$ ~/Cyber_Security_Engineer
What’s one of them?
Job titles can mean a lot of things these days and the job descriptions of these titles can be varied in duties, technologies, and responsibilities. So my first piece of advice is, ALWAYS read the job descriptions carefully and don’t take job titles for granted.
In this post, I will overview my role and some of the things I do in the good fight in the world of cyber.
Common Themes of Responsibilities
As I mentioned there are lots of variables for a job title, but there are some common responsibilities that appear in engineering roles:
Identifying and Implementation Solutions
This is where engineers will look for solutions to protect or enhance existing toolsets or monitoring to provide better protection, prevention, and data for analytics.
This could be looking at a new Antivirus (AV) application or a new End Point Detect & Respond (EDR) Software as a Service (SaaS) solution. To run proof of concept tests for a new secure web gateway/proxy or vulnerability scanners. This would be done in collaboration with Security Architects and your CISO or as a result of a penetration test.
Development and Automation
This is where engineers find and implement enhancements to existing toolsets or enable the use of previously unused features of a toolset to enhance the protection of the company. Automation is also a big part of an engineer’s role as finding ways of automating simple or repetitive tasks enables engineers and analysts to concentrate on more in-depth tasks.
This kind of thing could enable vulnerability scanning on a subnet of devices for Operational Technology to identify missing patches and then automate the patching of the devices to a regular and arranged maintenance window.
Continuous Improvement, Testing and Maintenance.
Threat actors don’t stop and vulnerabilities, bad code and misconfiguration happen every day engineers are generally responsible for working with infrastructure teams such as Network, Server and Client teams to ensure that the security tools are running as effectively as possible and are kept up to date either with security patches or feature enhancement patches.
That’s great but what are you going on about?
Ok ok, that’s a lot of blurb and big words. So let’s break it down into an easy synopsis of my role.
As a Cyber Security Engineer, I look after the security applications and tools deployed for:
- All company users
- Security Operations Centre
- Threat Hunters
- Information Security / Data Protection Teams
- Intellectual Property Teams
- Infrastructure Teams
What Apps and Tools?
- Proxies / Web Content Filters / Web Gateways
- Security Information and Event Management (SIEM)
- Antivirus (AV) / Extended Detection and Response (XDR)
- Firewalls / Intrusion Detection/Prevention (IDS/IPS)
- System Logging (Syslog)
So what skills do I need?
As with any role, there are going to be certain skills that the recruiter company is looking for but I will outline some common skills that Cyber Engineers are generally expected to have.
Soft Skills
- Communication Skills – The ability to pass on information to technical and non-technical parties from end users and board members to subject matter experts and vendors.
- Speaking in Groups – This is key and in parallel with the above. You should be relatively confident in speaking in video calls and in face-to-face groups
- Presenting – This may be to the team to larger audiences.
- Working as a Team – This might sound obvious but this doesn’t necessarily mean within your own team but as a large part of security and IT.
- Conflict Resolution – Users and other teams sometimes don’t like security measures that are needed to be in place to protect the business and so the ability to deal with this is a great tool to have.
Technical Skills
- Basic Security Awareness – CompTIA Sec+ is a good baseline even without the exam certification.
- Networking Knowledge – This doesn’t have to be CISCO CCNA levels but an understanding of the ISO levels, IP addresses and subnetting, and common ports are a good starting point.
- Linux and Windows OS – Good working knowledge of these two operating systems is a must and if you know bash and PowerShell even better.
- Infrastructure and Virtualisation – Being able to know how to spin up VMs for testing or proof of concepts is a great skill.
- Cloud Services – With more and more services being cloud-based and companies keeping owned infrastructure costs down, knowing even some of the big 3 (AWS, GCP, Azure) can put you in a great position.
- Application installation and configuration – with your skills in spinning up VMs or Cloud services installing applications would be the next skill after all that’s the main reason you have been hired.
- Monitoring and Logging – Some basic understanding of things like SNMP, Syslog or agents such as Splunk Universal Forwarder or Wazuh for data to be captured and analysed.
Round Up
Hopefully, you have found some of this info useful and has given you an appetite for what this kind of role would entail for someone like me who worked in IT infrastructure and wanted to move into Cyber Security it’s a great transitional role.
If you feel like me you have most of the technical skills down, but the soft skills are something you need to brush up on there are lots of different resources on platforms such as Udemy or LinkedIn Learning.
Thanks,
Ted.