Common SecurityX (CASP+) Job titles [2025 update]

The SecurityX certification suits practitioners at the advanced skill level of cybersecurity. The certification used to be called the CASP+, and its exam was the CAS-004. The certification still covers most of the same topics, but the name has changed, and the exam is now the CAS-005. As of June 17, 2025, applicants will no longer have the option of taking the CAS-004 exam.  

You can check out our webinar, SecurityX is here (CASP+ is no more), to learn more. 

Even though the SecurityX certification is for those with advanced skillsets, it is also a great option for professionals who work in or aspire to positions involving architecting, engineering and implementing secure solutions — while still meeting governance, risk and compliance requirements. This credential is not for managers and is geared towards practitioners with at least ten years of hands-on IT experience, five of whom are of hands-on security. 

The current cybersecurity environment needs specific skills to diagnose and address network issues using customized tools and applications. It also necessitates a unique approach to a wide range of specific issues, meaning that the SecurityX professional must be able to build their own solutions to many kinds of problems. The SecurityX certification shows employers that candidates can devise innovative solutions to complicated IT issues within stringent security requirements and unique environments. 

SecurityX covers technical skills in security architecture and senior security engineering in a variety of environments (traditional, cloud and hybrid), knowledge of governance, risk and compliance requirements, the ability to properly assess an enterprise’s cybersecurity readiness and the capability to lead technical teams to implement cybersecurity solutions across the organization. 

What kind of jobs can I get with the SecurityX certification? 

The need for cybersecurity professionals is growing globally, and to fill their upper or senior-level positions, companies are looking to hire candidates who can demonstrate a high level of expertise, not only through their work history but also through credentials that incontrovertibly demonstrate they have the knowledge and skills to succeed in the role. Certifications also prove applicants’ will to stay current in a field that changes and advances quickly. 

If you aspire to an upper-level to senior-level position, then a certification like SecurityX can be a great addition to your resume. Roles as a chief information security officer (CISO), security architect or security engineer all have duties directly related to the knowledge validated by this credential. 

SecurityX is valuable not only when looking for positions in the private sector but a great addition for those hunting for government positions and jobs in the DoD information assurance (IA) workforce. This includes contractors, military officers, Non-Appropriated Fund (NAF) personnel, local nationals and civilians who are involved in IT departments. SecurityX fulfills Directive 8140 (DoDD 8570 [PDF]) requirements and is one of the IA baseline certifications needed to qualify for IAT Level III, IAM Level II, and IASAE I and II positions. 

What are the most common SecurityX job titles and descriptions? 

The SecurityX is different from other mastery-level certifications in that it offers a more hands-on approach, teaching real-world skills that can be used in the field. Other certifications, such as the CISM or CISSP, are seen more as management track courses and focus more on managerial and oversight skills than more technical topics like hacking. 

Jobs that use SecurityX, then, include: 

• Security architect 

• Senior security engineer 

• SOC manager 

• Security analyst 

Security architect 

Security architects are senior-level employees responsible for planning, designing, testing, implementing and maintaining an organization’s computer and network security infrastructure. To do so, they need to have advanced knowledge in authentication, access management, incident response, network protocols, security engineering and communication security. Some of their duties include: 

• Providing guidance and leadership on cybersecurity policy 

• Recommending security controls 

• Collaborating with business leaders, developers and engineers to identify business needs and make a plan for implementation 

• Identifying solutions that enhance security while supporting the identified business objectives 

• Researching and designing security features for IT projects 

• Using cryptography to protect an organization’s data 

Cybersecurity analyst 

The main job function of a Cybersecurity Analyst is to develop and implement security plans to protect IT systems, network infrastructure and data within an organization. They proactively monitor the environment to detect issues, evaluate threats and implement steps to mitigate cyberattacks before they occur. Some of their duties include: 

• Developing disaster recovery plans 

• Investigating and responding to alerts within the IT environment 

• Reviewing reports for security or compliance violations 

• Conducting vulnerability analyses of systems and networks 

• Performing risk assessments and making recommendations 

• Maintaining security systems like firewalls and security appliances 

• Keeping abreast of emerging cyber threats 

• Designing and implementing IT policies 

Security Engineer 

Security engineers are responsible for a company’s data systems. They have a similar role to that of the Cybersecurity Analyst but focus more on implementation than on monitoring, reporting and policy creation. Security engineers also develop technical solutions to automate security-related tasks. In addition, they identify needs and build defenses in an organization’s systems to harden the infrastructure. This typically involves adding new security features, troubleshooting and responding to attacks. Some of their duties include: 

• Implementing and monitoring security controls to prevent data loss or compromising 

• Creating new solutions to solve existing security issues 

• Enhancing security capabilities by evaluating new technologies 

• Defining, implementing and maintaining corporate security policies 

• Recommending modifications in legal, technical and regulatory areas that affect IT security 

• Enforcing security plans and policies 

• Performing vulnerability testing 

• Monitoring network for security incidents 

• Investigating and reporting on issues they identify 

SOC manager 

A SOC Manager is a senior-level IT professional who leads the security operations team. A security ops team is a group tasked with improving an organization’s security posture through continuous monitoring, detecting and responding to all cybersecurity incidents. 

The SOC Manager is responsible for administrative activities, including supervising their team members. They’re also expected to provide technical guidance and coordinate all activities using their advanced incident and problem management expertise. Some of their duties include: 

• Devising processes and plans 

• Assessing incident reports 

• Creating compliance reports 

• Measuring SOC performance metrics 

• Reporting to executive management 

What salary can I expect after getting certified? 

The average base salary for professionals with a SecurityX certification is $100,000/year. 

Now, let’s look at the expected salary for different professionals with a SecurityX certification: 

• Cybersecurity Analyst: $61,000 - $120,000. Average: $90,378 

• Cybersecurity Engineer: $73,000 - $140,000. Average: $99,382 

• Information Security Manager: $60,000 - $152,000. Average: $102,063 

• Systems Administrator: $50,000 - $105,000. Average: $70,000 

• Information Security Officer: $70,000 - $141,000. Average: $99,496 

• Information Security Analyst: $58,000 - $117,000. Average: $81,318 

• Information Security Engineer: $71,000 - $127,000. Average: $100,050 

More job titles and salaries can be found at PayScale. 

Your salary will be impacted by factors such as job title, city/location and years of professional experience. 

Common SecurityX interview questions 

When interviewing for a security engineering or security architecture position, you should be prepared to demonstrate your advanced technical knowledge. Here are four sample interview questions for SecurityX holders with sample answers to help you prepare. 

1. What is the difference between a black box test and a White Box test? 

Black ox testing examines software without knowledge of its internal structure or code, similar to how external penetration testers would approach a system they're unfamiliar with. The tester focuses on inputs and outputs without seeing "inside the box." 

White Box testing, in contrast, provides complete access to the software's source code, architecture, and internal workings. It allows for more thorough security testing, but it may require greater technical expertise and insider knowledge. 

2. What is the difference between public-key and symmetric cryptography? 

Symmetric cryptography uses a single shared key for encryption and decryption, making it faster and simpler to implement. However, it presents a key exchange challenge — both parties must securely share the same private key before transmitting protected information. 

Public-key cryptography (asymmetric) uses two mathematically related keys — one public and one private. When encrypting, you use the recipient's public key, and they decrypt with their corresponding private key. The major advantage is that public keys don't need to remain secure, solving the key distribution problem. 

3. Can you explain the chain of custody? 

The chain of custody is a documented process that tracks how digital or physical evidence is collected, handled and preserved for potential legal proceedings. It creates an unbroken chronological record of who possessed evidence, when they had it, and what they did with it. 

A chain of custody includes detailed documentation with timestamps, names, signatures and descriptions of any actions taken with the evidence. This documentation is critical because any gaps or inconsistencies can compromise the evidence's integrity and admissibility in court. In cybersecurity investigations, maintaining chain of custody is essential when collecting logs, forensic images or other digital evidence that might be needed for legal action or regulatory compliance. 

4. Why do internal threats have a higher success rate than external threats?