Answer: Security Auditors plan and conduct audits & provide consultation on security risks associated with IT. They suggest suitable controls at the operating system, network & database levels at the customer's end. Their responsibilities include identifying & assessing risks as well as developing & executing appropriate tests of controls. To be a Security Auditor, one needs to be experienced with various protocols, firewalls, penetration testing tools, authentication systems remote access, virtual private network, PKI & digital certificates, network operating systems & vulnerabilities. Demonstrate technical abilities to lead technical teams. Qualification wise, one must be a BE/ MBA with ISACA/ CISA certification. So there are no junior level positions in these. One should gain 3-4 years of experience in software development and various technologies, then obtain a certification, and then only apply for jobs in the security side of IT business.