Firewalls, anti-virus programs, and encryption are all part of our everyday lives. If you use mobile banking, pay your credit card online, or buy anything on eBay you have most likely used an app or software designed by a cyber security engineer. The goal of a cyber security engineer is to make sure that computer networks stay as secure as possible. In the event of an attack, cyber security engineers work to recover lost data and provide assistance in tracking down the cyber-criminals. Cyber security engineers work with network administrators, system analysts, and other IT professionals to create networks that organizations and individuals alike can use safely and securely.
What Does a Security Engineer Do?
Security engineers configure and set up firewalls and intrusion detection systems. They literally build the programs that keep data safe. They may also be responsible for responding to network intrusions and running computer forensics to recover lost data and evidence to help identify the cyber-criminal. When new hardware or software is developed, or current installations are upgraded, it’s the security engineer that ensures it’s as safe and secure as it can be before it’s installed and used on the equipment or the network. They do this by creating test plans and scenarios for the hardware and software so they can analyze its performance. They are also the ones tasked with creating security solutions and implementing them to keep the network and data protected.
What are Their Responsibilities, Common Duties, and Tasks?
Since security engineers are typically the designers of the security protocols put into place for an organization’s computer equipment, understanding how said equipment works is an obvious necessity. But there are other tasks engineers are required to perform as well.
Common responsibilities for security engineers include:
- Developing effective computing solutions that increase the security of a company’s projects and overall systems
- Creating new ways to solve existing issues with production and security
- Should possess an advanced comprehension of intrusion detection and prevention protocols
- Handling technical problems that deal with both applications and equipment used for production
- Should possess excellent incident response skills
- Have an above-average understanding of computer forensics
- Possess the ability to work with other engineers to create solutions to computer and networking problems and deploy new strategies to contain and mitigate production problems
How to Become a Cyber Security Engineer
To become a security engineer, you’ll need to have several years of work experience in the IT field. This is a mid-level IT position, so there are several positions a worker may hold before qualifying to become an engineer. There are also educational and certification requirements that need to be met before taking on the tasks of this particular position. For example, an engineer might work as an administrator and/or analyst before moving to this position, or they might have been a programmer first. But, typically, an employee has graduated from college and worked in at least one other IT or computer position for several years before becoming a security engineer. Along the way, they will have developed at least some of the skills outlined in the responsibilities above, as well as various soft skills, and attained some managerial and teamwork experience.
To summarize, here are the steps you might follow to become a cyber security engineer:
- Attain a bachelor’s degree and possibly a master’s degree
- Start out as an administrator in the systems, network, or computer security fields
- Attain three to four years’ of work experience
- Become a CISSP and join the ISC(2)
- Gain some additional work experience, including managerial experience if possible
- Apply for engineer positions
Typical Requirements for Hiring
As was mentioned above, this is not an entry-level position. To get to the level of a security engineer, a worker must attain several years of education as well as several additional years of work experience. Engineers are tasked with building, maintaining, and troubleshooting computer systems and network designs, so understanding how they work as well as the computer languages to create and maintain them is required.
Some typical requirements that an employer will want their security engineers to possess include:
- A bachelor’s degree in Computer Science, Engineering, Information Technology, or a related field plus four years’ work experience in the IT field
- A master’s degree in one of the fields or related fields listed above is not required but is certainly preferred along with three years’ work experience
- If a worker does not have a degree, seven years or more experience working in the IT field could be considered sufficient to replace the education requirement
- Certification as a Certified Information Systems Security Professional (CISSP) and Management Information Systems (MIS) are strongly preferred
- Admission into the International Information System Security Certification Consortium (ISC)2 is strongly desired
- Some security clearances or the ability to gain those clearances
- The ability to pass a criminal background check, a drug test, an education verification check, and a credit check
Employer requirements can vary depending on whether it’s a public or private sector position, the sensitivity of the data being protected, and many other factors. A worker would be smart to determine which sector he or she wants to work in as well as the types of data they want to work with and then try and steer their early education and careers in that direction. Doing this will ensure they have the proper education, certifications, and experience to step into a cyber security engineer position.
Security Engineers should have the following technical and soft skills to effectively function in their position:
- Strong communication skills
- The ability to work with a team to problem solve and execute solutions
- The ability to work independently as needed
- The ability to work effectively under pressure and within tight time frames
- Above-average problem-solving skills
- A high mathematical ability
- Strong knowledge of common computer languages and operating systems, especially those the engineer is tasked to work with
- Capable of keeping logs and performing regular security checks
- Able to develop automation scripts to handle and track incidents
- Be an exceptional multi-tasker
Security engineers earn an average salary of about $88,500. The top 10% earned up to $128,000, while the bottom 10% in the field earned around $59,000. The differences in income are due to experience levels (the more experienced, the higher the salary), geographic location (those working in the Midwest made significantly less than those on either coast), and the employer. For example, a security engineer working for Amazon or Google earned $118,000 and $129,000 respectively, while an engineer doing the same job for Kroger earned $66,000. Other factors include the level of education and the number of certifications. The more education and certifications, the higher the salary.
Outlook & Jobs
Overall, the Information Technology field is in a boom right now. According to the US Bureau of Labor Statistics, this field is anticipating a job growth of 3.9% annually through 2020. This is significantly faster than the average and higher than almost every other field they track. The increase in demand stems at least partially from an increase in the use of cloud services and the Internet overall, as well as an increase in cyber threats throughout the world. Barring a sharp decrease in the use of online services such as shopping, banking, and customer service, the need for IT professionals, including security engineers, is only going to increase. Job opportunities will also develop due to attrition and people shifting from one type of IT position to another, which creates open positions in security engineering. The majority of jobs are in parts of the country with strong technology sectors such as Los Angeles, New York, and Chicago, but other parts of the country also have a need. For example, there is a decent-sized financial hub in Ohio, so the need for IT professionals there is also relatively high. But even smaller areas of the country need security engineers on a part-time or consultancy basis.