We see headlines day after day reporting security breaches to major companies like Target, Chase, Yahoo, and Equifax, often impacting hundreds of millions of customers. Information like drivers’ licenses, home addresses, phone numbers, and even credit card and Social Security numbers have been found vulnerable to malicious hackers again and again, shaking consumer confidence in organizations big and small.
Today, companies in every industry are taking notice and realizing the importance of cyber security. The field is booming, with no signs of slowing down soon.
A cyber security engineer is a mid-level employee who works in the day to day monitoring of an organization’s security system. They typically report to a manager (possible titles include Cyber Security Director or Cyber Security Architect) and may work their way up into one of these cyber security management roles in time.
A cyber security engineer’s day-to-day responsibilities include keeping logs and performing security checks to identify and address new vulnerabilities. They develop scripts to track, report, and handle incidents. Tasks may include configuring firewalls and other security systems, responding to security breaches and performing digital forensics investigations into such incidents, and testing new or upgraded software to ensure its security compliance.
Often a security engineer will be asked to research and recommend security products and strategies, and entrusted with implementing them. They should be able to continually assess situations to predict future security vulnerabilities and work with a team to deploy solutions to stop those breaches before they happen. When security breaches do occur, a cyber security engineer is often the first person to detect the incident, and is responsible for triaging, categorizing, and escalating incidents as appropriate, taking level-headed measures to limit the effects of an incident in the short term and following through to ensure the event is addressed. He may also then be responsible for conducting a post-incident analysis and reporting to superiors on the causes and effects of the event.
A successful cyber security engineer will be familiar with common programming languages and able to work effectively whether independent or as part of a team. Confident knowledge in network security technologies and devices and a strong attention to detail are also helpful.
The title of cyber security engineer is broad in nature and encompasses a wide range of experience and seniority levels. You may be a junior or a senior cyber security engineer, for instance. Some companies may hire entry-level security engineers, while others may require previous experience in other IT fields or even specifically in cyber security.
You can improve your marketability as a cyber security engineering candidate by focusing your education and work experience on cyber security wherever possible, as opposed to general computer science or IT fields.
In most cases, a bachelor’s degree is required for cyber security engineering roles. Relevant fields include computer science or information systems, and increasingly colleges and universities are integrating cyber security into their curricula or even offering concentrations or full degrees in cyber security. If you’re lucky enough to find an organization hiring entry-level cyber security engineers, this may be all you need to get started.
More likely, though, you’ll begin your career in a more general IT role, as a network administrator, systems engineer, or software developer. Even in these roles, it may be possible to focus your energies on cyber security projects.
Even if it isn’t, though, this is valuable work experience that will serve you well in working towards a job as a cyber security engineer. So how do you bridge the gap? If on-the-job cyber security opportunities don’t seem to be presenting themselves (and even if they are), consider a professional certification to bring your resume to the next level and put you on par with other highly qualified cyber security professionals.
There are thousands of IT certifications available, and it can be difficult to determine which are truly valuable in becoming a cyber security engineer. Below are some of the most common and well-known certifications that are respected in the industry and will show employers you’re serious about building your cyber security skills.
The most widely known and respected cyber security certification, a CISSP certification exam covers access control, cryptography, operations security, and more. From their website: "Earning the CISSP proves you have what it takes to effectively design, implement, and manage a best-in-class cybersecurity program." Learn more about CISSP certification.
"CASP is the only hands-on, performance-based certification for practitioners - not managers - at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP-certified professionals figure out how to implement solutions within those policies and frameworks." Learn more about CASP certification.
SANS offers a number of certifications for cyber security professionals. The GIAC Information Security Professional (GISP) certification is ideal for "anyone new to information security with soe background in information systems and networking" or “security professionals who want to fill the gaps in their understanding of technical information security."
In certain industries (especially those within or those who contract with government agencies) may require some level of active Department of Defense Security Clearance.
PayScale places the median salary for cyber security engineers at $94,043. Experience has an effect on pay, with junior cyber security engineers earning slightly less than those with more seniority. Those with security risk management skills may be paid slightly more than their peers without this particular skill.
Job outlook is strong and will continue to grow. As enterprise and traditional companies continue to make transformations into the digital space, they’ll need to update their security practices as well in order to keep up with digital native companies; enterprises making digital transformations will need to earn and keep the trust of their customers all over again, and cyber security is at the heart of that need.