Many of the challenges firms face when filling cybersecurity positions can be traced back to the job description. Cybersecurity job descriptions are notoriously difficult to write, yet they’re often the first impression a potential hire has of what it’s like to work for your company. With a lack of industry-accepted terms for jobs and roles, writing a clear and comprehensive job description can feel like stumbling in the dark.
The tight cybersecurity job market and well-publicized skills gap certainly make cybersecurity hiring more difficult, however, there are small steps companies can make to improve job descriptions and hiring success.
1. Get the Right Title
Say for instance your company is looking for a security engineer. Here are some of the subcategories that land within that title.
- Cloud Security Engineer
- Embedded Security Engineer
- Identity Access Management Engineer
- Information Security Engineer
- Network Security Engineer
- SecOps Engineer
- Security Consultant Intrusion Detection Analyst
- Threat Hunter
You can see the difficult situation many managers and HR departments find themselves in when crafting a cybersecurity job description. If you can’t settle on whether you need a security architect, cloud security architect, or information security architect how are you going to find a candidate?
When deciding on a job title, do some research within the local cyber community. What other titles are companies using for similar jobs and responsibilities? Is your company committed to having unique job titles? It might be time to compromise and use a job title that more accurately portrays the role.
2. Communicate a Realistic Understanding of the Role
Ascribing to a common language is the foundation of all human relationships. To reach the best candidates and easily communicate your position requires you use the language people within the cyber community are speaking. You’d be surprised how many HR recruiters and hiring managers have no idea what some of the terms in their cybersecurity job descriptions mean, even though they wrote them!
Experienced cyber professionals also know enough to steer clear of poorly conceived job descriptions, especially those in which job requirements don’t track to the title or are a laundry list of job requirements, clearly indicating the new hire will be asked to do two or more jobs. Knowing what you are asking for and having an understanding of the terms being used in the job description will elevate your cybersecurity job description and show your company is serious about cyber.
3. Emphasize the Benefits
With so many open positions in today’s job market, the best candidates are oftentimes people who are already employed, but open to a change in employment. These passive job seekers are skilled, but also savvy. If they are going to make the effort to change jobs, there must be benefits, such as higher pay, more remote work from home, or a shorter commute. Here are some ways you can quickly communicate why your job is better than theirs.
- Pay: Make sure any salary band listed in the job description is in line with the marketplace.
- Work-Life Balance: Highlight remote work options, flex hours, pet-friendly offices, and parental leave benefits.
- Culture: Job descriptions that use keywords like love, happy, fun, team, respectful, flexible, and considerate are more attractive to candidates.
- Professional Development: Your company wants cyber personnel who are eager to learn and adapt. Mention any training opportunities, conferences they will attend, or other professional development available.
4. Don’t Go It Alone
We get it. It’s not always easy to ask for help, but when a position has gone unfilled for six, seven, eight months on end, the problem might require outside expertise.
Staffing agencies are a common solution for companies who need to fill a position fast, but this has its drawbacks. Recruiters may return a list of candidates we would categorize as “warm bodies.” Instead of truly talented cybersecurity personnel, they show you resumes from people who are under-qualified or work in an unrelated area of cyber. Many staffing agencies are generalists and have a lack of understanding of the industry. Using a firm without expertise in cybersecurity won’t get you good candidates either.
Look for a history of experience filling cybersecurity positions in your industry. These agencies not only understand the language, but also have developed connections that allow them to locate talented passive job seekers. Understanding the current cybersecurity landscape, which companies are flourishing, who’s happy and who is not is essential.
Another advantage agencies that specialize in cybersecurity bring are tools that help HR personnel and hiring managers find the right match without a recruiter. Programs like CyberSN’s KnowMore platform offer tools and templates to build job descriptions specifically targeted toward people in the cybersecurity industry for free.
Bottom line: an agency that has expertise in cyber can communicate your job more effectively, resulting in a better slate of candidates and ultimately filling that position faster.