How to hire a certified information systems security professional

How to hire a certified information systems security professional, step by step

Here's a step-by-step certified information systems security professional hiring guide:

• Step 1: Identify your hiring needs
• Step 2: Create an ideal candidate profile
• Step 3: Make a budget
• Step 4: Write a certified information systems security professional job description
• Step 5: Post your job
• Step 6: Interview candidates
• Step 7: Send a job offer and onboard your new certified information systems security professional
• Step 8: Go through the hiring process checklist

Post a certified information systems security professional job for free, promote it for a fee

Post free

1. Identify your hiring needs

   First, determine the employments status of the certified information systems security professional you need to hire. Certain certified information systems security professional roles might require a full-time employee, whereas others can be done by part-time workers or contractors.

   Determine employee vs contractor status

   Is the person you're thinking of hiring a US citizen or green card holder?

   Yes

   No

   Hiring the perfect certified information systems security professional also involves considering the ideal background you'd like them to have. Depending on what industry or field they have experience in, they'll bring different skills to the job. It's also important to consider what levels of seniority and education the job requires and what kind of salary such a candidate would likely demand.

   This list presents certified information systems security professional salaries for various positions.

   Type of Certified Information Systems Security Professional	Description	Hourly rate
   Certified Information Systems Security Professional	Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases.	$37-65
   Security Engineer	Security engineers are responsible for developing and overseeing data and security software to help prevent data breaches, leaks, and taps related to cybercrime. Other duties and responsibilities include developing new systems to help protect computer networks and assets, configuring firewalls, and conducting penetration testing to pinpoint vulnerabilities... Show more	$37-67
   Security Architect	A security architect specializes in designing and establishing security systems and measures to protect a company and its clients from hackers or cyber-attacks. Their responsibilities revolve around reviewing existing security systems to determine areas needing improvement, implementing upgrades, and devising strategies to identify a company's information technology needs... Show more	$44-86

   Show more

2. Create an ideal candidate profile

   Common skills:

   • Windows
   • NIST
   • Linux
   • Incident Response
   • ISO
   • Risk Assessments
   • Network Security
   • DOD
   • POA
   • Switches
   • Security Policies
   • Security Solutions
   • SOX
   • Security Procedures

   Check all skills

   Responsibilities:

   • Manage security audit projects to industry standards and federal regulations (SOX, SSAE16, FFIEC).
   • Implement a manage endpoint encryption solution utilizing TrendMicro MobileArmor to secure university workstations against sensitive data loss.
   • Utilize IBM's SIEM, QRadar, to proactively protect Sherwin-William's assets.
   • Review DOD compliance database for open assets, late reporting and current compliance on newly post IAVAs and short suspense IAVAs.
   • Test and evaluate information systems using NESSUS software to detect vulnerabilities and improve on security.
   • Provide project management assistance and oversight--addressed organization concerns and questions about baseline architecture requirements and its enhance system-computing environments.

3. Make a budget

   Including a salary range in your certified information systems security professional job description is one of the best ways to attract top talent. A certified information systems security professional can vary based on:

   • Location. For example, certified information systems security professionals' average salary in ohio is 41% less than in california.
   • Seniority. Entry-level certified information systems security professionals 43% less than senior-level certified information systems security professionals.
   • Certifications. A certified information systems security professional with certifications usually earns a higher salary.
   • Company. Working for an established firm or a new start-up company can make a big difference in a certified information systems security professional's salary.

   Average certified information systems security professional salary

   $102,992yearly

   $49.52 hourly rate

   ---

   Entry-level certified information systems security professional salary

   $77,000 yearly salary

   Updated January 20, 2026

4. Writing a certified information systems security professional job description

   A certified information systems security professional job description should include a summary of the role, required skills, and a list of responsibilities. It's also good to include a salary range and the first name of the hiring manager. To help get you started, here's an example of a certified information systems security professional job description:

   Certified information systems security professional job description example

   SAIC is seeking a cybersecurity professional to lead efforts for the Air Force T-1A Combat Systems Officer Training System (T-1A CSOTS). This position requires a technical expert who can operate independently with little supervision. The criticality of this position is in supporting the customer's mission to provide cybersecurity support for the system to include the creation and up keep of an Authority to Operate (ATO) package in accordance with DoD Instruction (DoDI) 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT) and Air Force Instruction (AFI) 17-101 Risk Management Framework (RMF) for Air Force Information Technology.
   General tasks include:
   
   + Implement the System Security Plan, create Security Assessment Report, conduct vulnerability scans required to obtain and maintain an ATO from the system Authorizing Official (AO).
   
   + Support RMF activities and other cybersecurity tasks/requirements that directly support in the customer obtaining an ATO for T-1A CSOTS.
   
   + Provide cybersecurity technical advice to the customer and T-1A CSOTS software engineering team and support personnel, the program Information System Security Manager (ISSM), and the AO.
   
   + Provide continuous support in monitoring affected system after ATO is achieved.
   
   + Perform Vulnerability and Compliance scanning of T-1A CSOTS information systems.
   
   **Qualifications**
   
   Qualifications:
   
   Information System Security Officer (ISSO) with ability to perform Information System Security Engineer (ISSE) duties as required.
   
   Mandatory Experience/Qualifications:
   
   + Bachelor's Degree and three to ten years of Information Assurance experience work or 9-years total of Information Assurance experience work
   
   + DoD 8570.1-M IAT-II certification (CCNA Security, CySA+, GICSP, GSEC, CompTIA Security+, or SSCP)
   
   + A strong working knowledge of RMF
   
   + Experience in applying security principles to all states of system development from requirements development through operational acceptance
   
   + Experience in conducting information systems security assessments, evaluating IA and Cybersecurity controls, and conducting and supporting RMF activities
   
   + Experience with Operational Air Force or Space Force systems
   
   Proficient with eMASS and ACAS with formal eMASS and ACAS training certification desired
   
   Covid Policy: SAIC does not require COVID-19 vaccinations or boosters. Customer site vaccination requirements must be followed when work is performed at a customer site.
   REQNUMBER: 2212100
   
   SAIC is a premier technology integrator, solving our nation's most complex modernization and systems engineering challenges across the defense, space, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and simulation; and training. We are a team of 23,000 strong driven by mission, united purpose, and inspired by opportunity. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $6.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see Working at SAIC. EOE AA M/F/Vet/Disability

   Copy this example

   

5. Post your job

   To find the right certified information systems security professional for your business, consider trying out a few different recruiting strategies:

   • Consider internal talent. One of the most important sources of talent for any company is its existing workforce.
   • Ask for referrals. Reach out to friends, family members, and current employees and ask if they know or have worked with certified information systems security professionals they would recommend.
   • Recruit at local colleges. Attend job fairs at local colleges to recruit certified information systems security professionals who meet your education requirements.
   • Social media platforms. LinkedIn, Facebook and Twitter now have more than 3.5 billion users, and you can use social media to reach potential job candidates.

   Post your job online:

   • Post your certified information systems security professional job on Zippia to find and attract quality certified information systems security professional candidates.
   • Use niche websites such as dice, engineering.com, stack overflow, it job pro.
   • Post a job on free websites.

6. Interview candidates

   During your first interview to recruit certified information systems security professionals, engage with candidates to learn about their interest in the role and experience in the field. During the following interview, you'll be able to go into more detail about the company, the position, and the responsibilities.

   It's also good to ask about candidates' unique skills and talents to see if they match your ideal candidate profile. If you think a candidate is good enough for the next step, you can move on to the technical interview.

   If your interviews with certified information systems security professional applicants aren't enough to make a decision, you should also consider including a test project. These are often the best, most straightforward, and least bias-prone ways of determining who will likely succeed in the role. If you don't know how to design an appropriate test, you can ask someone else on the team to create it or take a look at these websites to get a few ideas:

   • TestDome
   • CodeSignal
   • Testlify
   • BarRaiser
   • Coderbyte

   The right interview questions can help you assess a candidate's hard skills, behavioral intelligence, and soft skills.

7. Send a job offer and onboard your new certified information systems security professional

   Once you've selected the best certified information systems security professional candidate for the job, it's time to write an offer letter. In addition to salary, this letter should include details about the benefits and perks you offer the candidate. Ensuring that your offer is competitive is essential, as qualified candidates may be considering other job opportunities. The candidate may wish to negotiate the terms of the offer, and you should be open to discussion. After you reach an agreement, the final step is formalizing the agreement with a contract.

   It's equally important to follow up with applicants who don't get the job with an email letting them know that the position has been filled.

   To prepare for the new employee's start date, you can create an onboarding schedule and complete any necessary paperwork, such as employee action forms and onboarding documents like I-9 forms, benefits enrollment, and federal and state tax forms. Human Resources should also ensure that a new employee file is created.

8. Go through the hiring process checklist

   • Determine employee type (full-time, part-time, contractor, etc.)
   • Submit a job requisition form to the HR department
   • Define job responsibilities and requirements
   • Establish budget and timeline
   • Determine hiring decision makers for the role
   • Write job description
   • Post job on job boards, company website, etc.
   • Promote the job internally
   • Process applications through applicant tracking system
   • Review resumes and cover letters
   • Shortlist candidates for screening
   • Hold phone/virtual interview screening with first round of candidates
   • Conduct in-person interviews with top candidates from first round
   • Score candidates based on weighted criteria (e.g., experience, education, background, cultural fit, skill set, etc.)
   • Conduct background checks on top candidates
   • Check references of top candidates
   • Consult with HR and hiring decision makers on job offer specifics
   • Extend offer to top candidate(s)
   • Receive formal job offer acceptance and signed employment contract
   • Inform other candidates that the position has been filled
   • Set and communicate onboarding schedule to new hire(s)
   • Complete new hire paperwork (i9, benefits enrollment, tax forms, etc.)

   Sign up to download full list

   Sign up

How much does it cost to hire a certified information systems security professional?