Security Engineers act as the first line of cyber defense for a company. They assess vulnerabilities and weaknesses within company systems and networks and perform active security to prevent the loss of information or the slowdown of business.
These engineers use a variety of software suites and tech tools to monitor for intrusion and detect vulnerabilities. They maintain and upgrade networks and systems to protect businesses and train employees and staff to report and avoid phishing techniques, and more. By monitoring, testing, and upgrading current IT infrastructure, these professionals save companies many millions of dollars in loss and downtime.
While a degree isn’t strictly necessary, candidates typically possess a bachelor’s degree in computer science or cybersecurity. The ideal candidate will have great interpersonal skills, and be fluent in common programming languages. Further, they’ll need excellent time management skills, a keen attention to detail, and an analytical mind.
Sample job description
Our company operates on the singular premise of keeping the world safe from cyber threats. We fight this arms race by using cutting-edge technology and the most up-to-date security protocols. The best technology in the world won’t go as far as the person using it, however. This is why we search for best-in-class security engineers who can use these tools to their full potential.
We believe that a company should feel confident doing business online, and their customers should feel safe using their services. We want to create a world where everyone can operate freely and securely in the online marketplace without the risk of compromises or fear of security breaches. If you have a passion for cybersecurity, and you have the right mindset and commitment to our mission, we would love to hear from you!
Typical duties and responsibilities
- Constantly stay up to date on the latest security and technology trends within the cybersecurity field
- Research and develop protocols for old and emerging threats
- Design and implement disaster recovery plans, as well as general contingency plans for security breaches
- Monitor company traffic within guidelines and expectations and investigate potential intrusions, attacks, or unusual activity
- Test and evaluate current security
- Design and maintain an IRP for the company
- Use standard analytical tools to detect and prevent vulnerabilities and discover threat pattern
- Participate in ethical hacking white hat simulations against the company
- Maintain company firewalls and encryption as first lines of defense
- Control access management for staff and guests
- Participate in meetings and present recommendations/concerns to management and stakeholders
Education and experience
- Bachelor’s degree in computer science, cybersecurity, engineering, or related field
- Minimum 3 years experience in a cybersecurity position
Required skills and qualifications
- Outstanding verbal and written communication skills
- Excellent attention to detail
- Working understanding of cybersecurity toolsets and detection and prevention systems
- Fluent in common programming languages
- Excellent organizational skills and time management
Preferred qualifications
- Experience administering access within Linux and Windows systems
- Experience working in a SOC
- Experience with creating diagrams, infographics, workflows, and other presentation points
- Experience with Splunk and EPS
- Experience delivering presentations to a wide variety of audiences and distilling useful information into understandable formats
Average salary and compensation
The average salary for a Security Engineer is $114,750 per year in the United States, with a potential for cash bonuses per year. Salary may depend on the level of experience, education, and geographical location.
| Location | Salary Low | Salary High |
|---|---|---|
| Phoenix, Arizona | $114,100 | $154,400 |
| Los Angeles, California | $128,750 | $174,200 |
| Denver, Colorado | $107,300 | $145,150 |
| Washington, DC | $130,700 | $176,850 |
| Miami, Florida | $106,800 | $144,500 |
| Orlando, Florida | $98,500 | $133,300 |
| Tampa, Florida | $99,600 | $134,600 |
| Atlanta, Georgia | $104,350 | $141,200 |
| Chicago, Illinois | $119,950 | $162,300 |
| Boston, Massachusetts | $129,750 | $175,500 |
| Minneapolis-St. Paul, Minnesota | $103,400 | $139,900 |
| New York City, New York | $136,550 | $184,750 |
| Philadelphia, Pennsylvania | $111,200 | $150,450 |
| Dallas, Texas | $108,250 | $146,500 |
| Houston, Texas | $107,300 | $145,150 |
| Seattle, Washington | $124,850 | $168,900 |
| National Average | $97,550 | $131,950 |
Typical work environment
Security Engineers work in an office as part of a team. They may find themselves traveling and commuting for meetings or traveling to physical server/user locations for on-site work. This position is done primarily on a computer and, as such, can potentially be done remotely.
Typical hours
The typical work hours for a Security Engineer in an office setting are 9 AM to 5 PM, Monday through Friday. Freelance or agency engineers may have more flexibility in their hours worked. This position may come with a requirement to be monitoring traffic during off-hours, weekends, or holidays. There may even be an on-call for this position as well, depending on the company’s preference and risk tolerance.
Available certifications
As Security Engineers work in a variety of industries, there are many institutions that offer certifications, including:
- Security+. This entry-level certification provided by CompTIA demonstrates the holder’s ability to perform basic skills such as monitoring and securing typical business environments and have a general understanding of the laws and regulations in order to maintain risk compliance. You’ll be taught to recognize incidents that require attention and how to respond to security threats. This certification is an excellent first step into the cybersecurity world.
- CISSP. The Certified Information Systems Security Professional is highly prized among IT professionals. By obtaining this certification, you’ll prove you’re highly capable of advanced-level planning, implementation, and monitoring of network security.
- CISM. The Certified Information Security Manager demonstrates you’re more than capable of handling the senior management side of an information security operation. If you’re looking to learn how to develop programs and master the art of risk management, especially if you’re looking to move to a management position, look no farther than the CISM.
- CISA. By obtaining the Certified Information Systems Auditor credentials, you’ll demonstrate your ability to assess and prevent security vulnerabilities. You’ll understand how to design and implement security controls and systems while reporting and documenting compliance and risk assessments. This is a fantastic addition to your resume to bolster confidence in any hiring team looking.
Career path
The journey to becoming a Security Engineer begins by earning a bachelor’s degree in computer science, engineering, cyber security, or some related field.
After obtaining a degree, it’s a great idea to become fluent in some programming languages and familiarize yourself with the common toolsets and systems used for forensic cybersecurity.
Getting a junior position as an analyst or engineer will get you an excellent position to gather experience while learning more about the ins and outs of the field.
US, Bureau of Labor Statistics’ job outlook
SOC Code: 15-1212
| 2020 Employment | 141,200 |
| Projected Employment in 2030 | 188,300 |
| Projected 2020-2030 Percentage Shift | 33% increase |
| Projected 2020-2030 Numeric Shift | 47,100 increase |
Position trends
In the digital age, it makes more and more sense for criminals to hit companies where it’s most critical, in their digital infrastructure. Stealing information, or gaining access to critical systems is far more lucrative and damaging than people realize, and it’s far safer and more reliable than mounting any sort of attempts in the real world.
For every would-be criminal that tries to hack, phish, scam, or otherwise infiltrate vital business systems, companies are more than willing to hire teams of well-rounded experts to keep their data and operations safe.
For this reason, you’ll continue to see a massive increase in the need for these types of positions well into the future.
Sample interview questions
- What are the most common vulnerabilities you see in network security?
- What is port scanning?
- Can you explain the CIA triad?
- What’s the difference between IDS and IPS?
- What’s the purpose of a firewall?
- Would you consider yourself an excellent communicator?
- What programming languages do you know?
- What does WAF stand for and what does it mean?
- What does XSS stand for and what does it mean?
- Can you name the 7 layers of the OSI model?
- How would you identify and prevent a brute force attack?
