A career as a Security Engineer can be very rewarding, with an exciting goal of crafting, putting into action, and upkeeping security measures and protocols for an organisation's computer systems, networks, and applications!
To give you an understanding of what to expect in a Security Engineer role and to answer your frequently asked questions, we sat down with Umair, who currently works as a Content Developer at TryHackMe, after previously working as a Security Engineer for over 9 years.
What does a day in the life of a Security Engineer look like?
Day-to-day, Security Engineers perform a wide variety of tasks, with the end-to-end responsibility to secure an organisation’s assets. Their role is to ensure that all tools and technologies maintain a risk-free security posture, working efficiently and in synergy with the entire ecosystem.
A Security Engineer takes proactive steps to improve the security posture of an organisation, in contrast with a Security Analyst who mostly reacts to threats.
For a brief introduction to what a day in the life of a security engineer looks like, check out our Security Engineer Intro room, which shows you the core responsibilities of a Security Engineer and gives you the opportunity to practice a few day-to-day tasks!
Can you share an example of a recent security challenge or incident you've dealt with? How did you approach and resolve it?
Security Engineers not only deal with security threats as they emerge but must often solve problems with security tools and infrastructure to ensure that the rest of the security team can work without any problems.
I faced a similar problem in a recent engagement. Our goal in the engagement was to fetch web server access logs and integrate them with our Security Information and Events Management (SIEM) tool. We ran into a problem and could not see the logs coming into the SIEM. To solve the problem, we zoomed into the individual components of the log pipeline, and verified the end result at the end of each component. This way, we were able to identify the root cause and fix it.
What tools and technologies do you commonly use in your role as a Security Engineer? How do they contribute to your daily tasks?
Working on the full spectrum of the security posture of an organisation, Security Engineers work with a wide variety of tools and technologies. The most common tools and technologies include Windows and Linux operating systems, sandboxes, virtualisation, containerisation technologies, and logging tools and technologies such as Sysmon, Windows Event logs, and Syslog.
Some frequently used security tools include vulnerability scanners, endpoint detection and response (EDR), web application firewall (WAF), identity and access management (IAM) tools, privileged access management (PAM), and security information and event management (SIEM), among many others.
Apart from tools, a Security Engineer also needs to understand concepts such as threat modeling, governance, risk and compliance (GRC), secure architecture design, system and network hardening, the secure software development lifecycle (SSDLC), and incident management.
How do you stay updated on the latest security threats, vulnerabilities, and industry best practices?
There are various ways to keep track of the latest security threats, vulnerabilities, and industry best practices. Some useful resources include OWASP’s Top Ten and the CVE database, which covers the latest vulnerabilities identified in the wild by security researchers. For industry best practices, frameworks are created by organisations such as NIST and ISO that help us stay up to date with the latest in the industry.
How does your real-world experience come into play when you create TryHackMe training rooms?
Real-world experience is essential when it comes to creating TryHackMe rooms! We ensure that the content being added to the rooms is up-to-date and correlates with our real-world experience. We often discuss problems and challenges that we have faced in our professional journey so that our users can learn from them. We try to make the content as realistic as possible while keeping it palatable and easy to understand.
Here are just some of the training rooms that may help you:
- Introduction to networking
- OSI Model
- Protocols and Servers
- How Websites Work
- Principles of Security
- Exploit Vulnerabilities
- Vulnerabilities 101
- Firewalls
- SQL Injection
What would you say to other people who are considering a career as a Security Engineer?
A career as a Security Engineer is a challenging, but rewarding career. Security Engineers are valuable in keeping the security ecosystem running, ensuring the organisation is protected from threats. However, it is a field that has very loose boundaries, and requires a lot of on-the-go learning and problem-solving!
Thank you so much, Umair, for your insight!
Check out the TryHackMe Security Engineer training to kickstart your Security Engineering journey!