Badanie Płac – information Security – Polska 2023

Projekt organizowany w kooperacji ISSA Polska i CSO Council

Drodzy Członkowie CSO Council!

Przedstawiamy Wam projekt Badania Płac w obszarze Information Security, który organizujemy wspólnie z ISSA Polska.

Jeśli jako uczestnik ankiety otrzymałeś od nas wiadomość powitalną wraz z dodatkowymi informacjami. Zapoznaj się z nimi.

Nie otrzymałeś maila powitalnego lub maila z hasłem, ale zgłaszałeś chęć udziału w badaniu? → Odezwij się do nas na adres agnieszka.wieladek@evention.pl, naprawimy problem.

Masz pytania? Zapoznaj się proszę z sekcją FAQ → <link>

Pozdrawiamy i dziękujemy za udział w projekcie,

ISSA Polska & CSO Council

List of roles and descriptions

Lista stanowisk w języku angielskim  

Roles listing:

Name Job type
SOC Analyst Alerts and incident handling within Security Operations Center
Digital Forensics Analyst / Threat Hunter / Malware Analyst Analysis of potential and actual data breaches
Pentester / Red Team / Offensive Security Finding and reporting system weaknesses
Security Analyst / Engineer Planning, implementing and maintaining IT security controls
Industrial Control Systems (ICS) Security Analyst / Engineer Planning, implementing and maintaining ICS security controls
Governance, Risk, Compliance Analyst / Auditor Risk assessment, policy and standards building, maintenance and auditing
Cloud Security Engineer / Architect Planning, implementing and maintaining Cloud security controls
Security Officer SME for supported business, projects &/or incidents handling/oversight
Security Manager Managing team of experts, escalation point, liaison between staff and upper management
CISO Owning security strategy, ensuring its alignment to business goals, responding to the board
Director Program &/or function management, cross-country scope, relationship with the business

Examples of activities, qualifications and experience. They are not exhaustive and may vary substantially depending on company scale, industry, country of origin, etc.

SOC Analyst
Job type: Alerts and incident handling within Security Operations Center
  Junior (Level 1) Middle (Level 2) Senior (Level 3)
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Monitors SIEM alerts
  • Manages and configures security monitoring tools
  • Prioritizes alerts or issues and performs triage to confirm a real security incident is taking place
  • Receives incidents and performs deep analysis
  • Correlates with threat intelligence to identify the threat actor, nature of the attack and systems or data affected
  • Decides on strategy for containment, remediation and recovery and acts on it
  • Day-to-day, conducts vulnerability assessments and penetration tests, and reviews alerts, industry news, threat intelligence and security data.
  • Actively hunts for threats that have found their way into the network, as well as unknown vulnerabilities and security gaps. When a major incident occurs, joins the Tier 2 Analyst in responding and containing it.
Qualification required
  • System administration skills
  • Web programming languages, scripting languages
  • Security certifications such as CISSP, CEH
Similar to Tier 1 analyst but with more experience including incident response. Advanced forensics, malware assessment, threat intelligence. White-hat hacker certification or training is a major advantage. Similar to Tier 2 analyst but with even more experience including high-level incidents. Experience with penetration testing tools and cross-organization data visualization. Malware reverse engineering, experience identifying and developing responses to new threats and attack patterns.
Digital Forensics Analyst / Threat Hunter / Malware Analyst
Job type: Analysis of potential and actual data breaches
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Identify unknown threats through threat hunting services
  • Conduct data breach and security incident investigations
  • Recover and examine data from computers and electronic storage devices
  • Dismantle and rebuild damaged systems to retrieve lost data
  • Identify additional systems/networks compromised by cyber attacks
  • Compile evidence for legal cases
  • Draft technical reports, write declarations and prepare evidence for trial
  • Give expert counsel to attorneys about electronic evidence in a case
  • Advise law enforcement on the credibility of acquired data
  • Support the investigation and contribution to large and small scale computer security breaches
  • Through review and analysis of cyber threats, provide both internal & external parties key information to respond to threat.
  • Work on improvements for provided security services, including the continuous enhancement of existing methodology material and supporting assets
  • Work with law enforcement and business partnerships internationally to investigate cyber crime and threat actors.
  • Collaborate with Business Partners in Risk & Fraud on cases, providing technical investigative capabilities.
  • Interact and assist other investigative teams within Visa on time sensitive, critical investigations.
  • Participate as part of a close team of technical specialists on coordinated responses and subsequent remediation of security incidents.
Qualification required
  • Operating systems (Windows/Unix)
  • Programming skills
  • Network skills, including TCP/IP-based network communications
  • Computer hardware and software systems
  • Computer hardware and software systems
  • Operating system installation, patching and configuration
  • Backup and archiving technologies
  • Cryptography principles
  • eDiscovery tools
  • Forensic software applications
  • Cloud computing
  • Big data analytics skills
  • Strong knowledge of malware families and network attack vectors.
  • Strong knowledge of Linux, Windows system internals.
  • Strong knowledge of web applications and APIs
Pentester / Red Team / Offensive Security
Job type: Finding and reporting system weaknesses
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Perform formal penetration tests on web-based applications, networks and computer systems
  • Conduct physical security assessments of servers, systems and network devices
  • Probe for vulnerabilities in web applications, fat/thin client applications and standard applications
  • Pinpoint methods that attackers could use to exploit weaknesses and logic flaws
  • Employ social engineering to uncover security holes (e.g. poor user security practices or password policies)
  • Research, document and discuss security findings with management and IT teams
  • Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
  • Provide feedback and verification as an organization fixes security issues
  • Design and create new penetration tools and tests
  • Review and define requirements for information security solutions
  • Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
Qualification required
  • Operating systems (Windows/Unix)
  • Programming skills
  • Network servers and networking tools
  • Computer hardware and software systems
  • Web-based applications
  • Cryptography principles
In addition:

  • Vulnerability analysis and reverse engineering
  • Security frameworks
  • Security tools and products
  • Metasploit framework
  • Forensics tools
In addition:

  • Ability to perform and coordinate system wide assessments
  • Reporting issues in management language
  • Certifications, such as OSCP, etc.
Security Analyst / Security Engineer
Job type: Planning, implementing and maintaining (mainly) IT security controls
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Maintain data and monitor security access
  • Perform vulnerability testing, risk analyses and security assessments
  • Manage network, intrusion detection and prevention systems
  • Deliver technical reports and formal papers on test findings
  • Maintain and operate cybersecurity technology and and provide expertise in area of focus
  • Provide awareness and guidance within Company's community on secure business processes, architecture design, and technical controls
  • Monitor and report on the effectiveness of information security controls and compliance with information security policies.
  • Develop automation scripts to handle and track incidents
  • Analyze security breaches to determine their root cause
  • Supervise changes in software, hardware, facilities, telecommunications and user needs
  • Create new ways to solve existing production security issues
  • Collaborate with colleagues on authentication, authorization and encryption solutions
  • Evaluate new technologies and processes that enhance security capabilities
  • Test security solutions using industry standard analysis criteria
  • Respond to information security issues during each stage of a project’s lifecycle
  • Train fellow employees in security awareness and procedures
  • Analyze and advise on new security technologies and program conformance
  • Configure and install firewalls and intrusion detection systems
Qualification required
  • Operating systems (Windows/Unix)
  • Programming skills
  • Network skills, including TCP/IP-based network communications
  • Computer hardware and software systems
In addition:

  • DLP, anti-virus and anti-malware
  • TCP/IP, computer networking, routing and switching
  • Windows, UNIX and Linux operating systems
  • Network protocols and packet analysis tools
  • C, C++, C#, Java or PHP programming languages
  • Cloud computing
In addition:

  • Understanding of rules and regulations pertaining to IT Security and Data Protection
  • ISO 27001/27002 standards plus ITIL and COBIT frameworks knowledge
Industrial Control Systems (ICS) Security Analyst / Engineer
Job type: planning, implementing and maintaining ICS security controls
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities Participation in the development of IT and OT infrastructure (ongoing maintenance of networks and servers as well as management of peripheral devices: e.g. PLC, HMI, operator panels, tablets)Performing security reviews and assessments of systems, networks, and processes/procedures in ICS environments. Management of MES / MOM systems (systems of implementation, monitoring and reporting of production: ongoing maintenance and user support)Supervision of the production data reporting system (MS SQL, Reporting Services: access management, failure removal)Supporting on the development of strategies and plans to mitigate emerging cyber threats Coordination of IT and OT/ICS systems integration at technical and process levelSecurity lifecycle management for multiple assets in the organization from acquisition and procurement to maintenance and decommissioning Setting up security policies and procedures development (e.g., exceptions, exemptions, requirements) Acting as subject matter expert in Industrial Automation and Control Systems security
Qualification required Basic understanding of the general Networking and Security Fundamentals on the plant floor as well of all the base practices. Understanding of Industrial Networks and AutomationKnowledge of OT network protocols: Modbus, Profibus, OPCUA, FieldbusKnowledge of IT network protocols:DNS, DHCP, TCP/IP, UD Knowledge of the security concepts, such as network segmentation, defense in depth, In addition: Wireless security (e.g., Wi-Fi, wireless sensors, wireless gateways, controllers) Ability to review configurations of ICS (e.g. HMIs, engineering software, PLCs, etc.), identify best practices for backup and recovery of ICS, and understand industrial protocols.Good general technical knowledge: Applications technologies, networks, protocols, databases, operating systems (Windows/Linux)Experience in implementing security controls, hardening, and technologies in automation systems and networks.Good knowledge of Microsoft SQL and other database technologies In addition: Strong technical ICS experience and risk management (+ 5 years) Cybersecurity certifications (e.g.: CISSP, SSCP, CySa+)ICS Security Certifications (e.g SANS GICSP, ISA/IEC 62443)Good knowledge of global security standards, practices, and regulations (e.g. IEC/ISA 62443, NIST 800-82, ISO 27000) and Specialist
Governance, Risk, Compliance Analyst / Auditor
Job type: Risk assessment, policy and standards building, maintenance and auditing
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Implement, maintain, and oversee an effective technology risk oversight framework. Leverage knowledge of the industry, technologies, and product types to ensure effective management of risk
  • Actively identify, assess, respond and escalate risks. Identify gaps and inform solutions identified resulting from inadequate internal processes, systems or human errors
  • Participate in presentations and workshop sessions on Cybersecurity risk management activities, process analysis, risk identification, assessment, control, and mitigation
  • Conduct internal and external security audits
  • Serve as a liaison, collaborating and interfacing with risk partners and other second-line enterprise risk management functions to drive meaningful technology-risk reductions and escalation of risks, as needed.
  • Comprehensively assess risks and gather insights from issues and events across technology business areas to provide an aggregated risk assessment. Design, implement, and/or influence internal governance processes (includes reporting, issue management, policy/standard review, risk identification, risk assessments, and risk monitoring).
  • Review technology and risk management processes; examine documentation and flow to identify ways to improve and streamline risk mitigation processes. Where required by internal policies or external agencies, develop documentation of reports. This also includes developing, contributing to, and monitoring metrics and reporting (e.g., management reporting, internal reporting, etc.).
  • Directly confer with business unit management and staff by scoping business problems, analyzing processes, risk exposure and sharing lessons learned. Identify problem drivers
  • Partner with second-line risk management functions to help ensure proper execution of established frameworks, policies, standards, strategies (including risk appetite, RCSA).
Qualification required
  • Knowledge of IT Security hardware, software and solutions
  • Understanding of rules and regulations pertaining to IT Security and Data Protection
  • ISO 27001/27002 standards plus ITIL and COBIT frameworks knowledge
  • Experience using computer operating systems such as MS Windows, UNIX/Linux
In addition:

  • Database platforms
  • Data analysis software
  • Network penetration and testing tools
  • Hardware and software firewalls and intrusion detection protocols
In addition:

  • Ability to perform and coordinate company wide audits
  • Reporting issues in management language
  • Relevant certifications
Cloud Security Engineer / Architect
Job type: Planning, implementing and maintaining Cloud security controls
Junior Middle Senior
Typical experience in role 0-2 years 3-5 years 5+ years
Main activities
  • Participates in the implementation and design of Cloud environments within his or her organization
  • Collaborates with application developers and administrators for Cloud environments to deliver solutions that meet business and security requirementss
  • Employs cloud-based APIs when suitable to write network/system level tools for safeguarding Cloud environments
  • Stay abreast of emerging security threats, vulnerabilities and controls focused but not restricted to Cloud
  • In addition: directs and influences multi-disciplinary teams in implementing and operating security controls in the Cloud
  • Provides subject matter expertise on information security architecture and systems engineering to other IT and business teams
  • In addition: provides efforts that shape the organization’s security policies and standards for use in cloud environments
  • Interprets security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers
Qualification required
  • Familiarity with Cloud provider ecosystems like Amazon AWS, Google Cloud Platform and Microsoft Azure
  • Practical knowledge of AWS, Google and Azure foundation services related to compute, network, storage, content delivery, administration and security, deployment and management, automation technologies
  • Basic knowledge of micro services programming (AWS Lambda, Docker, etc.)
  • Basic knowledge of Cloud security frameworks like CSA (Cloud Security Alliance) and NIST 800-210
  • Holds entry-level vendor provided Cloud security certifications
  • In addition: DevOps know-how building and deploying infrastructure with cloud deployment, build and test automation technologies like Ansible, Chef, Puppet, Docker, Jenkins, etc.
  • Experience architecting, designing, and programming applications and ample experience in high level programming languages such as C++, C#, Java, Python, Visual Basic
  • Familiarity using Cloud vendor’s security solutions such as EC2, DynamoDB, API Gateway, RDS, Lambda, CloudFront, CloudFormation, CloudWatch, Route 53, etc.
  • Holds one or more Cloud security certifications like Cloud+ or CCSK
  • Capability architecting highly available systems that utilize load balancing, horizontal scalability and high availability
  • Understanding of complex enterprise environments and current technology in the Cloud
  • Holds one or more advanced Cloud security certifications like GCSA or CCSP

 

Security Officer
Job type: SME for supported business, projects &/or incidents handling/oversight
Security Manager
Job type: Managing team of experts, escalation point, liaison between staff and upper management
Main activities

  • Serves as subject matter expert for guidance, direction, and oversight for company’s information security policies.
  • Serves a project manager or project leader for information security projects
  • Serves as the subject matter expert for providing technical expertise and support for security software.
  • Manages and oversees the processes and outcomes for multiple interrelated security incidents, recoveries, breaches, intrusions, and system abuses. Ensures security incidents are resolved timely and appropriately.
  • May lead and conducts multiple, complex and inter-dependent risk analyses of company’s information security architecture, focusing on threats and vulnerabilities affecting company’s hardware and software components, with the objective of proactively mitigating threats throughout our infrastructure.

Qualification required

  • Must possess strong knowledge of business, information security and/or computer science
  • CISSP &/or CISA 7/or other certifications are welcome

Typical experience in role 0-5 years

Main activities

  • Manage a diverse team of security administrators, analysts and IT professionals
  • Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
  • Create and execute strategies to improve the reliability and security of IT projects
  • Define, implement and maintain corporate security policies and procedures
  • Spearhead vulnerability audits, forensic investigations and mitigation procedures
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Institute organization-wide training in security awareness, protocols and procedures
  • Assess, test and select new security products and technologies
  • Prepare cost estimates and identify integration issues
  • Administer department budgets and staff schedules

Qualification required

  • Must possess strong knowledge of business, information security and/or computer science
  • CISSP &/or CISA 7/or other certifications are welcome

Typical experience in role
5+ years

Director
Job type: Program &/or function management, cross-country scope, relationship with the business
CISO
Job type: Owning security strategy, ensuring its alignment to business goals, responding to the board
Main activities
Information security strategy and drive governance and program execution across the organization, including security operations, cyber threat intelligence, risk mitigation, security architecture, and program management. They will be the primary liaison and change agent for all security matters associated with information technology. The Director will oversee and develop a collaborative team and supporting processesQualification required
Technical knowledge of different types of hardware and software;
Regulatory compliance knowledge, including HIPAA, SOX, PCI, NIST and GLBA;
Understanding of laws concerning data acquisition, protection and transmission;
Information Technology Infrastructure Library (ITIL), COBIT, ISO and other applicable IT management methods and toolsets;
Standard enterprise and personal operating systems, such as Windows, Linux, Mac OS and UNIX;
Familiarity with multiple software types at the application and enterprise levels;
Protection systems against malware, hacking and other threats;
Policies and procedures for secure computing;
Risk assessment experience;

Typical experience in role
5-10 years

Main activities
A CISO is the executive-level manager who directs strategy, operations and the budget for the protection of the enterprise information assets and manages that program. The scope of responsibility will encompass communications, applications and infrastructure, including the policies and procedures which apply.Qualification required
Successful CISO’s will bring strong leadership and people management abilities. In their executive role, they must use strategic thinking to identify risks and trends and stay ahead of the threats to the environment they protect. To do this they must be able to understand multiple complex systems and technology at a detail level in a constantly changing threat environment. Plans and ad hoc responses must dovetail with the company strategy and budget. Excellent communication, documentation and presentation skills will speed acceptance and support for their recommendations and plans.

Typical experience in role
10+ years

Base job description framework taken from:

and then amended for the needs of this research from multiple reputable job board sources.

FAQ

  1. JAKI JEST CEL ANKIETY? CO CHCEMY OSIĄGNĄĆ?
    Chcemy, aby wyniki ankiety były wartościowym źródłem danych w procesach decyzyjnych w naszych organizacjach. Tworzymy zestawienie, które będzie bazowało na reprezentatywnej grupie badawczej. Chcemy również pokazać, że dzielenie się tego typu informacjami w ramach CSO Council może przynieść wartość dla nas wszystkich.
  2. CZY ANKIETA JEST ANONIMOWA?
    Proces zbierania danych jest z założenia anonimowy. Na żadnym etapie procesu pozyskane informacje nie będą powiązane z konkretną organizacją. Nie będziemy też pytać o informacje naruszające anonimowość. Z tego powodu prosimy również o wypełnianie ankiety z ‘neutralnych’ łącz internetowych tj. konsumenckich operatorów publicznych lub łącz telefonii komórkowej. Niezależnie od tego, adres IP z którego wypełniana jest ankieta, nie będzie przez organizatorów przetwarzany w sposób naruszający anonimowość.
  3. PYTANIA WPROWADZAJĄCE – MIASTO
    Pytania wprowadzające służą odpowiedniemu zaszeregowaniu deklaracji wynagrodzeń oraz poprawnej analizie danych w późniejszym czasie. Są to pytania kluczowe, dzięki którym jesteśmy w stanie odpowiednio pogrupować odpowiedzi. Pytania 2 i 3 – WAŻNE – jeśli Twoja organizacja zatrudnia pracowników w obszarze Information Security w więcej niż jednym mieście Polski, oraz różnicuje wynagrodzenia względem miejsca zatrudnienia – wypełnij proszę ankietę wielokrotnie, za każdym razem deklarując miasto zgodne z wprowadzanymi danymi wynagrodzeń (odpowiadając na pytania 2 oraz 3 twierdząco, ankieta w kolejnym pytaniu wymusi deklarację miasta, którego dotyczą wynagrodzenia).
  4. MAM KŁOPOT Z PRZYPISANIEM STANOWISKA ISTNIEJĄCEGO W MOJEJ ORGANIZACJI DO STANOWISKA W ANKIECIE.
    Stanowiska zostały opisane w sposób ułatwiający identyfikację stanowiska w organizacji. Rozumiemy, iż specyfika i różnorodność wielu firm może powodować trudności w poprawnym przypisaniu stanowiska. Jeśli ankietowany jest w stanie przypisać dane stanowisko do profilu w zdecydowanej większości, uznaje się, że jest to poprawne przypisanie. Prosimy nie uwzględniać wynagrodzeń stanowisk, w których takie przypisanie nie jest możliwe.
  5. CZY MOGĘ WYPEŁNIĆ ANKIETĘ WIĘCEJ NIŻ RAZ?
    Uprzejmie prosimy o wypełnienie ankiety tylko raz poza wyjątkiem z pytania nr 3. Nie planujemy wprowadzać ograniczeń technologicznych, ale wielokrotne wypełnienie ankiety obniży reprezentatywność wyników.
  6. JAK POPRAWNIE WYLICZYĆ WYNAGRODZENIE PODSTAWOWE?
    Dla celów naszej analizy poprzez wynagrodzenie podstawowe należy rozumieć miesięczną kwotę wynagrodzenia brutto za pracę bez uwzględniania bonusa i dodatków.
  7. JAK POPRAWNIE WYLICZYĆ BONUS?
    Dla celów naszej analizy poprzez wartość bonusa należy rozumieć % rocznego wynagrodzenia brutto, przy założeniu wywiązania się z podstawowych obowiązków służbowych. Bonus nie jest świadczeniem gwarantowanym.
  8. JAK POPRAWNIE ZADEKLAROWAĆ DODATKI?
    Dodatki są benefitami pozapłacowymi, które nie są składnikami wynagrodzenia podstawowego oraz bonusa. Ankieta pozwala zaznaczyć dwa najpopularniejsze dodatki, tj. samochód służbowy lub jego ekwiwalent oraz pakiet akcji lub ich ekwiwalent pieniężny. Ankietowany ma również możliwość deklaracji pozostałych dodatków poprzez użycie pola ‘inne’. Deklarując ‘dodatki’ nie kwantyfikujecie ich do wartości kwotowej. Prosimy również nie uwzględniać niskokwotowych dodatków, które aktualnie występują powszechnie, tj. opieka medyczna, karta sportowa i ubezpieczenie grupowe.
  9. CZY BĘDĘ MIAŁA/MIAŁ DOSTĘP DO WYNIKÓW ANKIETY?
    Tak, zbiorcze wyniki ankiety wraz analizą danych będą udostępnione wszystkim uczestnikom przedsięwzięcia.
  10. CZY BĘDĘ MOGŁA/MÓGŁ UDOSTĘPNIĆ WYNIKI ANKIETY W SWOJEJ FIRMIE?
    Tak, wyniki ankiety udostępnimy bez ograniczeń użycia ich w codziennej pracy. Prezentacja wyników w formie pisemnej będzie jedynie wymagała uwzględnienie źródła pochodzenia danych.

© 2024 | Strona korzysta z plików cookies. Przeglądanie strony oznacza akceptację.