Roles can be categorized by disciplines and can vary in the degree of specialization. Depending on the size of a Cybersecurity Program and the maturity of its operation there are more a less of the teams below. In some cases there might even be wildly specialized teams that we don't even have on the below list yet. In other cases there might only be one Cybersecurity role in the whole organization.
This team is also known as Computer Systems Incident Response Team (CSIRT). It's team members strive to fully contain any size of cybersecurity incident and eradicate any threat from your systems and networks. It also provides forensics for any kind of cybersecurity incident, which includes incidents with external and internal threats. Here are some roles that you would find in such a team:
The SOC is the team that watches alerts, investigates them, and responds to them by either escalating to DFIR/CSIRT or by issuing pre-defined/authorized Response Actions. This team usually works 24×7 and therefor has night shifts and often requires work on weekends. It is great as an Entry-Level (SOC Analyst L1) because it exposes you to all kinds of cybersecurity incidents and teaches you things like the cybersecurity kill-chain and the beginning of the IR workflow/process. Here are some roles within this team:
The Security Engineering Team is usually closest to the IT Infrastructure team. Often the team members have worked in IT Infrastructure at some point during their career. This team usually maintains the security tool set. This team also performs security architecture reviews (aka Threat Modelling) for other IT teams. This team is often the starting point for a Cybersecurity program. Here are some roles within this team:
In this space you find the paper generating strategists of the cybersecurity profession. Here are some roles you typically find in GRC type teams:
In an organization that produces digital services and goods, there is usually a team responsible for the security of its products. Depending on the product you would need some of the roles from this list:
This team specializes in testing the security posture of the org with the goal to provide valuable insight into present vulnerabilities and weak configurations. Here are some roles within such a team:
The BOSS of it all. This person gets to translate the complicated matters of cybersecurity to the C-Level and the Board of Directors. This person also acquires and manages budget and headcount. Defines overall Cybersecurity Program and comes up with Vision, Roadmaps and other strategic things. Needs Monk-like ZEN abilities.