Experience Requirements Overview

  • Job Zone Four: Considerable Preparation Needed
  • A considerable amount of work-related skill, knowledge, or experience is needed for these occupations. For example, an accountant must complete four years of college and work for several years in accounting to be considered qualified.
  • Most of these occupations require a four-year bachelor's degree, but some do not.
  • Employees in these occupations usually need several years of work-related experience, on-the-job training, and/or vocational training.

Detailed Work Activities

  • Evaluate characteristics of equipment or systems.
  • Analyze risks to minimize losses or damages.
  • Analyze security of systems, network, or data.
  • Develop computer or information systems.
  • Develop computer or information security policies or procedures.

Tasks

  • Assess the physical security of servers, systems, or network devices to identify vulnerability to temperature, vandalism, or natural disasters.
  • Collect stakeholder data to evaluate risk and to develop mitigation strategies.
  • Conduct network and security system audits, using established criteria.
  • Configure information systems to incorporate principles of least functionality and least access.
  • Design security solutions to address known device vulnerabilities.
  • Develop and execute tests that simulate the techniques of known cyber threat actors.
  • Develop infiltration tests that exploit device vulnerabilities.
  • Develop presentations on threat intelligence.
  • Develop security penetration testing processes, such as wireless, data networks, and telecommunication security tests.
  • Discuss security solutions with information technology teams or management.
  • Document penetration test findings.
  • Evaluate vulnerability assessments of local computing environments, networks, infrastructures, or enclave boundaries.
  • Gather cyber intelligence to identify vulnerabilities.
  • Identify new threat tactics, techniques, or procedures used by cyber threat actors.
  • Identify security system weaknesses, using penetration tests.
  • Investigate security incidents, using computer forensics, network forensics, root cause analysis, or malware analysis.
  • Keep up with new penetration testing tools and methods.
  • Maintain up-to-date knowledge of hacking trends.
  • Prepare and submit reports describing the results of security fixes.
  • Test the security of systems by attempting to gain access to networks, Web-based applications, or computers.
  • Update corporate policies to improve cyber security.
  • Write audit reports to communicate technical and procedural findings and recommend solutions.

Data Source: This page includes information from the O*NET 28.0 Database by the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA). Used under the CC BY 4.0 license. O*NET® is a trademark of USDOL/ETA. This page includes Employment Projections program, Occupational Employment and Wage Statistics program, U.S. Bureau of Labor Statistics.