In this article, we cover several positions that often ask for the CompTIA Security+ certification. To see our complete review on the CompTIA Security+, view our article here. We’ve also provided guidance on how to pass the Security+ here.
The CompTIA Security+ is one of those certifications that you’re going to be hearing about a lot if you’re serious about cybersecurity. While the certification is in no way a flawless measure of your skills, it’s what businesses often use to assess or validate your skills as an entry to intermediate-level cybersecurity professional. Essentially, it’s like an ID you can get that confirms you really are who you say you are, or more importantly, have the skills you say you have. If you have a Security+ certification, it’s assumed you really do understand the basics (and ideally more than just the basics) of important cybersecurity concepts.
What jobs can I get with a CompTIA Security+ certification? The CompTIA Security+ is often a requirement for security-based IT and cybersecurity jobs at the entry to intermediate level. Professionals aspiring to find a position as a cybersecurity analyst, cybersecurity engineer, SOC analyst, incident responder, and other similar positions will benefit from earning the CompTIA Security+.
Ready to Start Your Cybersecurity Career?
If you're serious about starting your cybersecurity career, enroll in my FREE 5-part series "Strategies for New Cyber Careers". These strategies can help you determine your best path forward. I'll also send you my weekly cyber career newsletter with resources that every cyber professional needs to know.
Still, there’s no denying that the Security+ is not an easy test to study for. It’s going to take time and a lot of effort, so while you’re putting in those hours, watching videos and trying to memorize study books, it’s worth considering what it is you’re actually getting when you finally have the CompTIA Security+.
Keeping in mind that the CompTIA Security+ can be a good stepping stone to many professional security-based cybersecurity and IT positions, and that it is often an advantageous asset in other tech positions, I want to cover in this article the types of positions you can start looking at once you have earned the CompTIA Security+.
Positions That Often Require the CompTIA Security+
Here are just a few jobs you’ll find that require the Security+, and will often have the Security+ listed within the job posting.
Information System Security Officer
As an ISSO, it’s your responsibility to make sure that the system your organization uses is secure and up to date. You oversee security updates and make sure that there are no vulnerabilities or irregularities in your employer’s network.
Below are just a few of the duties you’ll take on as an ISSO, taken from current job listings:
- Working with systems owners, government managers, and other stakeholders to manage cyber security requirements
- Performing regular systems security scans, and maintaining records of such scans, as required by C&A guidelines.
- Reviewing and evaluating information technology software, hardware and networks and the overall cyber security posture of information technology systems
Other qualifications for this position include up to 4 years’ experience in a related field, and often will require a related degree. If you’re interested in a ISSO, you’ll need a good bit of practical experience over the course of several years, good management skills (since you’ll be supervising others), and good project management skills (as you’ll be managing large security projects.)
Security Operations Center Analyst
A SOC Analyst is one of the most sought after entry-level cybersecurity positions, because it is often obtainable with a few years of experience, and it has a good cybersecurity component, versus being a strictly IT type of role.
As a security operations center analyst, it’s your job to keep an eye on network traffic and know how to recognize a cyber threat. Here are some of the duties required of a security analyst:
- Remaining up to date on current information security trends and research techniques in the industry
- Providing high quality analysis of clients’ firewall, operating system, web server, and other logs
Besides the Security+, you’ll also need at least an Associate’s Degree in Computer Science or a related field. Some previous experience is required, but for an entry-level position that experience is minimal and can be easily covered with an internship or part-time tech job.
If you’re interested in becoming a SOC analyst, you should consider enrolling in a college cybersecurity program, plan for sitting for the Security+ certification, and begin looking for internship and volunteer opportunities as soon as you can.
As a cybersecurity engineer, you’ll be reviewing and patching software that will improve the security of the organization you work for. As an engineer, you need to be familiar with the basic architecture underlying a secure infrastructure and be able to recognize vulnerabilities and suggest patches. Here are just a few of your responsibilities as a cybersecurity engineer:
- Collaborating in threat assessment, vulnerability analysis, risk assessment and system/network risk migration.
- Submitting network and system changes, and major version software updates through the change management process for approval prior to installation wide deployment or distribution
- Monitoring systems performance and report trends or incidents that impact security posture of supported systems and networks
Along with the Security+, you’ll need about 6 years’ relevant experience (or a Bachelor’s degree in Cyber, Computer Science, or other related field). Because of the amount of experience often required to become a cybersecurity engineer, this position (just like the ISSO position above) is often not the first position someone gets in the field of cybersecurity.
A reasonable path to follow to become a cybersecurity engineer is to follow the SOC analyst path listed above, and then move into a higher-level cybersecurity engineer position as your experience grows (and you continue your education).
Cybersecurity Incident Responder
Cybersecurity incident responders are basically the firefighters of the cyber field. You’re the one who’s the first to tackle an ongoing security threat. It’s a demanding but rewarding position. As an incident responder, you’ll be:
- Monitoring systems performance and reporting trends or incidents that impact security posture of supported systems and networks
- Investigating and applying mechanisms for preventing / blocking computer use violations
- Distributing directives, metrics reports, vulnerability and threat advisories
Besides the Security+, you will need up to three years’ experience. Experience can replace the degree requirement in some cases, but also having a degree can be a competitive advantage. Becoming an incident responder is often not a first step into the world of cybersecurity because of the job requirements.
The only thing better than being a cyber professional is helping others reach their goal of becoming a cybersecurity professional. Not all cyber instructorships require you to have a Security+, but the certification goes a long way towards making you stand out competitively. As a cybersecurity instructor, you will be:
- Conducting practical exercises in a laboratory environment, conduct student study hall periods and provide tutoring/remedial instruction
- Analyzing customer requirements, available training methods and material, and facilities to deliver the required curriculum for classroom instruction
- Managing the instructional content for the assigned topic area
Besides Security+, instructor positions generally require at least an Associate’s Degree in a related field, with higher level degrees often being a minimum requirement. Instructor positions often like to see teaching experience as well, and may ask for up to three years’ experience to start, but this requirement is often not as important as the degree you hold.
Should I Consider the Security+ If a Position I Want Doesn’t Ask For It?
Even if a position doesn’t outright require the Security+, having one will set you head and shoulders above other job applicants who don’t have certification. Keep in mind that the Security+ can expire and you need to make sure that your certification is still valid when you apply for a job.
The higher up you go in the cyber world, the more varied credentials you will need. Higher level positions will often require all kinds of certifications, including the advanced-level CISSP (Certified Information Systems Security Professional) certificate.
What you end up needing finally depends on which path you intend to pursue in the cyber field. If you decide to go into management, analysis, or penetration testing, there are certifications that can help validate your ability in those specific areas.
Cybersecurity positions are in demand now more than ever before, and the volume and wide range of available jobs proves it. New cybersecurity threats are constantly developing, and with modern businesses’ dependency on the internet, it’s critical that new professionals have the skills needed to combat those threats.