I recently have been receiving a ton of solicitations for work by headhunters. As with several of our prior discussions, it appears as though these folks are still looking for free range Unicorns. I'm going to give a rundown of the requirements of an example solicitation, and my thoughts about who they are looking for. But, I would like to hear your thoughts on this as well.
Position: Insider Threat Investigator
Requirements:
8+ Years of Experience, with proven results in conducting investigative interviews and writing reports with formal interview training preferred
5+ Years of specialized Insider Threat experience
2+ Years of specialized Financial Services Investigation experience
A history of independently leading investigations with minimal supervision
Experience with User Behavioral Analytics products
Advanced knowledge of computer OSs and file systems and experience with forensic utilities
Preferred Qualifications:
Advanced experience with Splunk, SIEM, IDS/IPS, and log aggregation tools.
Experience performing static, dynamic, and reverse engineering of malware malware
Experience with eDiscovery methodology and best practices, and processing/review platforms
Maybe I'm being cynical and this isn't a Unicorn. If this describes you or someone you know, let me know and I'll hook you up with the head hunter.
What compensation would you ask for this position?
Sincerely,
Eric B.
I receive solicitations by email and phone daily. Since I updated my on line resume to include my shiny new CCSP, the call volume has increased. As I have a large heard of friendly peers around the world, I share these listings with folks wanting to move here and there. (A difficulty of working overseas can be getting back into the US labor market, without a significant time gap.)
I'm finding that lots of these recruiters ask for the world and are usually happy with your current skill set, once they've decided they actually want you. I think part of the problem, is the client isn't really sure of what they need, so the recruiter throws a wide net. They want a purple unicorn, but will settle for an ill tempered rhinoceros.
How do I respond to those I'm willing to actually talk to? I'm usually my most pleasant self, except I won't discuss money until there is an offer on the table. The fastest way to turn me away is to ask my current wage, or discuss salary before the deep details of the job.
Looking at this JD my best guess is that your reading either the promoted incumbent's history or promoted from within the organization. Way to specific otherwise which also links into your free range unicorn theory.
As for comp(ensation?) Somewhere North of 150k as you are looking for some extremely specific and highly trained skillsets only available under the GSA schedule along with very tangible supervisory experience.
Take the local cost of living and market demands as well as I doubt the position is located in say rural Iowa but a major downtown metropolis.
I would not call this a run of the mill "mid" level position but definitely an upper-mid to high level, high visibility position that should also state your likelihood this person will end up in the witness stand as well. Being a professional witness is inherently time consuming and stressful. Been there, done that.
Whew! Interesting position though!
I think for this position you would have to have held several jobs.
1 Jobs in forensics
1 Job in investigations
1 Job in eDiscovery
1 Job in Splunk and SEIM
1 Of those jobs would have had to have been in the Financial Industry
1 of them in Law Enforcement
1 of them in legal
1 would have to have been in a supervisory capacity
and 1 in a malware analyst role.
Seems they want the whole enchilada. I would think definitely 6 figures at a minimum. I can see maybe someone in a LE role touching most of those but not all of them at one agency.
Compensation has become such a bugaboo these days. Frequently headhunters want to discuss compensation before even fully explaining the position. What ever happened to the days where they put the salary range in with the job description?
In my estimation, anyone with a CISSP is worth $100,000, and it rises from there. Multiple certifications? 40+ hrs/ week? Lead a team? Security clearance? These all drive the salary up... don't be shy, let them know what you're worth.
@billclancy wrote:
They want a purple unicorn, but will settle for an ill tempered rhinoceros.
I resent that characterization, and, no, they didn't hire me.
Ken,
I agree with your breakdown. I did it a little more colorfully, but yours is much easier to read.
The interesting thing about this is that my resume contains the keyword "Insider Threat," so I imagine that is why I keep getting these solicitations.
The problem is that in my experience the "Insider Threat" role was actually a team of multi-disciplined folks. There was no one person that had all these skills. And even if they claimed they did, they were really only proficient in 1/3rd of that list of skills.
My biggest issue is that SEIM aspect. That has to be a separate function. As soon as you throw that into the mix, that is all that job is going to be. I'm afraid of taking a position that is a mix of SEIM and anything else, because I believe that you're going to have to choose to do SEIM or everything else and I don't want to deal with that come performance eval time.
Does anyone have a different experience?
Sincerely,
Eric B.