Job Description: Security consultant

Job Description: Security consultant
Job Description: Security consultant

Security consultants can have a range of different job titles - these include information security consultant, computer security consultant, cyber-security consultant, database security consultant, compliance security consultant, network security consultant and private sector security consultant.

Each position tends to cover a specialist area relevant to that particular job title. However, at its core, an IT security consultant is required to be commensurate with cyber-security, risk management, compliance auditing, testing, customer service and information assurance. They are the key point of contact for all these areas.

As a professional in this field you must be able to keep pace with a fast-moving IT landscape and possess a range of superior IT skills. You must be able to communicate effective strategies with a range of stakeholders. As a consultant, you will be expected to identify gaps in current IT practices and recommend best practice solutions to reduce risk and maximise business opportunities.

The day-to-day

  • Regular risk auditing and monitoring of systems.

  • Compliance implementation, testing and reporting.

  • Designing and testing of new IT solutions.

  • Provision of business support at a high level and to a range of key stakeholders in relation to ongoing security improvements.

  • Crisis management where required.

  • Project management and project architecture.

  • Review and analysis of delivered projects.

Key responsibilities

  • Identify weaknesses and potential threats to existing information security toolsets.

  • Perform continual testing on current systems to determine potential problems or security threats.

  • Prepare reports for internal and external clients detailing the security issues, making recommendations and identifying solutions.

  • Conduct cloud security reviews and network security assessments.

  • Provide advice on hacking tools and techniques including advanced malware detection.

  • Formulate an IT security incident response strategy and implement a method of notifying parties.

  • Keep up to date with the latest thinking on secure coding and cyber-security issues.

  • Support the business with a range of compliance requirements.

Key skills

There are a range of hard skills that employers are looking for in their security consultants. These include but are not limited to:

  • Network administration skills to test internal systems such as firewalls and IPS/IDS devices to ensure networks are safe.

  • Standards related to implementing a risk management framework including COBIT, ITIL, ISO 27001/2 and NIST.

  • Common programming languages including, C, C++, C#, Java, SQL or PHP.

  • Windows, UNIX and Linux operating systems.

  • Encryption technologies, ethical hacking and penetration testing.

  • Compliance skills in relation to key legislations such as the Health Insurance Portability & Accountability Act (HIPAA), The Sarbanes-Oxley (SOX) Act of 2002, Payment Card Industry (PCI), The National Institute of Standards and Technology (NIST) and The Gramm-Leach Bliley Act (GLBA) and compliance assessments.

  • Ability to manage the Internet protocol suite which is the computer networking model and set of communications protocols used on the Internet including TCP and IP.

Softer skills include:

  • Ability to work as part of a team but also independently and on own initiative.

  • Flexible approach to tasks that may change daily.

  • Analytical ability to break down problems into constituent parts.

  • Solid communication skills and expertise to translate technical jargon into business familiar language.

  • Proven ability to audit an IT environment and provide security and process recommendations.


  • A bachelor's degree in computer science, cyber-security or a related field including engineering, mathematics, Physics and other STEM subjects are becoming increasingly common for entry-level candidates.

  • Certified Information Systems Security Professional (CISSP) accreditation is desirable.

  • Employers may also ask for Systems Security Certified Practitioner (SSCP), Certified Information Security Manager certification (CISM), Certified in Risks and Information Systems Control (CRISC), Qualification in Internal Audit Leadership (QIAL) / IIA (diploma or advanced diploma)/ISO27001 (auditor or implementer), Certified Protection Professional (CPP), Offensive Security Certified Professional (OSCP), Physical Security Professional (PSP), Security+ and CSA+.

  • Some employers may require a driver's licence if the job relies on regular travel between sites.

Relevant experience

  • Three to five years' experience of working on security projects for major organisations is desirable.

  • Solid understanding of security assessment and management is required.

  • Security design, architecture and implementation is necessary.

  • Compliance management is essential.

  • Great project management and communication skills is a requirement.

  • In-depth knowledge of data protection regulations and technology supporting fraud detection.


A typical working pattern of 35 to 40 hours per week is usual but some organisations may require a shift pattern to operate across a seven day, 24-hour period. Other businesses may require you to work a standard week but be on-call to react to cyber security threats or network problems out of hours.


The average salary for a security consultant is around £48,000 but many can earn much more than this with positions often being advertised between £50,000 - £70,000. These figures are a guide and salaries will vary according to sector, location, seniority, experience and company.

Career opportunities

Your next steps may include

  • Lead consultant

  • Security director

  • Chief information security officer

Have a look at the latest cyber-security jobs here


Next Article in Career News and Advice

SC Webcasts UK

Sign up to our newsletters