Top 5 most in demand cyber security contract roles

As cyber security continues to move up the agenda for organisations across the board, the demand for talented cyber professionals is higher than ever.

Here are the 5 most in demand cyber contractor roles in today’s tech security market, writes James Dilks, senior cyber and information security recruitment consultant at Hays.

1. Security Consultants

Security consultants are crucial for enhancing an organisations’ security posture. They are typically brought in as contractors to understand and assess existing security practices, and to ultimately offer consultative suggestions to enhance the overall security of the organisation.

Aside from a holistic cyber security understanding, it’s important for security consultants to have strong stakeholder engagement and management abilities.

Contract security consultants are in demand as diverse industries require individuals who can quickly grasp the intricacies of their organisations, and provide tailored guidance in a palatable way for technical and non-technical stakeholders.

The combination of technical knowledge and soft skills required to be a security consultant is why such contractors typically command between £650 and £850 a day. But sometimes, day rates can even reach beyond £1,000, depending on the sector and scope of the role.

2. Security Architects

The role of a security architect entails designing, strategising and scoping the future state of organisations’ security systems, policies, applications and GRC processes.

Security architects typically occupy the contract space due to day rate competitiveness against permanent salaries, and industry need for dynamic architects with diverse industry, sector, and systems backgrounds.

The combination of an exceptional level of technical understanding, strategic road-mapping abilities and pragmatism developed through years of industry experience means that security architect contractors can easily command between £750 and £1,000 per day, sometimes even £1,200 per day.

3. Penetration Testers

Penetration testers identify cyber vulnerabilities as ethical hackers, while contributing to risk and vulnerability enhancements and cyber security awareness for organisations.

Contractors and managed service security providers dominate the penetration testing market due to the cyber skills shortage, and also the cyclical and ad-hoc nature of their work. With organisations needing regular testing to maintain their regulatory compliance requirements, or project-dependent ad-hoc assessments, temporary penetration testers meet the demand.

A technical repertoire spanning networking, programming, cryptography, vulnerability assessment and OS knowledge, alongside a tenacious nature and a finger on the pulse of the expanding threat landscape makes a successful penetration tester. These skills allow them to earn between £500 to £850 per day, potentially stretching to £950 and beyond.

4. Security Operations Centre (SOC) Analysts

SOC Analysts are highly sought-after for being the front line of organisations’ security, monitoring for suspicious activity, interpreting and analysing security alerts and investigating potential threats.

Typically, contract security analysts become extra desireable to organisations when they come with a diversity of sector-backgrounds, thanks to them working higher quantities of roles within shorter spaces of time than their permanent counterparts. End-users value such a wide exposure to a significant breadth of systems, tools and threats. Good SOC analysts can also alleviate full-time staff during security incidents or help maintain a 24-7 security operations centre where required.

To be a successful SOC analyst, you’ll need a firm understanding of IT infrastructure, networking, SIEM, EDR and vulnerability management tools. Combine that understanding with an eye for detail and knowledge of the contemporary threat landscape, and you’ll command upwards of £450 a day -- and maybe as much as £650 a day.

5. Cloud Security Specialists

The growth of cloud service adoption among organisations needing scalability, cost-efficiency, and flexibility means contract cloud security specialists are in continually solid demand.

Cloud security specialists address the complexities surrounding data protection, sovereignty, business continuity, and the potential for breaches from the emergence of new threat landscapes previously not experienced by organisations with on-premise infrastructures.

Cloud security contractors are expected to have a level of knowledge of the core cloud providers: Azure, AWS and GCP. Cloud security architects and consultants use their technical expertise and articulative ability to assess the infrastructure, application compatibilities, and business requirements of an organisation to devise tailored solutions based on their cloud needs. Cloud security engineers may use their intricate technical understanding for cloud implementations or project-based work.

This expertise allows cloud security professionals a starting rate of approximately £650 a day at engineer level, rising to approximately £1,000 a day and above at consultant, architecture and leadership levels.

Finally, to move into these top 5 cyber security roles, should contractors train or learn on the job?

For these top 5 sought-after IT contractor security roles, employers often seek extensive experience in a similar role within a similar organisation in terms of industry and scale. While certifications can be important for contractors at senior levels working in niche spaces, arguably experience in the industry is currently both more relevant and favourably looked upon.