Cybersecurity analyst jobs are in demand and attracting top talent in today’s marketplace. According to reporting from Forbes, over 209,000 cybersecurity jobs are unfilled in the U.S. and postings are up 74% over the past five years. That might be good news for companies looking to fill the role as more people look to IT-focused careers as an in-demand market. But it also means there is more competition to attract talent in a healthy economy.
The first step in finding the right cyber security analyst candidate is to write a killer job description to get talent in the door. The job description is your first – and maybe only – the opportunity to make a positive first impression and attract the attention of enthusiastic candidates. Here’s how to get started and what to include.
It’s easy to forget that what goes on in your workplace isn’t necessarily the same for everyone else in the cyber security field. A candidate coming to interview from a large corporation will have vastly different hands-on experience than someone in a government or small business role. In other words, not all cybersecurity analysts may be a good fit for the duties you need to be accomplished. Focus on thoroughly describing the expectations and job duties so your candidates know exactly what to expect from the position.
If you’re not sure where to start, spy on what your competitors are posting or go to a job board like Monster. Some duties might include:
– Developing security awareness by providing orientation, educational programs, and ongoing communication
– Maintaining access for company files and data
– Establishing system controls and determining the level of access
Your cybersecurity analyst needs testing and experience in different coding languages, but not all candidates will be equipped with the desired skill set to perform the job. Outline what competencies you expect from job seekers, including:
– Penetration testing of applications
– Infrastructure and a background in cloud computing
– Required education including a bachelor’s degree
Your requirements for competencies can also include required credentials like C++ or PHP programming languages and working with Windows, UNIX and Linux operating systems. Staying clear and focused about your expectations will get the right candidates with the credentials to match through your door.
Your next cybersecurity analyst needs more than great credentials and experience: they should also be a good fit for your office culture. Take a moment in your job description to reference what type of work environment they can expect, such as an open office workspace, corporate structure, or telecommute options.
You should also consider what you want your office culture to look like and how a cybersecurity analyst can help create it. For example, companies that work with sensitive information and clients’ personal data may need a tighter culture of security in place to keep their files safe. A candidate with experience running phishing simulations and safeguarding devices from ransomware and ransomware could help turn that culture of security goal into a reality.
A recovering economy and thriving job market mean candidates are more discerning in where they work and can pick and choose from job offers. Include some of your company’s best achievements like awards won or a prestigious roster of clients. You can also reference industry conferences your team attends or where your team has been featured as guest speakers.
But in today’s marketplace, candidates are seeking more than just an office with bragging rights. Your achievements can extend to how you’ve given back to the community. Highlight some of the work you’ve done with nonprofits and charities in your community, and detail how you offer employees paid time to get more involved.
Brainstorming your interview questions in advance can help shape your job description without giving too much away. If your candidates are too prepared, they may end up rehearsing and memorizing key questions when you really want to see how they react on the fly.
While you don’t need to anticipate every question that you might want to ask in an interview, it can help inform the structure of your job description. For example, Glassdoor lists a popular security analyst question as, “What are the three biggest factors to a successful Information Security plan?” In this case, you could add language to your job description that you want candidates to be able to execute such a plan.
Thinking of your dream cybersecurity analyst can help put some of your expectations on paper, but it’s also a slippery slope. Demanding that someone be able to do it all, wear multiple hats and assume various roles can lead to disappointment.
Not only are you unlikely to find such a person, but you’ll end up settling for someone who doesn’t really fit your expectations. You end up risking hiring someone who isn’t a good match and will either leave or be fired and drive up your overhead as you search for a new hire, and interview and retrain someone for the role.
There’s nothing worse than reading a stiff job description full of endless jargon and technical speak. While some of that language is inevitable in a job description, you can work to keep it conversational to engage the candidate all the way through the posting.
The simplest way to keep a job posting conversational is to write it the way you would actually talk, and then read it back to a team member out loud. Chances are high you’ll catch anything awkward as you’re reading it, but an extra set of ears can also point out anything that should be left out or reworked.
Your job description is an invitation to apply. It’s not the place to write a company manual on your cyber security analyst’s role. Keep it all short and to the point to give the candidate the information they need to hit the ‘apply’ button.
It’s also tempting to require a lot of tests and questions to be answered during the application process. But unless you have trouble with too many candidates applying, you should avoid this at all costs. You want to attract both eager job seekers and passive candidates who are happy enough in their current positions but are open to new opportunities to advance their careers.
Do you have any recommendations for writing a cybersecurity analyst job description? What have you done that’s worked for your company? Let us know by leaving a comment below:
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.