Learn about information security engineers

Information security engineer is the one who builds and maintains IT security solutions for an organization.

In this intermediate position, you will develop security for your company's systems / projects and handle any technical issues that arise.

What do information security engineers do?

Responsibility of information security engineers

On any given day, you may face challenges such as:

1. Create new ways to solve security issues in the existing manufacturing sector.
2. Configure and install firewalls as well as intrusion detection systems.
3. Perform vulnerability testing, risk analysis and security assessment.
4. Develop automation scripts to handle and track incidents.
5. Investigation of intrusion incidents, conducting forensic investigations and responding to incidents.
6. Collaborate with colleagues to find authentication, authorization and encryption solutions.
7. Evaluate new technologies and processes to enhance security.
8. Check security solutions with industry standard analysis criteria.
9. Provide technical reports and official papers on test results.
10. Answer information security issues at each stage of the project.
11. Monitor changes in software, hardware, facilities, telecommunications and user needs.
12. Identify, implement and maintain company privacy policies.
13. Analyze and advise on new security technologies, suitable for the program being used
14. Proposed amendments in the legal, technical and regulatory areas affecting IT security.

In a large organization, you will often report to a manager about security.

Distinguish information security engineers and security analysts

In Sesame Street terms, information security engineers often repair systems, while security analysts try to break them. Security analysts are more interested in exploring risks and weaknesses (by methods like pentesting, auditing, etc.), while information security engineers will build solutions. stronger security (such as firewalls, IDS, etc.).

As you can see, there are many similarities in job descriptions. Articles about information security engineers and security analysts are also quite popular.

Career path of information security engineer

When choosing an information security engineer job, you may be more interested in positions with management oversight and flexibility in this profession:

1. Information security architect
2. Information security management
3. Information security advice

From there, you can move on to positions like:

1. Information security director
2. CISO

The same work

The term "Information Security Engineer" has several 'synonyms' that you can see in the current labor market such as:

1. Network security engineer
2. Engineer to ensure information security
3. Information security engineer
4. Information system security engineer

NOTE: Network security engineers have the same responsibilities and basic tasks as information security engineers, but they focus primarily on network security. This includes the implementation, maintenance and integration of WAN, LAN and server structures.

Salary of information security engineers

According to Payscale, the average salary for an information security engineer is $ 85,177 (2014 data). Overall, you can expect a salary of $ 55,338 to $ 127,123. This includes your annual basic salary, bonuses, profits, tips, commissions, overtime pay and other forms of cash income (if any).

Job requirements of information security engineer profession

Degree requirements

The job of an information security engineer is a high-tech job, so employers will expect you to have a bachelor's degree in computer science, network security or a related field.

What if you don't have a college degree? You may want to consider achieving a master's degree with a focus on IT security. You can supplement with work experience, training and other certifications.

Work experience

Work experience requirements depend on your organization size and scope of responsibility. May be from 1 to 10 years of experience. The position of senior information security engineer tends to require about 5-10 years of experience.

Hard skills

The more tools you have in your arsenal, the more attractive you become. So you can get acquainted with:

1. IDS / IPS test, penetration test and safety test.
2. Firewall and intrusion prevention / detection protocols.
3. Practice secure coding, simulating forms of threats, attacks.
4. Windows, UNIX and Linux operating systems.
5. Virtualization technology.
6. MySQL / MSSQL database platform.
7. Principles of identity management and access.
8. Application encryption and security technology
9. Secure network architecture.
10. Subnetting, DNS, technology and encryption standards, VPN, VLAN, VoIP and other network routing methods.
11. Web-related networks and protocols (eg TCP / IP, UDP, IPSEC, HTTP, HTTPS, routing protocols, etc.)
12. Advanced Persistent Threats (APT) - Advanced continuous threats, phishing phishing techniques, network access control (NAC), anti-malware port and advanced authentication.

Soft skills

In general, information security engineers are known for their ability to solve complex problems and creative capabilities.

You will have to spend some time to work with an IT team, so employers will seek proof of strong speaking and communication skills from you. They also want to see that you are able to work long hours under high pressure.

Certificates for career information security engineers

There are many different certifications that you may want to consider when building your career. None of these are mandatory. Here are a few common IT certificates:

1. CEH: Certified Ethical Hacker
2. CCNP Security: Cisco Certified Network Professional Security
3. GSEC / GCIH / GCIA: GIAC Security Certifications
4. CISSP: Certified Information Systems Security Professional

See more:

1. What is network administrator doing? Need to learn what?
2. 7 useful habits with freelance software developers
3. Top 6 qualities of IT employers looking for