20.01.2020

How to write a killer cyber security job description

Why is your cyber security job description failing? We discuss some of the reasons behind your lack of candidate interest and show you how you can encourage more talent to apply for your roles.

How to write a killer cyber security job description

Across all the typical job boards there’s 14,500 job adverts for cyber security roles across the UK. There’s no shortage of jobs for candidates, however these roles stay open for a long time, don’t attract the right type of candidates and leave companies wondering why they’re not building their cyber security team effectively.  

So why is your cyber security job description failing? It could be a number of reasons but we’re going to focus on why the cyber security job advert you’ve just written could be the main reason behind your lack of interest, and some helpful hints to help you attract the cyber security candidates your company desperately needs.

Structure is king…

According to CSO Online and ZipRecruiter, a cyber security job description is really important to candidates; not just in terms of role title but also the content that goes along with it. Candidates are looking for a job specification that’s structured and easy to follow, gives them an insight into the role and a good idea of the company culture, and is realistic in terms of the expectations needed for the position. That’s a lot of information to include and portray in a concise way, so you need to have a structure in mind that’s going to work, give a real indication of what candidates are looking for and be consistent across your branding.

The wording…

This is just as important as the structure, if the job description sounds boring or uses common phrases that are littered throughout most competitor job adverts you’re in danger of your advert blending into the crowd. Include too many bizarre analogies, hype up the role too much and you’re not going be taken seriously. Using long sentences, with overly complex language and candidates will also become lost – the easier to read, the more concise, the quicker a candidate can see if they are interested and apply. This also means you’re probably going to have a talent pool who have taken the time to review the advert before applying rather than taking the scatter gun approach and applying for everything they see that might be ‘just about’ relevant.

Unrealistic expectations…

Feedback from the industry is usually consistent, cyber security job descriptions place unrealistic expectations on the knowledge/experience needed within a role. We’ve seen multiple examples of Junior SOC Analyst adverts asking for CISSP certification, or Penetration Tester specifications looking for experience as ISO auditors. Sometimes, it’d be lovely to have these types of well-rounded cyber security skill sets within your team, however, think of the effect it is having on candidates initially applying and therefore limiting your talent pool. According to Applied, men tend to apply for a job when they meet 60% of the requirements, whereas women only apply for a job if they meet 100% of the requirements – which ultimately could be a reason as to why diversity is such a hot topic within cyber security.

It’s all in the length…

According to industry research, the ideal job ad is between 300-800 words, roughly the side of a typed A4 page… Too long and nobody is going to stay engaged throughout the whole thing to assess whether they are going to be a good fit. Too short and you’re not going to be able to provide a clear view of the role, enough to entice people to apply. It’s also worth noting the change in how candidates are applying for roles within cyber security now. Previously, the majority of applications would come from desktop however now, with our more connected world, more and more are simply using mobile devices – think of how your advert is going to look on a mobile phone, is it going to take a lot of scrolling, is the text in huge paragraphs? All these need to be considered to create a strong cyber security job description to entice a good level of talent.

Do some research on the market…

This doesn’t really apply to those companies who are already integrated into the cyber security market, been attracting talent into their business for years but more for those who are looking to bring in cyber security professionals for the first time. Before you start looking at writing an advert, seek out some guidance from people in the industry, see what they want to read about, see what other companies are including in their adverts and please check salary levels against the industry norm. We’re seeing more adverts for companies hiring their first cyber security professional position where salaries are way off the mark, this gives two impressions; either you have no idea on the current market trends, or you are not taking your cyber security capabilities seriously – either way it’s not a good impression to give candidates.

There’s a lot of examples of companies creating good cyber security job descriptions, standing out from the crowd and attracting a lot of talent into their recruitment process. However, there’s more that aren’t doing this well enough and will struggle to attract talent within this competitive market.

If you want to benchmark your advert against others, get advice from people who are working with the industry on a daily basis, get in touch and we’d be more than happy to provide guidance on your cyber security job descriptions to take your 5 applicants to 50.

Sign up for industry updates