Security EngineerJob Description, Salary, Career Path, and Trends

Sample job description #1

As a Backend Security Engineer, you’ll be seeking out security issues, finding solutions, and implementing fixes in the ABC Company server infrastructure. The ideal candidate has experience securing consumer product server APIs and a passion for virtual reality. If you’re interested in seeking out exploits and stomping them out, then this role could be right up your alley.

Job & team impact

Your work will directly impact the user experience for millions of ABC Company users. Vulnerabilities in ABC Company’s server infra can lead to a negative impact on a user’s experience in ABC Company and your job is to keep that from happening!

Duties & responsibilities

• Take the lead in finding and fixing security vulnerabilities in the ABC Company server infrastructure
• Collaborate with various teams to assess, design and fix security-critical code
• Help architect Safety by Design features within the ABC Company platform

Experience, skills & qualifications

• 3+ years experience in securing consumer facing backend stacks
• Have experience with using cloud providers at scale, such as AWS or Google Cloud
• Be able to work in a variety of languages, especially Node.js, Golang, and C#
• Strong cross-team communication skills

Bonus points

• Demonstrated interest in VR, online communities, or be a ABC Company user and creator! Knowing how our platform and community works will be extremely helpful for this role
• Experience working on a “live” app, shipping frequent updates and responding to user feedback

Sample job description #2

We are looking to hire a security engineer to cover the technical aspects of the application and cloud security. You will be joining as the first security engineer in a security team of three people, therefore you will have complete freedom and responsibility to influence our tooling, processes, and direction. You will work closely with our product, engineering, and infrastructure teams to collaborate on security-related topics and evangelize security best practices.

You will be reporting to ABC Company’s Director of Security and Compliance who oversees everything related to our security, privacy, and compliance obligations.

Here are some of the projects you’ll be working on:

• Investigate web application security vulnerabilities found by penetration testers and automated scanning tools. Reproduce the issues, determine the business impact, implement a fix, and respond to the original report
• Scope and manage our third-party penetration tests and HackerOne bug bounty program
• Build on our current application security scanning tools of Brakeman, Dependable, and Beagle Security to increase test coverage and accuracy of findings
• Consult on engineering projects before work begins to ensure security, privacy, and compliance considerations are scoped into the work. Provide guidance and best practices for the secure implementation of features
• Improve our monitoring and logging capabilities to enhance our ability to detect suspicious behavior, and decrease incident response time
• Respond to potential incidents by analyzing logs using tools such as Datadog and working with our customer success team to communicate the correct message to customers
• Review cloud infrastructure deployments and configuration changes for security issues in platforms such as AWS, Heroku, and GCP

To be successful in this role you will have:

• Excellent communication skills, in writing and verbally. You’ll be able to work asynchronously and summarize complex concepts for non-technical people to understand. You’ll be confident in creating short videos to explain ideas and share security knowledge with others in the company.
• Experience writing and reviewing ruby, rails, and javascript code to find and fix security issues
• Implemented new security features within applications, and have experience building and using security automation and monitoring tools
• A strong understanding of security architecture, risk analysis, network security, identity management, and security monitoring
• Worked with engineering teams to provide guidance and best practices for the secure implementation of new features
• Experience of penetration testing and looking for vulnerabilities in applications
• A keen interest in staying up to date with the latest application security vulnerabilities, tools, and best practices, and sharing your knowledge with others

Sample job description #3

We’re looking for an Security Engineer to join ABC Company working at our (City, State) location or Remotely in US. The Security Engineer will work in the ABC Company Cloud Protection and Licensing (CPL) business securing the world’s cryptographic infrastructure – the keys, the algorithms, and the business logic. We are safeguarding some of the biggest names in technology, and are securing over 80% of the world’s banking transactions. Our Security Engineer are part of a global team supporting product development as subject matter experts in topics such as threat modeling, security architecture, secure coding, cryptography, and vulnerability assessment. We assist in all elements of product security; help teams make risk-based decisions, and educate and elevate the security maturity of the teams in a manner that will scale.

Key responsibility

• Work closely with security champions and product teams to enable and support risk-based decision-making that pragmatically balances security, performance, and compliance to ensure that products are not just secure, but usable for real world use case
• Act as a subject matter expert on projects and initiatives relating to security
• Train the engineering organization to improve their security maturity, awareness, and judgement during all phases of product development
• Contribute to the development of a high quality product security program
• Stay abreast of the evolving threat landscape
• Explore security topics that interest you and develop your skills in those areas

Required skills and experience

• Bachelor’s degree in information security, information technology, computer science, computer engineering, or another equivalent field of study; or equivalent work experience
• 2+ years of experience in application security
• 2+ years of experience in solving challenging security problems using knowledge and/or skills in one or more of the following areas:
• Threat Modeling and Risk Assessment
• Cryptography & Secure Protocols
• Vulnerability Assessments/Penetration Testing
• Tool Assisted & Manual Code Reviews
• Vulnerability Management
• Secure Development Lifecycles
• Effective oral and written communications skills
• Ability to collaborate successfully in a team environment, be sensitive to needs of the teams, and effectively develop relationships across disciplines
• Travel: 25%

Preferred qualifications

• Smarts, curiosity, humility, and a positive personality; an open-minded approach to work; and equal willingness to both learn and teach
• A desire for learning and understanding the security discipline, and a commitment to sharing with the community
• Experience with security of IoT devices, embedded systems, or HSMs
• Understanding or experience with hardware security and attack techniques such as physical tampering, counterfeiting, side-channel attacks, or glitching
• Experience in developing, deploying, and/or automating security tools to identify security flaws in products
• Experience with security testing, CICD Pipelines, and automation
• Experience with software development, modern programming and frameworks, and agile development practices
• Professional experience building products in at least one high-level programming language
• Knowledge of how to read (and break) code in languages such as C/C++, Java, or Go
• Experience with web application security technologies, frameworks, protocols, API Security, mitigation techniques, and potential pitfalls
• Experience with cloud deployments, GCP or other cloud platforms, cloud technologies such as Kubernetes, and relevant security concepts

Sample interview questions

• What are the most common vulnerabilities you see in network security?
• What is port scanning?
• Can you explain the CIA triad?
• What’s the difference between IDS and IPS?
• What’s the purpose of a firewall?
• Would you consider yourself an excellent communicator?
• What programming languages do you know?
• What does WAF stand for and what does it mean?
• What does XSS stand for and what does it mean?
• Can you name the 7 layers of the OSI model?
• How would you identify and prevent a brute force attack?