FirstHR

Free Cyber Security Job Description Templates

Free cyber security job description templates: security analyst, specialist, engineer, SOC analyst, and first security hire. Download as DOCX.

Nick Anisimov

Nick Anisimov

FirstHR Founder

Hiring
16 min

Cyber Security Job Description Templates

5 free templates by role. Download as DOCX or copy-paste.

Cyber security is one of the hardest roles to hire for, with demand far outstripping supply and pay among the highest in tech. The job description is where you make the role clear and attract the right person. Cyber security is a broad umbrella, though: an information security analyst, a SOC analyst, a security engineer, a specialist, and a first security hire at a growing company do very different work. A specific posting filters for the person who fits both the role and the reality of your business, and getting the role right is the single most important decision you make.

At FirstHR, we build for small and growing businesses that hire without an HR department. Before the templates, one honest note: most small businesses do not hire a dedicated security professional at all, and instead outsource to a managed provider or upskill existing IT staff. If you have decided an in-house hire is right, the five templates below cover the most common roles: information security analyst, cyber security specialist, senior security engineer, SOC analyst, and a first security hire version. Fill in the bracketed fields, adjust to match your business, and post. For the general principles behind any posting, the guide to writing a job description covers the fundamentals.

TL;DR
Five free, ready-to-use cyber security job description templates by role: Information Security Analyst, Cyber Security Specialist, Senior Security Engineer, SOC Analyst, and a First Security Hire version. Download as DOCX, customize, and post in minutes. First, decide whether to hire in-house or outsource to an MSP, since most small businesses outsource. Then match the template to the specific role and level you need.

What Is a Cyber Security Job Description?

A cyber security job description is a document that explains a security role's purpose, responsibilities, qualifications, and pay so you can post a job and attract the right candidates. It typically covers a job summary, key responsibilities, required and preferred qualifications, the salary range, and how to apply. The SHRM job description tools describe a job description as a plain-language tool that explains the tasks, duties, and responsibilities of a position, and that standard applies whether you are a large enterprise or a growing small business.

People search cyber security job description and cybersecurity job description for the same thing: a clear description of a security role. Because the title spans monitoring SOC analysts to senior security engineers, the most important job of the description is to make the specific role and level unmistakable. If you need general technology support rather than dedicated security defense, the software engineer job description templates may fit better. For the wider hiring process at a small company, see the small business hiring guide.

Which Template Should You Use?

Pick the template that matches the specific cyber security role you need. The core structure is the same across all five, but each one emphasizes the responsibilities, experience, and language that fit a specific kind of role. Use this guide to choose.

Information Security Analyst
Most common
The standard baseline. Monitoring, incident response, security tools, and compliance support. Start here if your role does not fit a specific type below.
Cyber Security Specialist
Hands-on defense
Implements and manages security controls, monitors for attacks, and responds to incidents. For a hands-on defender who also improves your posture.
Senior / Lead Security Engineer
Architecture and leadership
Designs secure systems, builds tooling, leads incident response, and mentors engineers. For an experienced engineer ready to own architecture.
SOC Analyst
Monitoring and response
Watches alerts, triages events, and responds from a security operations center. For a vigilant analyst focused on monitoring and incident triage.
First Security Hire
Growing tech company
A versatile generalist who builds the security program from scratch and reports to the CTO. The differentiating version for a growing tech company.
Match the Template to the Role
The fastest way to choose is by focus and seniority. Broad monitoring and response? Information Security Analyst. Hands-on controls and defense? Specialist. Designing secure systems and leading? Senior Security Engineer. Watching alerts in a SOC? SOC Analyst. Your first dedicated security hire at a growing tech company? First Security Hire.

5 Free Cyber Security Job Description Templates

Download all five as a single Word document or copy individual templates. Each one follows the same structure: company overview, job summary, key responsibilities, qualifications, compensation, and how to apply. Fill in the brackets before you post.

Download All 5 Job Description Templates
Security analyst, specialist, engineer, SOC analyst, and first security hire. All in one DOCX.

Template 1: Information Security Analyst (Standard)

The standard baseline. Monitoring, incident response, security tools, and compliance support. Use this if your role does not fit cleanly into a specific type.

Information Security Analyst Job Description (Standard)
INFORMATION SECURITY ANALYST JOB DESCRIPTION
Company: __
Location: __ ([ ] On-site [ ] Hybrid [ ] Remote)
Reports to: IT Manager / CISO / CTO
Employment type: [ ] Full-time
Salary range: $_____ to $_____ per year
ABOUT [COMPANY NAME]
[One or two sentences about your business and what makes it a good place to work.]
JOB SUMMARY
[Company Name] is hiring an Information Security Analyst to protect our systems,
networks, and data. You will monitor for threats, respond to incidents, run
security tools, and help keep the business secure and compliant. This role suits
an analytical, detail-oriented professional who stays current on security threats.
KEY RESPONSIBILITIES
Monitor networks and systems for security threats
Investigate and respond to security incidents
Run and maintain security tools (firewalls, antivirus, SIEM)
Perform vulnerability scans and recommend fixes
Manage access controls and user permissions
Maintain security policies and documentation
Support compliance with relevant standards
Train staff on security awareness
REQUIRED QUALIFICATIONS
Bachelor's degree in computer science, IT, or related field
Experience in information security or IT
Knowledge of networks, systems, and security tools
Understanding of threats, vulnerabilities, and controls
Strong analytical and problem-solving skills
PREFERRED QUALIFICATIONS
Security certifications (CompTIA Security+, CISSP, CEH)
Experience with cloud security or compliance frameworks
COMPENSATION AND HOW TO APPLY
Salary range: $_____ to $_____ per year
Benefits: __
To apply, send your resume to __.
[Company Name] is an equal opportunity employer.

Template 2: Cyber Security Specialist

Implements and manages security controls, monitors for attacks, and responds to incidents. For a hands-on defender who also improves your posture.

Cyber Security Specialist Job Description
CYBER SECURITY SPECIALIST JOB DESCRIPTION
Company: __
Location: __
Reports to: IT Manager / Security Lead / CISO
Employment type: [ ] Full-time
Salary range: $_____ to $_____ per year
JOB SUMMARY
[Company Name] is hiring a Cyber Security Specialist to defend our systems and
data against threats. You will implement and manage security controls, monitor for
attacks, respond to incidents, and help build our security posture. This role
suits a hands-on security professional who can both defend and improve our systems.
KEY RESPONSIBILITIES
Implement and manage security controls and tools
Monitor for, detect, and respond to threats
Configure firewalls, endpoint protection, and access controls
Conduct vulnerability assessments and remediation
Investigate incidents and document findings
Help develop and enforce security policies
Support audits and compliance requirements
Keep current on the threat landscape
REQUIRED QUALIFICATIONS
Bachelor's degree in IT, computer science, or related field
Hands-on cyber security or IT security experience
Strong knowledge of security tools and controls
Familiarity with networks, systems, and cloud
Strong analytical and communication skills
PREFERRED QUALIFICATIONS
Certifications (Security+, CISSP, CEH, CISM)
Experience with incident response or SIEM
COMPENSATION AND HOW TO APPLY
Salary range: $_____ to $_____ per year
Benefits: __
To apply, send your resume to __.
[Company Name] is an equal opportunity employer.
Still Using Spreadsheets for Onboarding?
Automate documents, training assignments, task management, and track onboarding progress in real time.
See How It Works

Template 3: Senior / Lead Security Engineer

Designs secure systems, builds tooling, leads incident response, and mentors engineers. For an experienced engineer ready to own architecture.

Senior / Lead Security Engineer Job Description
SENIOR / LEAD SECURITY ENGINEER JOB DESCRIPTION
Company: __
Location: __
Reports to: CISO / CTO / VP Engineering
Employment type: [ ] Full-time
Salary range: $_____ to $_____ per year
JOB SUMMARY
[Company Name] is hiring a Senior Security Engineer to lead our security
engineering and architecture. You will design secure systems, lead incident
response, build security tooling and automation, and guide other engineers. This
role suits an experienced security engineer ready to own architecture and lead.
KEY RESPONSIBILITIES
ARCHITECTURE AND ENGINEERING
Design and build secure systems and infrastructure
Build security tooling, automation, and monitoring
Lead vulnerability management and remediation
LEADERSHIP AND RESPONSE
Lead incident response and investigations
Set security standards and review architecture
Mentor engineers and guide secure development
OVERSIGHT
Partner with leadership on security strategy
Support compliance, audits, and risk management
REQUIRED QUALIFICATIONS
Bachelor's degree in computer science or related field
Several years of security engineering experience
Strong knowledge of secure architecture and cloud security
Experience with incident response and automation
Strong leadership and communication skills
PREFERRED QUALIFICATIONS
Advanced certifications (CISSP, OSCP, CCSP)
Experience leading a security function
COMPENSATION AND HOW TO APPLY
Salary range: $_____ to $_____ per year
Benefits: __
To apply, send your resume to __.
[Company Name] is an equal opportunity employer.

Template 4: SOC Analyst

Watches alerts, triages events, and responds from a security operations center. For a vigilant analyst focused on monitoring and incident triage.

SOC Analyst Job Description
SOC ANALYST JOB DESCRIPTION (SECURITY OPERATIONS CENTER)
Company: __
Location: __
Reports to: SOC Lead / Security Manager
Employment type: [ ] Full-time
Shift: [ ] Day [ ] Evening [ ] Night [ ] Rotating
Salary range: $_____ to $_____ per year
JOB SUMMARY
[Company Name] is hiring a SOC Analyst to monitor and defend our environment from
our security operations center. You will watch alerts, triage and investigate
events, escalate incidents, and help keep our systems secure around the clock.
This role suits a vigilant, detail-oriented analyst who thrives on monitoring and
response.
KEY RESPONSIBILITIES
Monitor security alerts and dashboards (SIEM)
Triage, investigate, and escalate security events
Respond to and document security incidents
Analyze logs and identify suspicious activity
Follow incident response playbooks
Tune detection rules to reduce false positives
Support threat hunting and reporting
Hand off and escalate per SOC procedures
REQUIRED QUALIFICATIONS
Associate or bachelor's degree, or equivalent experience
Knowledge of security monitoring and SIEM tools
Understanding of networks, logs, and common attacks
Strong attention to detail and analytical skills
Willingness to work shifts if required
PREFERRED QUALIFICATIONS
Certifications (Security+, CySA+, GCIH)
Prior SOC or monitoring experience
COMPENSATION AND HOW TO APPLY
Salary range: $_____ to $_____ per year
Benefits: __
To apply, send your resume to __.
[Company Name] is an equal opportunity employer.

Template 5: First Security Hire (Growing Tech Company)

A versatile generalist who builds the security program from scratch and reports to the CTO. Built for a growing tech company making its first dedicated security hire.

First Security Hire Job Description (Growing Tech Company)
CYBER SECURITY JOB DESCRIPTION (FIRST SECURITY HIRE / GROWING TECH COMPANY)
Company: __
Location: __ ([ ] On-site [ ] Hybrid [ ] Remote)
Reports to: CTO / Founder
Employment type: [ ] Full-time
Salary range: $_____ to $_____ per year
ABOUT THE ROLE
[Company Name] is a growing tech company hiring our first dedicated security
person. As our first security hire, you will build our security program from the
ground up: defining policies, securing our systems and product, setting up
monitoring, and guiding the team. Reporting to the CTO, you will wear many hats and
shape how we protect the business. This role suits a versatile, self-directed
security professional who likes building from scratch.
WHAT YOU WILL DO (MULTIPLE FUNCTIONS)
BUILD THE FOUNDATION
Define security policies, standards, and practices
Secure our systems, cloud, and product
Set up monitoring, logging, and alerting
DEFEND AND RESPOND
Monitor for and respond to threats and incidents
Run vulnerability management and remediation
Manage access controls and security tools
GUIDE THE TEAM
Build security awareness across the company
Guide engineers on secure development
Support compliance as the business grows
REQUIRED QUALIFICATIONS
Bachelor's degree in computer science or related field
Broad security experience across multiple areas
Comfort working independently without a security team
Strong knowledge of cloud and application security
Clear communication with technical and non-technical staff
PREFERRED QUALIFICATIONS
Security certifications (CISSP, Security+, CCSP)
Startup or small-company experience
COMPENSATION AND HOW TO APPLY
Salary range: $_____ to $_____ per year
Benefits: __
To apply, send your resume to __.
[Company Name] is an equal opportunity employer.
Companies Using FirstHR Onboard 3x Faster
Join hundreds of small businesses who transformed their new hire experience.
See It in Action

Cyber Security Duties and Responsibilities

A cyber security professional protects systems and data from threats. The duties fall into four broad categories. A good job description picks the specific duties from each category that apply to your business and the role's level rather than listing every possible task.

Monitoring
Monitor networks and systems
Watch alerts and dashboards
Analyze logs for threats
Response
Investigate security incidents
Respond and contain threats
Document and report findings
Protection
Manage firewalls and controls
Run vulnerability scans
Manage access and permissions
Governance
Maintain security policies
Support compliance and audits
Train staff on awareness

The mix shifts by role: a SOC analyst weighs heavily toward monitoring and triage, while a security engineer focuses on architecture and protection. At a growing company, the first security hire usually covers all four categories and builds the program from scratch. For help scoping the role precisely before you write the posting, the guide to defining job responsibilities walks through a simple process.

Cyber Security Roles Compared

Security titles map to clear differences in focus, seniority, and pay. This table helps you match the role to your need and set the right experience and salary.

TraitAnalystEngineerSOC Analyst
Monitors and responds to threats
Designs and builds secure systems
Focuses on alert triage and monitoring
Leads and mentors other engineers
Common entry point into security

An analyst handles broad detection and response, an engineer designs and builds secure systems and leads, and a SOC analyst focuses on monitoring and triage. Most organizations hire analysts or SOC roles first and add engineers as the function grows. Title the role to match the real work, since that drives both pay and the experience you attract.

Should You Hire or Outsource Cyber Security?

Before you post any of these, decide whether an in-house hire is right for you. For many small businesses, it is not, and that is a sensible choice rather than a gap. The broader question of how to staff HR and operations functions at a small company is covered in the guide to small business HR.

Most small businesses outsource security, not hire it
A dedicated security professional is expensive, and demand far outstrips supply. For most businesses under 50 to 100 people, a managed security provider (MSP or MSSP), a fractional or virtual CISO, or upskilling an existing IT person is more practical than a full-time hire. If that fits you, you may not need this job description yet. Hire in-house when security becomes core to your product or risk, not by default.
Hire in-house when security is core to the business
A full-time security hire makes sense when you handle sensitive data at scale, sell to enterprise customers who demand it, face heavy compliance, or build a product where security is a feature. Growing tech companies often reach this point and make a first security hire who builds the program from scratch. The first-security-hire template here is written for exactly that moment.
Name the specific role, not just security
Cyber security spans analysts, specialists, engineers, and SOC roles, and they are different hires with different skills and pay. A monitoring SOC analyst is not a security architect. Decide the specific role and level you need before you post, since that sets the experience, certifications, and salary, and attracts candidates who actually fit.

Skills and Requirements

Most cyber security roles value analytical thinking, knowledge of security tools and networks, and the ability to detect and respond to threats. Beyond that, requirements shift by role, and the strongest postings use concrete language and realistic requirements in a tight market.

Weak bulletStrong bullet
Handle securityMonitor networks and systems for security threats
Deal with attacksInvestigate and respond to security incidents
Use security toolsRun firewalls, endpoint protection, and SIEM tools
Find problemsPerform vulnerability scans and recommend fixes
Know securityUnderstand threats, vulnerabilities, and security controls

Specific, measurable duties attract candidates who can actually do the work and signal a serious employer. Keep the language neutral and inclusive too, since the EEOC prohibits job advertisements that show a preference based on protected characteristics. For recognized tasks and skills you can borrow, the O*NET profile for information security analysts lists standard responsibilities and work activities.

Cyber Security Pay

Cyber security pay is high and rising because demand far exceeds supply. Set your range using government data as a baseline, adjusted for role, experience, and industry.

Cyber Security Pay (BLS)
The U.S. Bureau of Labor Statistics reports a median annual wage of about $124,910 for information security analysts in May 2024, with the lowest 10 percent under $69,660 and the highest 10 percent over $186,420. Employment is projected to grow 29 percent from 2024 to 2034, the fastest among computer occupations, with about 16,000 openings projected each year (U.S. Bureau of Labor Statistics).

Position your range against the role and level: entry-level and SOC analyst roles sit toward the lower end, while senior engineers and specialized roles earn well above the median, especially in tech, finance, and consulting. Always publish a range. It is now legally required in many states and a competitive range is essential in this market. Federal wage and hour rules also apply, so review the basics in the Department of Labor FLSA standards before you set pay and classify the role.

From Hiring to Onboarding

The job description is step one. Once a candidate accepts, the same document becomes the foundation for the offer and the onboarding plan. A security hire needs careful onboarding because they get privileged access to your most sensitive systems and data early, and they quickly become central to protecting the business.

Send a clear offer, have them sign confidentiality and security agreements, collect signed paperwork, and set up appropriate access following least-privilege principles. Walk through your systems, policies, and tools in the first weeks. Once you have your offer ready, an onboarding template gives your new hire a structured start, and the employment contract template covers the formal agreement and confidentiality terms. FirstHR connects the offer, e-signature on agreements, paperwork, and onboarding workflow in one place, so a growing business can manage the full process without a dedicated HR department.

Keeping signed agreements and access records on file matters for a security role, so the guide to HR document management explains how to organize personnel files even without an HR team. As you build out the team, the guide to building an org chart helps you map where the security role fits and who they report to.

Key Takeaways
Cyber security is an umbrella; the most important choice is the specific role and level you need.
Most small businesses outsource security to an MSP or upskill IT, rather than hiring full-time.
Use the template that matches the role: analyst, specialist, engineer, SOC analyst, or first security hire.
Write concrete duties grouped by monitoring, response, protection, and governance.
Treat advanced certifications like CISSP as preferred, not required, since demand outstrips supply.
Pay is high: the BLS reports a median of about $124,910 a year for information security analysts.

Frequently Asked Questions

What does a cyber security professional do?

A cyber security professional protects an organization's systems, networks, and data from threats. Core duties include monitoring for attacks, investigating and responding to incidents, running security tools like firewalls and SIEM, performing vulnerability scans, managing access controls, maintaining security policies, and supporting compliance. The specifics depend on the role. An information security analyst handles broad monitoring and response, a SOC analyst focuses on alert triage, a security engineer designs and builds secure systems, and a specialist implements hands-on controls. A clear job description tells candidates which security role and level you are hiring for, which is the most important choice you make.

What should a cyber security job description include?

A strong cyber security job description includes a job summary, key responsibilities, required and preferred qualifications, a salary range, and how to apply. Responsibilities should be concrete: monitor networks for threats, respond to security incidents, and run vulnerability scans. Separate must-have skills like security tools and networking knowledge from preferred credentials like CISSP or Security+. Name the specific role and level, since an analyst, SOC analyst, engineer, and specialist differ significantly in scope and pay. Be clear about the work, since over-specifying certifications shrinks your applicant pool in a field where demand already outstrips supply.

What is the difference between a cyber security analyst and a security engineer?

A cyber security analyst monitors, detects, and responds to threats, while a security engineer designs and builds the systems that prevent them. An analyst watches for attacks, investigates incidents, runs scans, and supports compliance, often a detection-and-response role. A security engineer is more senior and technical: they architect secure systems, build security tooling and automation, lead incident response, and guide other engineers on secure development. Most organizations hire analysts first and add engineers as the security function grows. Match the title to the actual work and seniority, since the experience and pay differ substantially between the two.

Does a small business need to hire a cyber security professional?

Usually not a full-time one. A dedicated security professional is expensive and in short supply, so most businesses under 50 to 100 people outsource security to a managed provider (MSP or MSSP), use a fractional or virtual CISO, or upskill an existing IT person. A full-time in-house hire makes sense when security becomes core to your business: when you handle sensitive data at scale, sell to enterprise customers who require it, face heavy compliance, or build a product where security is a feature. Growing tech companies often reach this point and make a first security hire. Decide based on your risk and needs, not by default.

What certifications should a cyber security hire have?

Common cyber security certifications include CompTIA Security+ for entry and mid-level roles, CISSP for experienced professionals, CEH for ethical hacking, CISM for security management, and CySA+ or GCIH for analysts. Certifications signal validated knowledge and are widely requested, but requiring advanced ones narrows your applicant pool in a tight market. For most roles, list a relevant certification as preferred rather than required, alongside a degree and hands-on experience. Reserve advanced requirements like CISSP for senior or lead roles. Many capable security professionals build skills through experience and entry-level certifications, so keep requirements realistic to attract strong candidates.

What is the salary range for a cyber security role?

Cyber security pay is high because demand far outstrips supply. The U.S. Bureau of Labor Statistics reports a median annual wage of about $124,910 for information security analysts in May 2024, with the lowest 10 percent under $69,660 and the highest 10 percent over $186,420. Entry-level and SOC analyst roles sit toward the lower end, while senior engineers and specialized roles earn well above the median, especially in tech, finance, and consulting. Employment is projected to grow 29 percent through 2034, the fastest among computer occupations. Always state a salary range, since pay transparency is required in many states and a competitive range is essential in this market.

What is the difference between cyber security and IT?

IT (information technology) is the broad function of running and supporting an organization's technology, while cyber security is the specialized discipline of protecting that technology from threats. An IT professional sets up systems, manages networks, supports users, and keeps technology running. A cyber security professional focuses specifically on defending systems and data: monitoring for attacks, responding to incidents, managing security controls, and reducing risk. In small businesses, one IT person may handle both, but as security needs grow, organizations add dedicated security roles. If you need general technology support rather than security defense, you are likely hiring for an IT or software role instead.

What happens after I hire a cyber security professional?

Once a candidate accepts, the job description becomes the basis for the offer and onboarding. A security hire needs careful onboarding because they get privileged access to your most sensitive systems and data early. Send a clear offer, have them sign confidentiality and security agreements, collect signed paperwork, and set up appropriate access following least-privilege principles. Walk through your systems, policies, and tools in the first weeks. FirstHR handles the offer, e-signature on agreements, document collection, and onboarding workflow in one place, so a growing company can move a new security hire from offer to productive without a dedicated HR department, even though the security work itself stays with your technical team.

Ready to transform your onboarding?

7-day free trial No credit card required
Start Your Free Trial

Related Articles

Hiring

Free Software Engineer Job Description Templates

Hiring

Free Data Entry Job Description Templates

Templates

Free Employee Onboarding Template for Small Business