Great question. In a small company you have the "daily review" of hot & new issues. There are always surprises and those long-standing complex issues. This part of the job requires high collaboration plus secret keeping.
In addition, we are always busy testing, buying and rolling out new tools and security controls. This is project-based with clear goals and deadlines.
Finally, we read, tinker and code to understand new and old security topics and improve our specializations in both depth and breadth. Usually solo, or wit one or two belping, this might be nights & weekends for junior positions. As you have more to contribute at the job or on open source projects this is often the most rewarding work.
This professional recommends the following next steps:
- Get to work. Help on an OWASP open source project too.