Hays US Blog

Hays US Viewpoint

Your career is a journey with many opportunities to explore. As a trusted partner, we guide thousands of professionals and employers through every step of their way. From industry specific insights, interview preparation, to team management and in-demand jobs – we’ve got you covered.


5 Hot Niche Cyber Security Jobs in the U.S.

By: Christine Wright, Senior Vice President, Hays U.S. on Jan 25th, 2021

This year, there will be an estimated 3.5 million unfilled cybersecurity positions. Meanwhile, less than 25 percent of applicants are qualified for these roles. In other words, there’s a strong demand for qualified, experienced cyber security professionals, so individuals with the right background and experience should consider making a move into this exciting industry. Here are a few niches to consider.

Incident Response Specialists

What do you do?

This entry level role is a great way to get started in the cybersecurity world. Incident response specialists spend their day monitoring the company’s network, logging any potential breaches, and addressing or escalating them. Incident response analysts also work on searching for vulnerabilities in the enterprise system, running tests, and developing response strategies.

Why is this role important?

Cyber criminals are crafty and dynamic. Every time companies patch up a vulnerability or develop a protection strategy, hackers find a new way in. They can also attack from anywhere in the world and at any time. As a result, incident response specialists play an important role in keeping the enterprise secure.

Which skills do you need?

Incident response analysts need a professional background or training in IT or networking. They’ll also need to know how to work their way around tools of the trade such as system monitoring tools and backup tools. They’ll also need to have an understanding of how to work with different environments (e.g. on-premises, cloud) and different operating systems (e.g. Windows, Linux).

Penetration Tester

What do you do?

Penetration testers “ethically hack” their company’s network. They spend their day thinking like a cyber criminal, so they can spot vulnerabilities in their system before cyber criminals exploit them.

Why is this role important?

As IT environments become more complex, and companies move towards distributed workforce environments, penetration testers play an important role in taking an eagle eye view of the company and spotting any issues.

Which skills do you need?

You need a background in computer networks to become a penetration tester. Employers also expect you to have extensive knowledge of vulnerabilities so that you don’t rely too heavily on automated tools. Penetration testers also need a thorough understanding of different operating systems and networking protocols and experience with testing suites like Nessus, Metasploit, and Burp Suite.

DevSecOps Engineer

What do you do?

DevSecOps combines three disciplines – software development, information security, and IT operations – into one discipline so that products are securely developed and quickly deployed. DevSecOps Engineers ensure that the latest best practices in security are applied as early as possible in the product development stage.

Why is this role important?

DevSecOps Engineers are important, because software development is costly and cyber breaches are even more costly. To reduce expenses from the former, companies need developers who understand how to work with the operations team to get products rolling so they start generating revenue faster. To reduce cost from the latter, they need developers who can practice secure coding, risk management, and vulnerability assessments.

Which skills do you need?

DevSecOps Engineers have an extensive set of skills and knowledge. They usually have a degree in Computer Science or a related field, and they have experience working on-premises,  in the cloud, and in hybrid environments. They understand the DevSecOps methodology, security controls, and frameworks and they’re excellent communicators who can work with other teams. Candidates have experience with deployment automation tools such as Ansible and Helm and monitoring tools such as Elastic Stack and Prometheus.

Security Analyst

What do you do?

Information security analysts execute on a company’s security strategy. They work with other members of the cyber team, such as penetration testers, to identify vulnerabilities and protect them. They also develop best practices and recommendations for the company’s IT infrastructure. If there is a security breach, security analysts are the go to team member for identifying the breach, gauging the “blast radius”, and taking steps to kick out the attackers and mitigate the damage.

Why is this role important?

The role of security analysts is important in today’s distributed IT environments. The rapid shift to remote working means that there are more opportunities for employees to take shortcuts, leaving the company vulnerable to potential cyberthreats.

Which skills do you need?

You’ll need a background in IT and networking as well as familiarity with popular public clouds like AWS, Azure, and Google Cloud. Potential security analysts are also familiar with security standards and frameworks such as NIST, ISO 27001, and COBIT. If you’re lacking in experience, you may want to consider earning a cybersecurity certificate. You’ll also need non-cybersecurity related hard skills like report writing as well as soft skills like collaboration and problem solving.

Digital Forensics Specialists

What do you do?

Digital forensics specialists investigate the aftermath of a cyber attack. Digital forensics specialists spend time meticulously identifying and recording digital evidence and preparing reports for the company.

Why is this role important?

While most companies would prefer to prevent cyber attacks, understanding the cause and reasons for a cyber attack after the fact helps companies gauge the damage, understand what went wrong, and put steps in place to prevent future attacks.

Which skills do you need?

Digital forensics specialists usually have a background in information technology or computer science, familiarity with scripting and programming languages, and an ability to clearly communicate findings to a non-technical audience. They’re also well versed in digital forensics methodologies and understand how to use popular digital forensics tools such as Cellebrite and Encase.

Explore cyber roles in your area

US Call to Actions_right hand

Search jobs

Find your dream role or get a taste of what's out there.

Discuss your staffing needs 

Let us help you hire and retain top talent.

Find an office

12 offices across the US and growing.

US Salary Guide_right hand

It's here

Discover hiring trends, top jobs, remote work insights, and more.

Get your copy

US Blog authors_right hand


Get to know our experts.