We covered an introduction to security engineering and the roles and responsibilities of the security engineer. A security engineer is involved in maintaining the organization’s overall security posture, participating in risk management, vulnerability assessment and creating security policies by collaborating with the information security department. This was part of TryHackMe Security Engineer Track
Why Do Organizations Need Security?
As the internet age transforms how organizations work worldwide, it also brings challenges. While there is no doubt that technology has made the life of organizations a lot easier by opening new avenues of collaboration and innovation, we often hear about organizations getting hacked, losing customer data, getting ransomed, and facing other types of cyber attacks. In responding to these threats, organizations can either go back to the old ways of doing business without getting any aid from modern technology, putting them at a disadvantage, or they can move forward and ensure the security of the digital side of their business. Hence, just like any organization will protect its physical assets and dedicate whole departments to them, a company’s digital assets must also be secured. It must be noted here that organizations do all of this to ensure their primary goal is achieved without hindrance.
The Role of a Security Engineer
Keeping in view the above-mentioned need for security, organizations hire security engineers. In order to hire a security engineer, an organization perceives a security engineer as someone who:
- Owns the overall security of an organization. The main person responsible for securing an organization’s digital assets.
- Ensures that the organization’s cyber security risk is minimized at all times.
- Devises strategies and creates systems that minimize the risk posed by cyber security threats to an organization.
- Periodically conducts tests to ensure the robustness of the cyber security posture of an organization, identifies weak points, and prepares mitigations.
- Develops and implements secure network solutions.
- Architects and engineers trustworthy, reliable, and secure systems.
- Collaborates and coordinates with other teams to establish security protocols across the organization.
Qualifications Required for a Security Engineer
As you might have noticed, the security engineer role mentioned above is very broad and might require a whole department instead of a single person. This is because this role is defined loosely and varies from organization to organization. An engineer takes large problems, breaks them down into smaller chunks, and then solves them. Therefore a security engineer is someone that follows this process for security problems. Meaning that even though you might have a job description, each day might be quite different since you are faced with various problems. Overall, when hiring a security engineer, organizations look for the following basic requirements:
- 0-2 years of experience with IT administration, helpdesk, networks or security operations.
- Basic understanding of computer networks, operating systems, and programming.
- Basic understanding of security concepts such as Governance, Risk and Compliance (GRC).
Sometimes security policies can’t be followed because of business needs. What avenue does a security engineer have to fulfil business needs in these cases?
What philosophy, if followed, provides the most Return on Investment (ROI)?
An organization’s security evolves with the organization. What helps a security engineer keep the organization secure through these changes?
What is the priority of the management in case of a disaster or crisis?