How to get a job as a security engineer

The UK has a growing skills gap for security engineers, here's what you need to know about the sector

In a world where a teenager can remotely steal customers' bank and personal details and cause millions of pounds worth of damage to telecoms giant TalkTalk from his bedroom, the role of the security engineer has never been more important.

The risk of financial and reputational damage caused by a data breach has led to greater demand for security engineers, and a growing skills gap.

A Global Information Security Workforce Study cited by former Chancellor George Osborne in a speech in November predicts a 1.5 million employee shortage in the sector by 2020. "We will never succeed in keeping Britain safe in cyberspace unless we have more people with the cyber skills that we need," Osborne told the Government Communications Headquarters (GCHQ).

However, with a growing skills gap comes greater opportunity for a fulfilling and lucrative career as a security engineer. Here's what you need to know.

What is a security engineer?

Typical responsibilities for a security engineer will include installing and maintaining hardware and software (firewalls, antivirus, intrusion detection) to reduce security risks within an organisation, information security, penetration testing of these systems and ensuring staff are up to date with the latest security procedures.

Andrew Rogoyski vice president of cyber security services at UK IT outsourcing company CGI says that the security engineer role is about "building and maintaining IT security solutions that help organisations stay protected against cyber threats." This differs from a security analyst, who is concerned with "organisational awareness, governance and policy and risk management".

Security engineer jobs: skills and qualifications

In terms of qualifications, employers will expect a bachelor's degree in a technical subject, such as computer science, cyber security, mathematics, engineering or science.

Sites like HackerRank allow candidates to show off their skills regardless of formal qualifications though, and companies are starting to cast their net wider as the skills gap grows. Trevor Halstead, product specialist in Talent Services at open source cyber security training portal Cybrary said to Computerworld UK: "If IT and security talent can prove they are proficient in the skillsets you are looking for, then what's holding you back from hiring them?"

Experience in network security is beneficial, and certification with industry standard technologies like Juniper, Blue Coat, Checkpoint, Palo Alto Networks, Cisco IOS or Sophos Enterprise Portal would be a bonus. There are also a range of internationally recognised certifications from organisations such as CompTIA and (ISC).

Security engineer jobs: Salary expectations

Recruitment startup Hired's Mind The Skills Gap report shows that security engineers have seen the highest rise in salary offer over the past 18 months in the UK, with the salary offers rising by 31 percent in that time.

Gordon Smith, UK client executive at Hired, says that salaries are currently "closer in line with software engineering in how they are tracking", with entry-level jobs ranging from £40,000-£50,000 a year and more senior roles up to £70,000 or £80,000.

Security engineer jobs: Employer perspective

There is growing demand for security engineers across industries, from specialist vendors like Darktrace to established enterprises, the public sector and even consultancies like PwC, which has announced that it will recruit more than 1,000 cyber security consultants between now and 2020.

Al Martin, vice president of technical operations at Darktrace says the security startup looks for "people with inquisitive minds."

When it comes to soft skills he says: "Teamwork is critical, as the team is spread out worldwide. Ensuring that our customers have an enjoyable, professional experience is a key metric for us. This comes through great technical knowledge, combined with strong soft people skills."

Read next: 8 tips for recruiting cyber security talent: How to recruit cyber security professionals: Cyber security jobs

CGI's Andrew Rogoyski says the key skills required for a security engineer are rooted in subjects like computing, maths and engineering.

"However, the scope of cyber security is changing," he explains. "The constant development of new forms of attack and the rapid pace of technological innovation are giving rise to a need for a much broader set of skills, including the ability to analyse huge amounts of data and understand hackers behaviour."

When it comes to the public sector, to get a job in the "cyber and technical operations" department the GCHQ careers website asks for: "A technical qualification or experience in low level software, network security, malware analysis, penetration testing, or vulnerability discovery and mitigation would be useful. Most importantly you should be ready and willing to learn."

Specifically, a cyber engineer at GCHQ must "combine broad technical expertise with the confidence and ability to challenge what's possible and invent new solutions to complex technical problems."

Security engineer jobs: Security engineer perspective

On a day-to-day basis a Darktrace security engineer will "work with our customers to analyse their networks and report on anomalous activity," says Martin, vice president of technical operations at, Darktrace. "Each of our 1,200 deployments are different so, like our technology, our engineers have to be highly adaptive.

"Each day is different - you could be working through a deep packet analysis trying to understand the nature of a client's ransomware infection, architecting a global deployment for one of the world's largest financial institutions under attack hundreds of times a day, or presenting to a company's chief security officer what Darktrace has found in their networks that legacy security tools have missed."

Martin says he moved to the UK-based cyber security startup after he saw the work they were doing with machine learning.

"Machine learning is a real game changer in the rapidly-evolving cyber threat landscape," he says. "The chance to work with world class mathematicians and intelligence specialists was a very attractive prospect - and I have been kept on my toes ever since!"

Read next: The UK's 10 most promising cybersecurity startups 2016

For public sector roles, a sample interview with a cyber engineer at GCHQ reads: "Coming here as a graduate, I'd say it's important to have an analytical mind and approach problems scientifically because a lot of your success will be based on the solutions you come up with.

"In terms of being a part of the organisation, you've got be quite a friendly person because it's like a community here. You have to be prepared to engage with people."

Security engineer jobs: Tips for budding security engineers

Martin's top tip for budding security engineers is to start learning new skills straight away.

"Watch YouTube videos, subscribe to security blogs and keep up-to-date on recent hacks in the news," he says.

"Try securing your home network. Remember, you don't need a Masters in Cyber Security or ten years at GCHQ. An enthusiastic attitude and understanding of the main industry challenges can take you a long way."

CGI's Rogoyski adds: "If you want a varied and interesting career in cyber security, you need to join an organisation that specialises in it."

Security engineer jobs: Government perspective

To mitigate the aforementioned skills gap, George Osborne promised £20 million towards a new Institute of Coding, more cyber security apprenticeships, retraining programmes for workers looking to move into cyber and an after school programme for 14 to 17 year olds.

Read next: The gamification of cyber security: how a UK competition is using video games to plug the skills gap

When it comes to retraining programmes, Rogoyski from CGI UK says: "Software developers, engineers, mathematicians and data scientists are very well placed to start a career in cyber security."

Security engineer jobs: Diversity

Diversity is as much an issue in cyber security as it is across the tech sector, with (ISC)2's 2015 Global Information Security Workforce Study (pdf) showing that women in the security profession represent just ten percent of the workforce. Worse still this figure remains fairly static from two years ago, despite growth in the sector as a whole.

Read next: Cybersecurity and diversity: how KPMG widened its skills base to hire more women

Rogoyski from CGI UK says: "We need more gender diversity in cyber security - it's a very male-dominated business. Many of the women we interview are put off by the gender bias, so we have to work hard to persuade them to take up a role. It's a priority for us as balanced teams perform demonstrably better."

Read next: How to get a job as a network engineer

Read next: How to get a job as a data scientist

Read next: How to get a tech job in the Ministry of Defence

This story, "How to get a job as a security engineer" was originally published by Computerworld UK.


Copyright © 2016 IDG Communications, Inc.

The 10 most powerful cybersecurity companies