption techniques and PKI infrastructure
10% Understanding of business requirements, process and practice
7% Knowledge of forensic tools such as Encase, FTK, Helix, Wireshark
5% Knowledge of reverse engineering, binary analysis and assembler
5% Risk assessments
4% Audits and accreditation process experience
2% Security policy knowledge and experience
2% Understanding of incident investigations processes and reporting

Qualifications


Employer Demand Qualification
46% Degree
31% CISSP (Certified Information Systems Security Professional)
11% RSA/CA (RSA Certified Administrator)
6% CCSP (Cisco Certified Security Professional)
6% CCSA (Check Point Certified Security Administrator)
6% CISM (Certified Information Security Manager)
3% CISA (Certified Information Security Auditor)

Salary

The following salary indicators were found for this role;

Role Roles Not Requesting a Degree Roles Requesting a Degree Top End
Security Engineer or Administrator Salary $89K - $110K $86K - $104K $146K
Contract Rates $89h - $110h N/A

Key Personal Attributes

These roles are in a position of trust therefore a high sense of ethics is a key personal attribute. Because the most successful security operations are the ones that prevent an incident, rather than detecting and neutralizing it, a person who is also proactive and tries to implement preventative measures is an excellent prospect for this type of role.

Attraction to the Position

Security jobs carry a degree of prestige and excitement due to the nature of the job.

Staff Retention Strategies for Employers

This role can be perceived as 'road blocks' by other technical engineering departments and hence can become isolated from the technology community. Employers should clarify duties and responsibilities between departments and ensure communication lines between the groups remain open and healthy in order to avoid tension between teams.

Advantage Alert

Most job advertisements specify specialised skills so apart from general security skills it may be prudent for candidates to develop expertise in two or three areas such has firewalls, policy, Internet gateways, vulnerability scanning, penetration testing, software security, compliance, risk management, auditing or similar.


Related Pages

Security Roles Amongst the Highest Paid in the Industry
Computer Protection Essentials

Interview Simulator