Information Security Engineers Keeping IT Secure
Information security engineers apply security principles to all stages of the software engineering life cycle, from requirements analysis through development and on to deployment and beyond. Job duties can be varied; they include those traditionally associated with software engineering as well as those associated with IT.
As a security engineer, you may be responsible for selecting or creating security systems. Creating firewalls is a relatively common job expectation. Other duties may include risk assessment, configuration of systems, and identification of vulnerabilities.
Some employers may ask you to model security threats. You could even be expected to try to hack the system yourself.
You could even be expected to try to hack the system yourself.
You may also be the person who responds to real (and unplanned) incidents and documents them.
Education and Advancement
A career as an information security engineer typically requires a bachelor's degree. If you know the career is right for you, you can opt for degree in security systems or security engineering and information quality assurance.
Classes can include data structures, java and C++ programming, network security, risk analysis, audit, web security, and business continuity (keeping operations going despite risks and incidents). Information security programs are not all the same. Some programs include more classes in computer science and engineering while others include more coursework in IT or business.
You can also break into the field with a degree in computer science or a related field. You may choose to pursue information security in-depth at the master's level. There are prestigious programs offering advanced study in areas like cryptography.
The skill set can be broad. Employers may ask for skill with scripting and database languages. Some jobs will require domain-specific knowledge. If you’re involved with medical data, for example, you’ll need an understanding of HIPAA.
You should be able to discuss and write specialized technical topics in ways that are appropriate for different audiences.
Communication skills are often desired: You may need to educate others. You should be able to discuss and write specialized technical topics in ways that are appropriate for different audiences.
Computer Security Certifications
You can pursue certifications to demonstrate your expertise in security.
One of the most respected security certifications is the Information Systems Security Engineering Professional credential. This is for people who have been in the security industry for a while. You will need experience in at least two of the ten domains. Cryptography, security architecture and design, network and telecommunications security, and access control are among the domains.
Having the CISSP credential is a big accomplishment in and of itself, but you can pursue additional specialty concentrations later. There are three concentrations. The ISSEP is probably the most relevant for the security engineer. (Other concentrations are ideal for architects or managers.)
If you don't have the necessary experience, you can still take the exam and become an Associate.
There are a number of specific security-related competencies that you can get certified in. ISC2 offers certification in secure application development. You don't actually have to have security as your main job role to pursue certification as an ISC2 Certified Secure Software Lifecycle Professional -- you do need to have a few years of experience in the software industry under your belt, though. You might want to pursue this credential if you’re contemplating a career change.
The CISSP credential is a big accomplishment in and of itself.
Auditing is another area to pursue. Still other certifications ask you to demonstrate the ability to think like a hacker. The EC-Council Certified Ethical Hacker credential shows that you can do just that. Part of preventing security breaches is knowing what isn’t secure. Trusted professionals are hired to deliberately hack into websites, thus exposing the vulnerabilities.
If you’ve got some creativity as well as a good grasp of the technical issues, this can be a fascinating field.