Security Administrator Job Description
Most Recent Research: Updated 9 April, 2012
Job Description
Security role descriptions are some of the least consistent in the industry in terms of standard duties and responsibilities across organizations. This is primarily due to historical hangups involving the evolution of the role where once upon a time security skills were primarily found in deeply technical job candidates. Today, some roles are more technical in nature and some roles are more policy based. In many cases both sets of skills are desirable but the degree of technical vs business varies between organizations.
Technical Security
Support, install and maintain infrastructure components such as server and computer anti-virus, email filters, web content filters, backup devices, firewalls, intruder detection/prevention systems, patch management and access lists.
Security Policy
Create and update security policy, strategies, risk assessments, investigation into incidents and audits.
Related Content
Tasks and Activities
- Configure, support and evaluate security tools
- Review architectural designs and evaluate compliance to applicable security standards
- Conduct security audits and provide recommendations to mitigate risks
- Ensure compliance to security standards and policy
- Evaluate project initiation documents
- Design solutions, configure or support Firewalls, Content Engines, Intruder Detection or Prevention Systems
- Configure and support anti-virus software
- Configure and support patch management systems
- Produce or modify disaster recovery and business continuity work practices
- Configure and optimize server and desktop operating systems and enterprise patch management systems
- Knowledge of common protocols such as SNMP, HTTP, HTTPS, SMTP, NTP, LDAP, KERBEROS, RADIUS and FTP
- Ensure representation in change management working parties
- Configure and support VPNs and enterprise gateway devices
- Administer remote access infrastructure
- Produce or update remote access policy
- Define and enforce controlled access to corporate security zones as required
Role at a glance
Skills, Knowledge & Experience
- Intermediate to expert firewall knowledge
- Intermediate to expert IDS/IPS knowledge
- Intermediate to expert virus protection & content filtering knowledge
- Intermediate to expert security policy knowledge
- Understanding of business practice and intellectual property
- Understanding of information management and data classification
- Investigations of security incidents
- Security strategy
- Risk assessments
- Policy development
- Audits
Organizational Position
This position will likely work as part of a team of others security specialists or other technical specialists such as Server Administrators or Network Administrators. The role should also include strong communication with executive or strategic teams.
Figure 1. Security Administrator in the Organization (click to enlarge)
Qualifications & Certifications
Operating systems and IT hardware certifications can be beneficial but are not usually necessary. Note: the diversity found in security roles certifications requirements reflects the diversity in security duties accross different organizations.
More certification information can be found in the following pages:
Key Competencies
Judgement & Decision Making
Situational Analysis
Specific Technical Knowledge
Attributes of an Excellent Security Administrator
1. These roles are almost always in a position of trust, therefore a high sense of ethics may be sought by the employer.
2. Because the most successful security operations are the ones that prevent an incident, rather than detecting then neutralizing it, a person who is proactive and tries to implement preventative measures is an excellent prospect for this type of role.
Attraction to the position and job retention strategies for employers
Security jobs have had a degree of 'Hollywood glamour' for some time. But in many cases employees can become disillusioned as the reality of the job comes to fruition.
For this reason, employers may seek to engage job candidates who have a realistic expectation of everyday duties.
Security administrators can also be seen as 'road blocks' by other technical engineering departments and hence can become isolated from the technology community. Employers should clarify duties & responsibilities between departments and ensure communication lines between the groups remain open and healthy in order to avoid tension between teams.
Career Pathways - Relevant Job Descriptions
>>> Risk Manager
>>> IT Manager
>>>> General Mananger
>>>> IT Director
Key
Page Research Level (PRL)
A key designed to give an indication of the depth of research used to produce the content of the page.
PRL Key Jobs researched
Level 0 =0-6
0-6Level 1 =6-29
6-29Level 2 =30-49
30-49 Level 3 =50-79
50-79Level 4 =80-99
80-99Level 5 =100+
100+What You Know
Understand the core business
Understand relevant legislation and/or government policy
Technical security knowledge such as firewalls, ips, patch management, authentication, permissions, encryption and virus detection.
What You Do
Evaluate risks and threats
Write incident reports
Write policy
Design/configure technical security components
Patch management/Virus prevention
What You Are
A decision maker
A technical expert in security
A business enabler
A custodian of intellectual property
