In a world where a teenager can remotely steal customers' bank and personal details and cause millions of pounds worth of damage to telecoms giant TalkTalk from his bedroom, the role of the security engineer has never been more important.
The risk of financial and reputational damage caused by a data breach has led to greater demand for security engineers, and a growing skills gap.
A Global Information Security Workforce Study cited by former Chancellor George Osborne in a speech in November predicts a 1.5 million employee shortage in the sector by 2020. "We will never succeed in keeping Britain safe in cyberspace unless we have more people with the cyber skills that we need," Osborne told the Government Communications Headquarters (GCHQ).
However, with a growing skills gap comes greater opportunity for a fulfilling and lucrative career as a security engineer. Here's what you need to know.
What is a security engineer?
Typical responsibilities for a security engineer will include installing and maintaining hardware and software (firewalls, antivirus, intrusion detection) to reduce security risks within an organisation, information security, penetration testing of these systems and ensuring staff are up to date with the latest security procedures.
Andrew Rogoyski vice president of cyber security services at UK IT outsourcing company CGI says that the security engineer role is about “building and maintaining IT security solutions that help organisations stay protected against cyber threats." This differs from a security analyst, who is concerned with "organisational awareness, governance and policy and risk management".
Security engineer jobs: skills and qualifications
In terms of qualifications, employers will expect a bachelor's degree in a technical subject, such as computer science, cyber security, mathematics, engineering or science.
Sites like HackerRank allow candidates to show off their skills regardless of formal qualifications though, and companies are starting to cast their net wider as the skills gap grows. Trevor Halstead, product specialist in Talent Services at open source cyber security training portal Cybrary said to Computerworld UK: "If IT and security talent can prove they are proficient in the skillsets you are looking for, then what's holding you back from hiring them?"
Experience in network security is beneficial, and certification with industry standard technologies like Juniper, Blue Coat, Checkpoint, Palo Alto Networks, Cisco IOS or Sophos Enterprise Portal would be a bonus. There are also a range of internationally recognised certifications from organisations such as CompTIA and (ISC)².
Security engineer jobs: Salary expectations
Recruitment startup Hired's Mind The Skills Gap report from July 2016 showed that security engineers have seen the highest rise in salary offer over the past 18 months in the UK, with the salary offers rising by 31 percent in that time.
Gordon Smith, UK client executive at Hired, says that salaries are currently "closer in line with software engineering in how they are tracking", with entry-level jobs ranging from £40,000-£50,000 a year and more senior roles up to £70,000 or £80,000.
The UK Tech Cities Job Watch report from IT recruitment specialists Experis reflected this, pegging the average salary for IT security roles in London at £62,596. It also reported that average permanent salaries across the UK in security roles rose 5 percent year-on-year.
Security engineer jobs: Employer perspective
There is growing demand for security engineers across industries, from specialist vendors like Darktrace to established enterprises, the public sector and even consultancies like PwC, which has announced that it will recruit more than 1,000 cyber security consultants between now and 2020.
Al Martin, vice president of technical operations at Darktrace says the security startup looks for "people with inquisitive minds."
When it comes to soft skills he says: "Teamwork is critical, as the team is spread out worldwide. Ensuring that our customers have an enjoyable, professional experience is a key metric for us. This comes through great technical knowledge, combined with strong soft people skills."
CGI’s Andrew Rogoyski says the key skills required for a security engineer are rooted in subjects like computing, maths and engineering.
“However, the scope of cyber security is changing,” he explains. “The constant development of new forms of attack and the rapid pace of technological innovation are giving rise to a need for a much broader set of skills, including the ability to analyse huge amounts of data and understand hackers behaviour."
When it comes to the public sector, to get a job in the "cyber and technical operations" department the GCHQ careers website asks for: "A technical qualification or experience in low level software, network security, malware analysis, penetration testing, or vulnerability discovery and mitigation would be useful. Most importantly you should be ready and willing to learn."
Specifically, a cyber engineer at GCHQ must "combine broad technical expertise with the confidence and ability to challenge what’s possible and invent new solutions to complex technical problems."
Security engineer jobs: Security engineer perspective
On a day-to-day basis a Darktrace security engineer will ”work with our customers to analyse their networks and report on anomalous activity," says Martin, vice president of technical operations at, Darktrace. "Each of our 1,200 deployments are different so, like our technology, our engineers have to be highly adaptive.
"Each day is different - you could be working through a deep packet analysis trying to understand the nature of a client’s ransomware infection, architecting a global deployment for one of the world’s largest financial institutions under attack hundreds of times a day, or presenting to a company’s chief security officer what Darktrace has found in their networks that legacy security tools have missed."
Martin says he moved to the UK-based cyber security startup after he saw the work they were doing with machine learning.
"Machine learning is a real game changer in the rapidly-evolving cyber threat landscape," he says. "The chance to work with world class mathematicians and intelligence specialists was a very attractive prospect – and I have been kept on my toes ever since!"
For public sector roles, a sample interview with a cyber engineer at GCHQ reads: "Coming here as a graduate, I’d say it’s important to have an analytical mind and approach problems scientifically because a lot of your success will be based on the solutions you come up with.
"In terms of being a part of the organisation, you’ve got be quite a friendly person because it’s like a community here. You have to be prepared to engage with people."
Security engineer jobs: Tips for budding security engineers
Martin's top tip for budding security engineers is to start learning new skills straight away.
"Watch YouTube videos, subscribe to security blogs and keep up-to-date on recent hacks in the news,” he says.
“Try securing your home network. Remember, you don’t need a Masters in Cyber Security or ten years at GCHQ. An enthusiastic attitude and understanding of the main industry challenges can take you a long way."
CGI’s Rogoyski adds: "If you want a varied and interesting career in cyber security, you need to join an organisation that specialises in it."
Security engineer jobs: Government perspective
To mitigate the aforementioned skills gap, George Osborne promised £20 million towards a new Institute of Coding, more cyber security apprenticeships, retraining programmes for workers looking to move into cyber and an after school programme for 14 to 17 year olds.
When it comes to retraining programmes, Rogoyski from CGI UK says: "Software developers, engineers, mathematicians and data scientists are very well placed to start a career in cyber security."
Security engineer jobs: Diversity
Diversity is as much an issue in cyber security as it is across the tech sector, with (ISC)2’s 2015 Global Information Security Workforce Study (pdf) showing that women in the security profession represent just ten percent of the workforce. Worse still this figure remains fairly static from two years ago, despite growth in the sector as a whole.
Rogoyski from CGI UK says: "We need more gender diversity in cyber security – it’s a very male-dominated business. Many of the women we interview are put off by the gender bias, so we have to work hard to persuade them to take up a role. It’s a priority for us as balanced teams perform demonstrably better."
Read next: How to get a job as a network engineer
Read next: How to get a job as a data scientist
Find your next job with computerworld UK jobs