What does it take to become a lead security engineer?
Answer: Quite a bit, given the responsibilities that come with the role. For those willing to take on those responsibilities, however, the payoff is significant, starting with six-figure salaries.
Lead security engineers assess the security of clients’ software systems, build and rally teams of engineers, and have a deep understanding of application security. They must also possess the considerable soft skills to negotiate and communicate with stakeholders.
Clifford Maraschino, a lead security consultant, recently of EdgeCast, believes lead security engineers must possess a totally different set of skills than midlevel security engineers. “I think this is the most difficult step,” he said. “A lead security engineer or architect is more than just implementing solutions. This person needs skills outside of a technical depth. He or she needs good business skills, communication skills, and management skills.”
Understand the Business Model
Lead security engineers must also explain to executives and others how a technology solution fits into the company’s objectives. “Lead engineers must be able to talk to people of all levels of the organizational hierarchy,” said Mikhael Felker, a security and privacy expert. “They have to have excellent tact, knowing when to fully disclose information and when to hold the cards tight to the chest.”
Felker also observed that, since a lead position is often a pathway to higher-level management, security engineers should be able to write detailed problem reports, understand planning documents, and have the ability to speak competently in public.
Can You Manage It?
Managing change is a constant. In order to effectively run a security team, you must interact with other groups across the organization, juggle changes to processes and technology, and work on becoming more efficient while sustaining current operations.
Maraschino advises candidates in the running for a lead security engineering job to pay attention to their capability to delegate. If you can’t trust your team to run with the ball when it’s given to them, you may not be ready to step up to the next level. When spearheading the implementation of a project, an effective lead has to be able to hand tasks over to junior engineers.
In any technology role, hard skills are key, and a lead security engineer must master quite a few of them, including networking, systems, AWS, application development, and more. A solid candidate will also be an expert in application security design, code review, application security testing, deep security research, and have some experience with customer technology assessment and risk analysis.
In addition, it doesn’t hurt to have a strong involvement in the software security community and be able to demonstrate a passion for software development and security on your personal time.
Job Hunting Tips
When hiring a lead security engineer, Maraschino looks for signs of steady career advancement. He’s also interested in candidates with a history of mentoring or teaching other engineers.
Ideal candidates combine cutting edge security knowledge with a solid sense of how businesses work. “With all that,” Felker added, “you become the trusted and ‘go to’ person for solution engineering instead of just a system administrator.”