I don't really think I can home in on any specific role. Not only can't I pinpoint a job title I don't even faintly know what does someone do in a cyber security field. This is why I asked for your experiences and job titles so I could at least have some vision but I guess this was not good enough......

Could anyone provide me common job titles?

Well, a lot of people involved in cyber security are volounteers, so they don't have official job titles, except perhaps some researchers (and those that work in the antivirus industry - which has its share of general IT guys, marketing guys, software devs etc, not just infosec guys).

I'm an IT manager and software developer by trade as my official job title, but cyber security is one of my sidelines, and something i big up on my resume.

It's an industry you can easily get into if you are determined, by volounteering and stumbling across bugs, declaring them the right way, and/or patching them.

You get paid to break into networks?

No, and that's not what most people involved in cyber security do.

Most people find holes in things (bugs, vulnerabilities, whatever you call them) and report them to the responsible people to be fixed - there are documented ways of doing this that prevent abuse by third parties. Once the bug is declared as patched, the researcher gets credit for their find.

Note that some bugs are easy to find whilst others are HARD to find.

Also some places offer a reward for bugs found, e.g. the magento online store project. in this way, yes, technically you're being payed to break into software (NOT networks).

Being paid to break into a network is something called penetration testing, which is generally done with written prior consent at an hourly rate. The list of what you will and won't do is signed off before you start, as are the hours when you'll be doing the test.

Non-automated penetration tests cost serious money, so if you know what you're doing there's serious money to be made.

So how do you go about finding the bugs and vulnerabilities in software?

Hi,

Check this page and it's open source :)

I use it too :)

https://www.owasp.org/index.php/Main_Page

Hope this helps

HyperV

Yes. Basically I sit in phone meetings with our data center and they tell us if we're up to date on our patches/how many attacks we have (In the tens of thousands per day from random Chinese/Russian IP's). Every once in a while we open up our projects data access layer and see things like unsafe queries/queries being built into .rdl reports because of laziness etc, and we fix that.

And then there was the time we found out a Russian IP managed to install a bitcoin miner on one of our servers because someone clicked on a phishing email, and because of the sensitivity of our business/industry sector the FBI took over for a bit and actually arrested the guy.

Yes. Basically I sit in phone meetings with our data center and they tell us if we're up to date on our patches/how many attacks we have (In the tens of thousands per day from random Chinese/Russian IP's). Every once in a while we open up our projects data access layer and see things like unsafe queries/queries being built into .rdl reports because of laziness etc, and we fix that.

And then there was the time we found out a Russian IP managed to install a bitcoin miner on one of our servers because someone clicked on a phishing email, and because of the sensitivity of our business/industry sector the FBI took over for a bit and actually arrested the guy.

Mind if i ask what industry you work in? I take it that isn't gamedev if the FBI cared to investigate...

I'm not exactly in the industry, but I know people who work for mobile malware companies, where what they do is reverse engineer suspected android apps/apks and see if its malicious, and write a report about it. Sound pretty fun