What each role is actually like.
One page per role. Day-to-day reality, tradeoffs, common backgrounds, adjacent moves and the honest promotion ceiling. Built from the same graph that powers the atlas, not from job descriptions.
Foundations & enterprise IT
Desktop Support
Imaging, app packaging, hardware swaps, deskside escalations, hands-on Windows/macOS estate work.
Endpoint Administrator
Intune policies, Autopilot, compliance baselines, app delivery, the modern desktop estate at scale.
Enterprise Architect
Stakeholder meetings, capability maps, multi-year roadmaps, vendor reviews.
Helpdesk
Phones, tickets, password resets, the literal front door of IT.
Infrastructure Engineer
Hypervisors, storage, network fabric, the layer above the OS and below the app.
IT Operations Engineer
Run-book ownership. Endpoint, identity, light cloud, light networking, occasional firefighting.
IT Support
Ticket queue, password resets, hardware swaps, fast feedback, low autonomy.
Junior Sysadmin
Patching, basic AD, file shares, supervised changes, the apprentice rung of sysadmin.
Sysadmin
Own the boxes. Patching, backups, AD/Linux, the occasional 2am alert.
Virtualization Engineer
vCenter, NSX, storage fabric, the boring layer that keeps the lights on.
Cybersecurity
Adversary Simulation
Long campaigns, C2 OPSEC, custom tooling. Adversary emulation as a craft, not a script-kiddie sport.
AppSec Engineer
Threat-modelling features, reviewing code, hunting bugs in web/mobile, building paved roads with devs.
CISO
Board decks, budget defence, incident accountability, regulator calls. Most weeks are politics and translation, not engineering.
Cloud Security Engineer
Guardrails, CSPM tuning, IaC scanning, incidents in 200 AWS accounts.
Compliance Specialist
Evidence collection, audit prep, ISO/SOC2/PCI cycles, long workstreams with hard deadlines.
Defender/Sentinel Engineer
Sentinel content, Defender XDR tuning, KQL all day, the modern Microsoft detection engineer.
Detection Engineer
Write Sigma/Splunk rules, tune noise, hunt the gap your SIEM missed.
DFIR Analyst
On-call rotations, evidence preservation, timeline reconstruction, security at its most clinical.
Exploit Developer
Weeks debugging a single primitive, bugs, mitigations, ROP, kernel internals.
Forensics Specialist
Disk and memory imaging, chain of custody, court-ready reports, the slowest, most evidentiary lane.
GRC Analyst
Frameworks, audits, control evidence, translating tech into board language.
IAM Engineer
Identity lifecycle, SSO, federation, conditional access, the unsung gate.
Incident Responder
Breaches, forensics, war rooms, the call at 3am that defines the quarter.
Junior SOC Analyst
Tier-1 alert triage. Close the false positives, escalate the rest, learn the playbooks.
Malware Analyst
Reverse-engineering binaries, unpacking, writing YARA, deep solo focus.
Network Security Engineer
Firewalls, segmentation, SSE/SASE, east-west controls, perimeter engineering as a craft.
Pentester
Scope, recon, exploit, write the report nobody reads. Repeat next engagement.
PKI Engineer
Certificate authorities, HSMs, key rotation, signing infrastructure.
Platform Security Engineer
Guardrails, paved roads, golden images, policy-as-code, security inside the platform team.
Red Teamer
Long campaigns, adversary emulation, AD chains, evasion against modern EDR.
Reverse Engineer
Static + dynamic analysis of unknown binaries. IDA/Ghidra, sandboxes, hours of patience.
Risk Analyst
Risk registers, control mapping, vendor reviews. Translating security into business probabilities.
Security Architect
Reference architectures, trust boundaries, design review, security as a systems-design discipline.
Security Automation Engineer
SOAR playbooks, glue scripts, ticket enrichment, replacing your own toil.
Security Manager
1:1s, vendor calls, board updates, budget, security as a people-and-strategy job.
Security Operations Analyst
Triage in Sentinel, run playbooks, investigate XDR incidents. Tier-2 SOC for Microsoft estates.
SOC Analyst
Triaging alerts on rotation, writing tickets, chasing false positives.
SOC Lead
Shift rotations, metrics, vendor management, mentoring tier-1.
Threat Hunter
Hypothesis-driven hunts across telemetry, proactive, low-alert, high-judgment.
Vulnerability Researcher
Bug hunting at scale, fuzzing, CVE drops, conference talks if you're lucky.
Cloud
Azure Administrator
Subscriptions, RBAC, networking, VMs, governance, the day-to-day operator of an Azure estate.
Cloud Architect
Whiteboards, design reviews, cost models, less keyboard time than you think.
Cloud Engineer
Provision, glue services, fight IAM, own one cloud account end-to-end.
Junior Cloud Engineer
Ticketed cloud work. Provisioning, IAM cleanups, supervised changes inside someone else's design.
M365 Administrator
Tenants, Exchange Online, Teams, SharePoint, Entra, the productivity plane of Microsoft shops.
Solutions Architect
Customer calls, reference architectures, PoCs, occasional code review.
Platform / DevOps
DevOps Engineer
Pipelines, infra glue, on-call, the team everyone blames when CI is slow.
DevSecOps Engineer
Bake security into the pipeline. SCA, SAST, IaC scanning, dev advocacy.
Kubernetes Engineer
Cluster ops, operators, networking quirks, helm charts that nobody reads.
Observability Engineer
Metrics, traces, logs at scale. Prometheus, OTel, the cost spreadsheet.
Platform Engineer
Build the paved road. Internal platforms, golden paths, developer experience.
SRE
SLOs, error budgets, postmortems, building the thing that pages you less.
Networking
Junior Network Engineer
NOC-adjacent. Tickets, change windows, supervised configs, 2am pages occasionally.
Network Automation Engineer
Ansible + Python against network gear, CI for configs, less CLI than you'd think.
Network Engineer
Packets, VLANs, BGP at 3am. Methodical, deep, occasionally on-site.
NOC Technician
Monitoring screens, ticket triage, change-window execution, the network equivalent of Tier-1 SOC.