Job Description: Security consultant
Job Description: Security consultant

Security consultants can have a range of different job titles - these include information security consultant, computer security consultant, cyber-security consultant, database security consultant, compliance security consultant, network security consultant and private sector security consultant.

Each position tends to cover a specialist area relevant to that particular job title. However, at its core, an IT security consultant is required to be commensurate with cyber-security, risk management, compliance auditing, testing, customer service and information assurance. They are the key point of contact for all these areas.

As a professional in this field you must be able to keep pace with a fast-moving IT landscape and possess a range of superior IT skills. You must be able to communicate effective strategies with a range of stakeholders. As a consultant, you will be expected to identify gaps in current IT practices and recommend best practice solutions to reduce risk and maximise business opportunities.

The day-to-day

  • Regular risk auditing and monitoring of systems.

  • Compliance implementation, testing and reporting.

  • Designing and testing of new IT solutions.

  • Provision of business support at a high level and to a range of key stakeholders in relation to ongoing security improvements.

  • Crisis management where required.

  • Project management and project architecture.

  • Review and analysis of delivered projects.

Key responsibilities

  • Identify weaknesses and potential threats to existing information security toolsets.

  • Perform continual testing on current systems to determine potential problems or security threats.

  • Prepare reports for internal and external clients detailing the security issues, making recommendations and identifying solutions.

  • Conduct cloud security reviews and network security assessments.

  • Provide advice on hacking tools and techniques including advanced malware detection.

  • Formulate an IT security incident response strategy and implement a method of notifying parties.

  • Keep up to date with the latest thinking on secure coding and cyber-security issues.

  • Support the business with a range of compliance requirements.

Key skills

There are a range of hard skills that employers are looking for in their security consultants. These include but are not limited to:

  • Network administration skills to test internal systems such as firewalls and IPS/IDS devices to ensure networks are safe.

  • Standards related to implementing a risk management framework including COBIT, ITIL, ISO 27001/2 and NIST.

  • Common programming languages including, C, C++, C#, Java, SQL or PHP.

  • Windows, UNIX and Linux operating systems.

  • Encryption technologies, ethical hacking and penetration testing.

  • Compliance skills in relation to key legislations such as the Health Insurance Portability & Accountability Act (HIPAA), The Sarbanes-Oxley (SOX) Act of 2002, Payment Card Industry (PCI), The National Institute of Standards and Technology (NIST) and The Gramm-Leach Bliley Act (GLBA) and compliance assessments.

  • Ability to manage the Internet protocol suite which is the computer networking model and set of communications protocols used on the Internet including TCP and IP.

Softer skills include:

  • Ability to work as part of a team but also independently and on own initiative.

  • Flexible approach to tasks that may change daily.

  • Analytical ability to break down problems into constituent parts.

  • Solid communication skills and expertise to translate technical jargon into business familiar language.

  • Proven ability to audit an IT environment and provide security and process recommendations.

Qualifications

  • A bachelor's degree in computer science, cyber-security or a related field including engineering, mathematics, Physics and other STEM subjects are becoming increasingly common for entry-level candidates.

  • Certified Information Systems Security Professional (CISSP) accreditation is desirable.

  • Employers may also ask for Systems Security Certified Practitioner (SSCP), Certified Information Security Manager certification (CISM), Certified in Risks and Information Systems Control (CRISC), Qualification in Internal Audit Leadership (QIAL) / IIA (diploma or advanced diploma)/ISO27001 (auditor or implementer), Certified Protection Professional (CPP), Offensive Security Certified Professional (OSCP), Physical Security Professional (PSP), Security+ and CSA+.

  • Some employers may require a driver's licence if the job relies on regular travel between sites.

Relevant experience

  • Three to five years' experience of working on security projects for major organisations is desirable.

  • Solid understanding of security assessment and management is required.

  • Security design, architecture and implementation is necessary.

  • Compliance management is essential.

  • Great project management and communication skills is a requirement.

  • In-depth knowledge of data protection regulations and technology supporting fraud detection.

Hours

A typical working pattern of 35 to 40 hours per week is usual but some organisations may require a shift pattern to operate across a seven day, 24-hour period. Other businesses may require you to work a standard week but be on-call to react to cyber security threats or network problems out of hours.

Salary

The average salary for a security consultant is around £48,000 but many can earn much more than this with positions often being advertised between £50,000 - £70,000. These figures are a guide and salaries will vary according to sector, location, seniority, experience and company.

Career opportunities

Your next steps may include

  • Lead consultant

  • Security director

  • Chief information security officer

Have a look at the latest cyber-security jobs here

Sign up to receive job alerts by email matched to your specific requirements

Keep abreast of the latest industry trends by signing up to our free email newsletters