Three of the most common questions about cybersecurity engineers are:
- What is a cybersecurity engineer?
- What does a cybersecurity engineer do?
- How to become a cybersecurity engineer?
This post will answer these questions about cybersecurity engineers (or you can check out the other 4 cybersecurity roles) and provide an outlook on the job market.
So What Is A cybersecurity Engineer?
Cybersecurity engineers create systems that are the backbone of companies. They are the architects of security appliances and software. Engineers are amongst the most common role within cybersecurity. Without them, the world of cybersecurity could not exist.
What Does A Cybersecurity Engineer Do?
Engineers represent the largest number of cybersecurity jobs. They build the systems used in cybersecurity. They also are responsible for maintaining security solutions once completed. Some companies have teams of engineers that do both functions, while others have separate teams. Some organizations hire contractors for building and/or maintaining their security appliances.
Cybersecurity Engineers Working Environment
In the world of cybersecurity, engineers work in every environment because every company needs them. Every industry hires cybersecurity engineers, so they could specialize in healthcare, government, finance, etc. There are government regulations and standards unique to each industry so many cybersecurity engineers specialize.
Cybersecurity Engineering Process
There are several methodologies for the engineering process. Typically, cybersecurity engineers will get projects from executive leadership. Stakeholders can be internal or external to their company. Some cybersecurity engineers will work on developing the solution, and others work on sustaining existing solutions. A simple breakdown of a typical process is:
Categories Of Cybersecurity Systems
There are two main categories of security systems, network-based, and host-based solutions. Several types of security solutions function in a similar manner on both of these levels, like firewalls, or intrusion detection/prevention systems. Other systems like VPN’s or anti-virus scanners function at only one level. Smaller companies will have one team controlling both, while larger companies will have separate teams handling network or host solutions.
Network Security Systems
The world of network security is built right on top of basic and advanced networking. Network Security Engineers need to understand the TCP/IP stack and how machines communicate with each other. The systems they work on include:
- Network Intrusion Detection/Prevention Systems – Detect and/or prevent attackers from entering a network.
- Network Firewalls – A simple firewall is programmed to either block or allow specific IP addresses and/or ports and protocols from passing through. Modern firewalls are complex and capable of doing much more, like performing stateful packet inspection.
- Web Proxy – A device that is capable of inspection web traffic, taking the load off of other devices like firewalls. Modern proxies are capable of doing break-and-inspect on secure traffic in addition to regular traffic.
- Network Load Balancing – Not mainly a security appliance, but included because availability is equally important in information security
Host-Based Security Systems
The world of host-based security focuses on endpoints, whether they are servers or clients. Clients are everyday machines owned by users, while servers are the beefier devices used to do the heavy lifting. Security Appliance Engineers work primarily with the 6 types of host-based security:
- Signature Anti-Virus – Scans files for known bad content
- Heuristic Anti-Virus – Scans files running for bad behavior
- Reputation Anti-Virus – Scans hashes of executable files and allows all known good versions to run
- Host Intrusion Prevention – Scans processes, system calls, etc for bad behavior
- Host Firewall – Blocks unwanted traffic to the endpoint
- Application blocking – Allows only desired, trusted applications to run or blocks all unwanted applications from running
Cybersecurity Engineer Requirements
Cybersecurity engineers require a diverse skillset. Scripting and coding skills are very important, but the level of depth and language used varies. Understanding the various operating systems is important. They must have customer service skills as well. Finally, the best cybersecurity engineers understand how attackers function. Studying hacker methodology, vulnerabilities and exploits helps them to build more secure systems.
Network Security Engineer Skills
Network Security Engineers have to understand the basics of routing and switching. They have to design networking systems that funnel traffic through network security devices. Netsec Engineers must be able to program settings on routers and switches, and most of them use a variant of Linux or cisco language commands. Many devices run off of proprietary flavors of Linux, so familiarity with a wide variety of tools is a must. Scripting in Linux with bash is a key requirement for advanced functions as well.
Security Appliance Engineer Skills
Security Appliances mostly run on windows, although some do run on proprietary flavors of Linux as well. They have to understand the basic functions of the windows environment because that is what most organizations use. Scripting languages are usually Powershell, Bash, and Python and knowing how to query SQL databases. Being able to read log files in HTML/XML format is also a must. Many appliances have advanced graphical user interfaces (GUI) so the bar for entry is a little lower in this realm. Performing higher-level functions typically does require more scripting knowledge.
Software Security Engineers
Cybersecurity Engineer Jobs
The job market for cybersecurity engineers is great. There are plenty of jobs available from entry-level to advanced. The most difficult part is finding the right keywords that employers use for their job listings. The biggest driver in salary will be location and company. If you are looking for government jobs you might need to live near military bases. If you are looking for start-ups silicon valley is where you should be.
Network Security Engineer Jobs
A simple search for network security engineer on Indeed yielded over 33,000 jobs in the United States as of this writing. The average salary in Indeed is $116,000, Linkedin has the average at $90,000, and Glassdoor’s average is about $80,000. The top 5 most common skills listed on the first 50 jobs are:
- Cisco certification (CCNA/CCNP)
- Firewall/IPS/VPN experience
- TCP/IP stack
- Juniper/Palo Alto firewall experience
- Network Access control solutions (NAC, AAA)
Security Appliance Engineer Jobs
The trick for this particular role is to search for the security appliances that you are interested in. A search for security appliance engineer resulted in only 200, while cyber security engineer yielded over 18,000 with some network security jobs mixed in. When searching for these jobs, be mindful of the requirements prior to applying. Salaries for cybersecurity engineers rangers from $85,000 on glassdoor, to $90,000 on Linkedin and $109,000 on Indeed. The top 5 most common skills in the first 50 jobs are:
- Windows (active directory, server, PowerShell)
- Endpoint security (Symantec, Mcafee, Tanium, etc vendors)
- Risk-Management Framework
- Security+/CISSP certifications (more for government jobs)
- Troubleshooting/log reading skills
Software Security Engineer Jobs
Software security engineers are in very high demand because they require the highest degree of skills. Understanding how to program, enjoying it, and doing it well is a rare combination. A quick search on Indeed shows over 54,000 openings. The estimated salaries for software security engineers range from $99,000 on Glassdoor to $107,000 on Indeed and $119,000 on Linkedin. The top 5 skills listed in the first 50 jobs are:
- C++ programming
- SQL programming
- Experience debugging code
- Understanding secure coding best practices
How To Become a Cybersecurity Engineer?
The easiest path to becoming a cybersecurity engineer would be to get a 2 or 4-year degree but it is not a requirement. To maximize your chances of successfully obtaining a position, be sure to have a relevant certification like CCNA for network security engineers, or security+ for security appliances engineers. Don’t just pass the test and data-dump, actually build a home lab and practice the learned skills as much as possible. For security software engineers, building a portfolio of completed projects is important as well.
Cybersecurity Engineering Is Vital
Without the builders, the world of cybersecurity would slow to a halt. These engineers are vital to the flow of secure traffic through networks and endpoints. This article answered the following questions:
- What is a cybersecurity Engineer?
- What does a cybersecurity engineer do?
- How to become a cybersecurity engineer?
Check out information about the other cybersecurity roles.