The Short Version
A Security Engineer builds and maintains IT security solutions for an organization.
In this intermediate-level position, you will be developing security for your company’s systems/projects and handling any technical problems that arise.
Security Engineer Responsibilities
On any given day, you may be challenged to:
Create new ways to solve existing production security issues
Configure and install firewalls and intrusion detection systems
Perform vulnerability testing, risk analyses and security assessments
Develop automation scripts to handle and track incidents
Investigate intrusion incidents, conduct forensic investigations and mount incident responses
Collaborate with colleagues on authentication, authorization and encryption solutions
Evaluate new technologies and processes that enhance security capabilities
Test security solutions using industry standard analysis criteria
Deliver technical reports and formal papers on test findings
Respond to information security issues during each stage of a project’s lifecycle
Supervise changes in software, hardware, facilities, telecommunications and user needs
Define, implement and maintain corporate security policies
Analyze and advise on new security technologies and program conformance
Recommend modifications in legal, technical and regulatory areas that affect IT security
In a large organization, you will typically report to a Security Manager.
Cybersecurity: Managing Risk in the Information Age online short course
Security Engineer Vs. Security Analyst
To put it in Sesame Street terms, Security Engineers like to fix systems and Security Analysts try to break them. Analysts are more concerned with probing for risks and weaknesses (pentesting, auditing, etc.); engineers are more intent on building robust security solutions (firewalls, IDS, etc.).
Having said that, we’ve seen a lot of crossover in job descriptions. Postings for “Security Analyst/Engineer” are pretty common.
Security Engineer Career Paths
Once you’ve made a name for yourself as a Security Engineer, you might be interested in positions with more managerial oversight and career flexibility:
From there, you could work your way into a C-suite position such as:
The term “Security Engineer” has a few immediate siblings in the job market:
Network Security Engineer
Information Assurance Engineer
Information Security Engineer
Information Systems Security Engineer
NOTE: Network Security Engineers have the same basic job responsibilities as Security Engineers, but they focus primarily on the security of networking systems. This includes implementing, maintaining and integrating WAN, LAN and server architecture.
SECURITY ENGINEER SALARIES
According to Payscale, the median salary for a Security Engineer is $85,177 (2014 figures). Overall, you can expect to take home a total pay of $55,338 – $127,123. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
SECURITY ENGINEER JOB REQUIREMENTS
The job of a Security Engineer is a highly technical one, so employers will expect you to have a bachelor’s degree in Computer Science, Cyber Security or a related field.
Don’t have an undergraduate degree? You may wish to consider gaining a master’s degree with a concentration in IT Security. You can supplement this qualification with work experience, training and certifications.
Work experience requirements depend a good deal on the size of your organization and the scope of your responsibilities. We’ve seen everything from 1-10 years of experience required. Senior Security Engineers tend to fall in the range of 5-10 years.
The more tools you have in your arsenal, the more attractive you will be as a job candidate. So you may wish to get familiar with:
IDS/IPS, penetration and vulnerability testing
Firewall and intrusion detection/prevention protocols
Secure coding practices, ethical hacking and threat modeling
Windows, UNIX and Linux operating systems
MySQL/MSSQL database platforms
Identity and access management principles
Application security and encryption technologies
Secure network architectures
Subnetting, DNS, encryption technologies and standards, VPNs, VLANs, VoIP and other network routing methods
Network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication
Generally speaking, Security Engineers are known for their complex problem-solving abilities and creative minds.
You’ll be spending a fair amount of time working an IT team, so employers will be looking for evidence of strong oral and communication skills. They also want to see that you’re capable of working long hours and dealing with stress.
Certifications For Security Engineers
We’ve listed a variety of certifications you may wish to consider as you build your career. None of these are necessarily mandatory – check current job descriptions for a sense of what’s popular:
CEH: Certified Ethical Hacker
CCNP Security: Cisco Certified Network Professional Security
GSEC / GCIH / GCIA: GIAC Security Certifications
CISSP: Certified Information Systems Security Professional