Whatever the role, good communication regarding the duties and expectations of a security professional is key to that person\u2019s success. That communication starts with a solid, thorough job description. It will be an important benchmark when hiring for the role, and a touch point for performance once the candidate is on board. The job description is also a baseline that helps security team managers keep pace as many roles evolve.IT security engineer is a relatively new job title, with the responsibilities and scope still in flux. Its focus is on quality control within the IT infrastructure. This includes designing, building and defending scalable, secure, and robust systems; working on operational data center systems and networks; helping the organization understand advanced cyber threats; and helping to create strategies to protect those networks.Those strategies generally include monitoring and protecting sensitive data and systems from intrusions. This person usually works as part of a larger IT team and reports directly to upper management.Key dutiesDevelop and carry out information security plans and policiesDevelop strategies to respond to and recover from a security breachDevelop or implement open-source\/third-party tools to assist in detection, prevention and analysis of security threatsAwareness training of the workforce on information security standards, policies and best practicesImplement protectionsInstallation and use of firewalls, data encryption and other security products and proceduresConduct periodic network scans to find any vulnerabilityConduct penetration testing, simulating an attack on the system to find exploitable weaknessesMonitor networks and systems for security breaches, through the use of software that detects intrusions and anomalous system behaviorInvestigate security breachesLead incident response, including steps to minimize the impact and then conducting a technical and forensic investigation into how the breach happened and the extent of the damage[ Related: What it takes to become an IT security engineer ]Skills and competenciesThis section outlines the technical and general skills required as well as any certificates or degrees that a company might expect an information security engineer to have. Key technical skills include:Expertise in anti-virus software, intrusion detection, firewalls and content filteringKnowledge of risk assessment tools, technologies and methodsExpertise in designing secure networks, systems and application architecturesDisaster recovery, computer forensic tools, technologies and methodsPlanning, researching and developing security policies, standards and proceduresSystem administration, supporting multiple platforms and applicationsExpertise with mobile code, malicious code, and anti-virus softwareThe IT security engineer should also have experience with and knowledge of:Endpoint security solutions, including file integrity monitoring and data loss preventionAWS and cloud platform as a service (PaaS) securityAutomating security testing toolsChef \u2013 a configuration management toolGit \u2013 a tool that helps track anomalous changes to filesGeneral skills include:The ability to multi-taskA keen eye for detailStrong organizational skillsThe ability to thrive in fast-paced, high-stress situationsThe ability to communicate network security issues to peers and managementPossible education\/certifications that a company might require are:A B.S. or M.S. in Computer Science or related field, or equivalent experienceOne to three years of industry experience in an information security function.Certified Information Systems Security Professional (CISSP)CISA \u2013 Certified Information Systems Auditor (CISA)CEH \u2013 Certified Ethical Hacker (CEH)CISM \u2013 Certified Information Security Manager (CISM)ISSAP \u2013 Information Systems Security Architecture Professional (ISSAP)ISSEP \u2013 Information Systems Security Engineering Professional (ISSEP)The IT security engineer is also expected to know compliance standards such as ISO 27000, ISO 9001 and FedRAMP.Industry specific requirementsExperts say that, as is usually the case in information security, the core skill and qualification requirements apply to all industries. The differences are generally in regard to compliance.Eric Cissorsky, senior IT security specialist at UBC, says that since he works in healthcare, \u201cmy primary concern is HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health) compliance.\u00a0\u201cOther industries may be more concerned with requirements such as PCI-DSS (Payment Card Industry-Data Security Standard) for those taking payment over the Internet or FISMA for the government sector,\u201d he says.Chris Clark, Principal Security Engineer at Synopsys, says the need for different \u201csoft skills\u201d can vary by industry and company culture. \u201cAn individual's ability to cope with the stresses and rigors of each industry and the job role within that industry can vary greatly,\u201d he says. \u201cA candidate with excellent technical acumen may not have the soft skills necessary to transition from health care to let's say education or finance and vice versa. If you can show your ability to adapt you are ahead of the game.\u201dHow to attract the bestAccording to Indeed, the average salary for a security engineer in the U.S. is $103,620. Other sources report the range to be as low as $60,000 to more than $200,000 a year.Money is important to good candidates, but they also want to know the company supports their work. \u201cWithout a doubt, the most important thing I look for in an employer is a serious commitment to infosec from the executive level,\u201d Cissorsky says. \u00a0\u201cMany organizations talk a good game when it comes to infosec, but lack follow through, so I look for policies and processes that show the organization is serious.\u00a0Beyond that a meaningful commitment to continuing education is very important to me.\u201dClark says that while perks such as unlimited vacation days, educational stipends and free lunch are nice, even they will go only so far, \u201cbefore the real questions need to be addressed: Am I valued? Does the company care about my contribution and well being? What is next? Can I grow? \u00a0These are just some of the questions that if a company can address they stand a much better chance of culling and keeping the best and brightest,\u201d he says.