Roles Directory
Practical definitions of the cybersecurity positions we staff most often — what each role actually does, the skills hiring managers screen for, and current market demand in India and globally.
The teams watching production for active threats and responding to incidents.
First line of triage in the security operations centre — reviews alerts from SIEM/EDR, validates true positives, and escalates.
Core skills
Owns deeper investigation — correlates events across tools, contains compromised hosts, and tunes detections.
Core skills
Leads response to confirmed incidents — disk and memory forensics, containment, eradication, and post-incident reports.
Core skills
Proactively searches the environment for adversary behaviour that bypassed automated detections.
Core skills
Builds and maintains the detection content library — Sigma rules, KQL, Snort/Suricata, with measurable coverage.
Core skills
Tracks threat actors and campaigns relevant to the business; turns intelligence into detections and exec briefings.
Core skills
Securing the platforms modern applications actually run on.
Designs guardrails, IAM boundaries, and detection across AWS, Azure, or GCP environments.
Core skills
Hardens container platforms — admission control, runtime detection, supply-chain integrity.
Core skills
Operates firewalls, segmentation, VPN/ZTNA, and inspection across hybrid networks.
Core skills
Embeds security checks into CI/CD — SAST, SCA, secrets scanning, IaC policy — without slowing delivery.
Core skills
Roles focused on the code, APIs, and products customers actually use.
Threat-models features, runs secure code review, and partners with engineering on remediation.
Core skills
Embedded in product teams to ship secure features by default — security design, paved roads, bug-bounty triage.
Core skills
Simulates real-world attackers against web, mobile, network, and cloud targets to surface exploitable issues.
Core skills
Runs objective-based adversary simulations, evading detection and testing the blue team end-to-end.
Core skills
Where access decisions and sensitive data live.
Designs and operates identity, SSO, MFA, and lifecycle — the control plane for every other access decision.
Core skills
Classifies, protects, and monitors sensitive data across warehouses, lakes, and SaaS.
Core skills
Operationalises privacy — data mapping, DSR automation, privacy-by-design reviews — alongside legal.
Core skills
Translating regulation and risk appetite into controls the business can ship against.
Owns control evidence, policy reviews, and risk register updates day-to-day.
Core skills
Automates control evidence and continuous compliance against SOC 2, ISO 27001, HIPAA, PCI-DSS.
Core skills
Runs vendor due diligence and ongoing monitoring of the supply chain's security posture.
Core skills
Roles that own strategy, budget, and the security operating model.
Sets reference architectures across cloud, identity, and data; reviews high-impact designs before build.
Core skills
Runs the SOC — staffing, shift rotations, MTTD/MTTR metrics, and detection roadmap.
Core skills
Owns the overall security strategy, budget, and board-level reporting for the business.
Core skills
Fractional security leadership for companies that need executive-level oversight without a full-time hire.
Core skills
CipherForce places vetted cybersecurity talent on contract, permanent, and managed-pod engagements. Talk to us about open roles, or join the network.