7

I'm starting my MS in Computer Science (I hold a BS currently) soon and I'm considering specializing in cyber security. I'll be taking courses such as cryptography, biometrics, network security, computer architecture, and information and security among other things. I've been looking around at what jobs would be available to me and security engineer seems like something I would be interested in. What kind of tasks does this job entail? Is this more of a networking field or can I get my hands on some programming and software engineering in here?

MGZero
  • 225
  • 3
  • 6

3 Answers3

8

Security engineer in a broad spectrum defines several responsibilities and roles. To have a bird's eye view there are several categories that exist. It can be broadly classified as developers - one who develops security tools, and analysts - who use these security tools to measure security.

Cryptography: It is involved with writing algorithms that have to do with encryption, authentication and stuff like that. Generally, these are the developers of the security field, who actually develop software for security and analyzing security. Not many do things like this because it is very advanced and sophisticated and requires great knowledge in Math.

Biometrics: This is another broad field. It covers security of physical applicances in conjunction with actual human intervention, such as fingerprint security, retina scan etc. Generally, hardware engineers and embedded software developers design these kinds of devices.

Information Security: This is the category where computer science and IT engineers come in. It includes fields such as network security, cryptography, etc.

To have a better idea take a look at this site which may give you a good idea.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Madusudanan
  • 388
  • 1
  • 3
  • 9
7

While I think it's a great question, I think it's far too broad of a topic to get a decent answer.

A "Security Engineer" is a very vague title. It could range from software development to hardware design/development to implementation or management.

Without know what the curriculum is, it's hard to say what you would learn and what particular skills you would walk away with.

Steve
  • 15,155
  • 3
  • 37
  • 66
  • Yep - seems like you're learning about software development security, but the job title you've identified is too generic to be meaningful. It could indicate a software development security specialist, or a network security person, or a security process consultant specializing in software, or *anything*. So narrowing down the role is probably a good idea - if you're a security developer, network security would probably be suboptimal! – TristanK Jan 19 '12 at 00:40
4

There's a lot you can do as a security engineer! It also depends on the age of your organization. If you're joining a small security team, you'll wear a lot of different hats. If you're joining an established team, you might specialize yourself.

All in all, your job can be summarised in four steps:

  • understand your scope - what do you need to protect? What applications, or processes, or human beings do you need to secure?
  • get the big picture - once you know what belongs in your basket, figure out what's in there. Other engineers might focus on different aspects of the product, but you need to focus on EVERYTHING. Think of attackers: they only care about the low-hanging fruit, the easy ways in. This is what you have to secure. Usually this means that you'll have to read a lot of documentation, attend a lot of meetings, read a lot of code, and do threat models of the system. At some point, you'll probably be the one who understands the most about your company.
  • prevent - Once you've analyzed what the low-hanging fruit are: fix them. This might mean collaborating with other teams, or delegating work to others, or giving training, or doing it yourself. It depends on how much time you have, how cooperative others are, how much management is supporting you, etc.
  • react - Incidents happen, and you'll have to figure out how to fix things, how to talk to the people who reported bugs, and so on.

The takeaway is that you need to be passionate about security, you need to be curious, and you need to have soft skills.

I summarized most of these, and more, in the Security Engineer Handbook. I advise you to take a look at it, as I had new security engineers in mind when I wrote it.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Mark Wisde
  • 41
  • 1
  • Your answer focuses on the engineer in a software development context (you mention product, bug reports, etc). But "security engineers" can be found in every type of context. – schroeder Apr 09 '21 at 00:02