What kind of cybersecurity jobs can you get?

The field is incredibly diverse, with roles in offensive security (penetration testing), defensive security (SOC analysis), governance and compliance, security architecture, application security, cloud security, and a growing list of specialized AI security positions.

Is cybersecurity a good career in 2025?

Yes, the outlook for 2025 is very strong. The market is becoming more competitive, but the demand for skilled professionals, particularly those with AI security expertise, is expected to continue its upward trajectory.

What is the best entry-level job in cybersecurity?

Roles like Cybersecurity Technician, IT Support with a security focus, or a Junior Cybersecurity Analyst in a SOC are excellent starting points. They provide foundational experience and a clear path for career advancement.

Is cybersecurity hard to learn?

It requires a commitment to continuous learning, as the technology and threats are always evolving. However, with quality resources and a dedicated mindset, it is an achievable and rewarding field to master.

What qualifications do I need for cybersecurity?

A combination of technical skills (networking, operating systems), relevant certifications (like CompTIA Security+ to start), and hands-on experience is the ideal mix. A degree is helpful but not always a firm requirement.

Can I get into cybersecurity at 30 or 40?

Absolutely. Many successful cybersecurity professionals transitioned mid-career. Prior experience in other fields can often provide a unique and valuable perspective.

Do I need to know how to code?

Not for every role. There are many critical non-coding jobs in areas like governance and risk. However, a basic understanding of coding is becoming increasingly beneficial across all security roles.

Volver

The New Cybersecurity Jobs in the Age of AI: Roles Every GenAI Security Team Needs

Alejandro Domingo Salvador • 28 de julio de 2025

Contenido

The cybersecurity landscape has been in a constant state of evolution for decades, with threats shifting from simple viruses to sophisticated, nation-state-level attacks.

However, no previous shift compares to the seismic change brought by the age of Generative AI. This technology is a game changer, not just for how businesses operate, but for how they are defended. The wave of AI is creating new cybersecurity jobs and reshaping the very definition of a security professional.

The demand for cybersecurity talent remains exceptionally high. In the past year alone, U.S. employers posted more than 514,000 open roles, a 12% increase from the year prior. This surge isn't just about backfilling traditional positions; it's about defining entirely new roles to manage the unique risks introduced by AI.

Why GenAI is Changing the Cybersecurity Job Market

Generative AI is not merely another tool in the technology stack. It represents a fundamental new layer of capability that unlocks unprecedented opportunities while simultaneously presenting complex, novel challenges for security teams.

It automates routine tasks and creates new efficiencies, but it also opens a Pandora's box of vulnerabilities that the industry is just beginning to fully comprehend.

From threat detection to prompt injection: New attack surfaces

For years, security focused on defending network perimeters, endpoints, and application vulnerabilities.

Now, the scope of defense must expand to the very language models powering modern AI tools.

The attack surface has grown dramatically. Security professionals are no longer just defending against malware and phishing; they are now confronting new threats such as:

Prompt Injection: Where attackers craft malicious inputs to manipulate a Large Language Model (LLM) into performing unintended and potentially harmful actions.
Training Data Poisoning: A technique where adversaries contaminate the data an AI model is trained on, corrupting the model's integrity from its core.
Model Theft: The exfiltration of proprietary and computationally expensive AI models, giving attackers free rein to exploit them or create unauthorized replicas.

These threats are part of a new class of vulnerabilities, most notably captured in the OWASP Top 10 for Large Language Model Applications. Mitigating these risks requires a new way of thinking and a specialized set of skills.

Why traditional roles are no longer enough

A traditional Security Operations Center (SOC) Analyst is highly skilled at analyzing logs and detecting network intrusions, but may not be equipped to spot a sophisticated indirect prompt injection attack hidden within a document. A classic penetration tester knows how to exploit a SQL injection vulnerability, but may not have the expertise to perform a jailbreak on a frontier AI model. While AI-driven automation is increasingly handling routine security tasks, it is also freeing up human professionals to focus on more strategic and complex challenges. This evolution signifies a shift where traditional cybersecurity roles must adapt, moving from routine monitoring to strategic threat modeling and response. The skills that defined security in the last decade are insufficient for the next.

Cybersecurity vs AI security: What’s the difference?

This is a frequently asked question. A simple way to frame the distinction is that traditional cybersecurity focuses on protecting the systems and infrastructure that run applications. AI security, in contrast, is about protecting the AI models themselves and the data they process within those applications. AI security encompasses the unique vulnerabilities of Generative AI, including model poisoning, prompt injection, and data leakage through model responses. It demands a deep understanding not only of security principles but also of machine learning architectures, data pipelines, and the complex ethical considerations of AI. It is a specialized discipline that builds upon the foundation of cybersecurity but requires a new strata of expertise. This distinction is fundamental for understanding the new LLM security risks and the critical importance of specialized practices like GenAI red teaming.

The new cybersecurity roles every GenAI-ready team needs

As organizations accelerate their adoption of AI, a new cohort of security specialists is becoming essential. These roles are non-negotiable for any security team aiming to be truly GenAI-ready.

LLM Red Team Engineer

This is one of the most exciting and in-demand roles in the current market. An LLM Red Team Engineer’s mission is to think like an adversary and break AI models before malicious actors can. They are the offensive security experts of the AI domain.

Focus: Their work centers on discovering novel vulnerabilities through techniques like jailbreaking, where they attempt to bypass a model's safety and ethics filters. They are specialists in direct and indirect prompt injection, model denial of service, and poisoning Retrieval-Augmented Generation (RAG) systems that connect LLMs to external data.
Tools: These engineers use a combination of manual adversarial testing and automated frameworks. Tools like TrustTest are designed for this exact purpose, allowing red teamers to systematically probe for vulnerabilities and simulate complex attack scenarios to ensure model resilience.

Prompt Security Analyst

While the Red Team Engineer is on offense, the Prompt Security Analyst is on defense. They are the sentinels at the gateway, responsible for monitoring and analyzing the inputs being fed into an organization's LLMs.

Focus: Their primary function is to detect and block malicious prompt patterns and semantic exploits in real time. They are trained to identify the subtle signatures of an attempted jailbreak or a prompt engineered to exfiltrate sensitive information.
Tools: Prompt Security Analysts rely on AI firewalls and observability platforms for real-time threat detection. Solutions like TrustGate and TrustLens are central to this role, providing the necessary visibility to monitor all AI conversations, block malicious inputs before they reach the model, and investigate security alerts as they happen.

AI Monitoring & Observability (AIOps) Lead

It's impossible to protect what is not visible. As AI applications become more complex and deeply integrated into business processes, deep visibility into their behavior is critical. This is the domain of the AI Observability & Monitoring Lead.

Focus: This role is responsible for establishing comprehensive tracing, auditing, and alerting for all GenAI applications. They ensure that every prompt, response, and model interaction is logged and analyzed for potential security events or policy violations.
Tools: This professional operates within observability platforms. They leverage powerful tools like our own TrustLens, which provides real-time visibility into all AI interactions. They also integrate these systems with traditional Security Information and Event Management (SIEMs) and traffic inspection solutions to create a holistic view of the AI ecosystem.

AI Governance & Compliance Specialist

The rapid proliferation of AI has triggered a wave of new regulations. The EU AI Act and the new US AI Law** are merely the start. Navigating this complex legal and ethical landscape requires a dedicated expert.

Focus: The AI Governance & Compliance Specialist ensures an organization's use of GenAI aligns with global regulations, industry standards, and internal ethical guidelines. They are particularly concerned with how privacy laws like GDPR apply to the data processed by AI models.
Tools: AI Governance specialists leverage GRC (Governance, Risk, and Compliance) platforms and AI observability tools to automate policy enforcement and reporting. They use solutions like TrustLens to generate the detailed audit trails and reports necessary to prove compliance with legal standards.

AI AppSec & Shadow AI Investigator

One of the most significant emerging risks for enterprises is the unsanctioned use of AI tools by employees. This "Shadow AI", which includes everything from browser plugins to third-party chatbots, creates a massive, unmonitored attack surface.

Focus: This investigator's job is to proactively hunt for and identify unsanctioned AI usage within the organization. They employ a combination of network analysis, endpoint detection, and user behavior analytics to uncover these hidden risks.
Tools: These investigators use a combination of Cloud Access Security Brokers (CASB) and Endpoint Detection and Response (EDR) platforms to discover unauthorized AI applications and browser extensions. They also leverage AI gateways like TrustGate to block access to these unsanctioned services and enforce corporate AI use policies.

How should security leaders structure an AI-ready team?

Building a team with these new roles requires a strategic plan. It's not just about hiring individuals; it's about architecting a cohesive unit that can address the multifaceted challenges of AI security.

Core functions and their relationship with traditional roles

New AI security roles should not operate in a silo. They must be tightly integrated with the existing cybersecurity team.

The LLM Red Team Engineer should collaborate with traditional penetration testers to share tactics.

The Prompt Security Analyst should be embedded within the SOC to correlate AI threats with other security signals.

This integration ensures knowledge is shared and that AI security is treated as a core component of the overall security posture.

Centralization vs decentralization: Where AI security sits in the org

Two primary models are emerging for structuring the AI security function:

Centralized: A single, dedicated team of AI security experts serves the entire organization. This model fosters deep expertise and consistent standards but can sometimes become a bottleneck.
Decentralized: AI security specialists are embedded within different business units or product teams. This approach promotes agility and context-specific security but risks creating inconsistent policies and duplicated efforts.

Many organizations are finding a hybrid model to be most effective, featuring a central governance team that sets strategy and decentralized specialists who implement it.

When to hire, outsource, or automate security layers

Building a comprehensive AI security team is a significant investment. A pragmatic approach is often best, especially for leaner organizations.

Hire: For core, strategic functions like governance and observability, hiring in-house talent is typically the best long-term solution.
Outsource: Highly specialized and offensive tasks, such as advanced GenAI red teaming, can be outsourced to expert firms to achieve world-class results without the associated overhead.
Automate: For scalable, consistent security, automation is indispensable. This is where solutions like TrustGate and TrustLens become critical. TrustGate acts as a centralized control plane for all AI usage, enforcing security policies automatically. TrustLens provides the continuous monitoring needed to detect threats at scale. Together, they form a powerful security layer that supports lean teams and enables them to focus on the most critical risks.

Do I need to be a coder to work in GenAI security?

While some of the most visible roles in AI security are highly technical, numerous paths into the field do not require expert-level programming skills.

Technical roles that require coding (e.g. red teaming, monitoring)

Roles like the LLM Red Team Engineer require strong coding skills, particularly in Python, the lingua franca of machine learning. Developing vulnerability testing scripts and building custom tools is a core part of the job. Similarly, an AI Observability Lead often needs to write scripts to integrate systems and automate data analysis.

Non-coding roles in AI risk, governance, and operations

Conversely, the AI Governance & Compliance Specialist role is a prime example of a critical, non-coding position. This role is centered on understanding legal frameworks, risk management principles, and policy development. Strong analytical and communication skills are far more important than the ability to write code.

The rise of hybrid security profiles

An increasingly common and valuable profile is the "hybrid" security professional. This individual may not be a hardcore developer but understands the fundamentals of code and can communicate effectively with technical teams.

They might be a GRC expert who has taken courses on machine learning or a security analyst who has learned to write simple Python scripts to automate tasks. These hybrid profiles are incredibly valuable because they bridge the gap between technical and non-technical domains.

How to Get Started: Skills and Qualifications in Demand

For those looking to enter or transition into GenAI security, focusing on the right skills and qualifications is essential.

In-demand hard skills

Python: The most critical programming language for AI and machine learning.
Prompt Injection Detection: Understanding the different types of prompt injection and how to spot them is a foundational skill.
Knowledge of Transformer Models: A conceptual understanding of how models like GPT work is essential for identifying their inherent weaknesses.
OWASP LLM Top 10: Deep familiarity with these vulnerabilities is a prerequisite for any serious AI security professional.

Certifications and learning paths

The certification landscape is evolving to keep pace with technology.

Traditional: Certifications like CISSP (Certified Information Systems Security Professional) and OSCP (Offensive Security Certified Professional) provide a strong, foundational knowledge of security principles that remains highly relevant.
Emerging: Specialized AI security courses and LLMOps bootcamps are gaining prominence. Certifications like the Certified Artificial Intelligence Governance Professional (AIGP) are becoming valuable for governance roles.

How to transition from traditional cybersecurity roles

Those already in cybersecurity have a distinct advantage. The key is to build upon that existing foundation.

Assess your current skills: Evaluate your security knowledge and identify the gaps related to AI.
Define clear objectives: Determine which area of AI security is most appealing to you, whether it's offensive security, governance, or monitoring.
Get hands-on experience: Build a home lab. Participate in AI-focused bug bounties. Contribute to open-source AI security projects. Practical experience is invaluable.
Focus on AI fundamentals: Take online courses on machine learning and deep learning to understand the core concepts.

Is cybersecurity still a good career in the age of AI?

The answer is a definitive yes. Arguably, it is a more exciting and rewarding career than ever before. AI is not replacing cybersecurity professionals; it is augmenting them and creating new specializations.

Job market outlook

The job market for cybersecurity professionals is robust and expanding. While some traditional roles are seeing a slowdown, high-growth positions include Red Teamers and GRC analysts. The demand for professionals who can bridge the gap between AI and security is exceptionally high.

Can you still break in without a degree?

Yes, but it requires dedication. While a computer science degree is beneficial, many companies now prioritize demonstrable skills and experience over formal education. A strong portfolio, open-source contributions, and relevant certifications can create a viable path into the field.

Is it too late to start?

It is never too late. Many professionals have successfully transitioned into cybersecurity from different fields in their 30s, 40s, and beyond. The industry values passion, a commitment to learning, and a problem-solving mindset.

What’s the lowest position in cybersecurity?

Entry-level roles often begin in a Security Operations Center as a Tier 1 Analyst or in IT helpdesk positions with a security focus. These roles provide an excellent opportunity to learn the fundamentals in a real-world environment.

Is cybersecurity a stressful job?

It can be. Incident response roles, which are on the front lines of active breaches, can be high-pressure. However, many other roles in governance, compliance, or research are significantly less so. The stress level depends heavily on the specific role and company culture.

Where can I find cybersecurity jobs?

LinkedIn is a top resource for connecting with recruiters. Specialized job boards like CyberSecJobs, InfoSec Jobs, and RemoteOK are also excellent. Additionally, government job portals frequently seek cybersecurity talent.