WHAT DOES A CYBERSECURITY ENGINEER DO?

Updated: October 9, 2024 - The Cybersecurity Engineer assists with internal compliance deadlines and requirements while ensuring that customer data and infrastructures are protected through appropriate security controls. This role involves testing and identifying network and system vulnerabilities, as well as participating in change management processes to enhance cybersecurity technologies across the enterprise. Proficiency in modern programming languages and a focus on developing secure, resilient cloud solutions are crucial for building and enabling effective cyber capabilities.

A Review of Professional Skills and Functions for Cybersecurity Engineer

1. Cybersecurity Engineer Duties

  • Security Architecture: Facilitate security architecture and design reviews of storage products.
  • Risk Evaluation: Evaluate products for security risks with known and emerging vulnerabilities.
  • Compliance Assurance: Ensure the organization is in compliance with corporate cybersecurity requirements.
  • Incident Response: Respond to cybersecurity incidents.
  • Security Culture Development: Develop a culture of security across product teams.
  • Domain Expertise: Provide domain-specific expertise and overall software systems leadership and perspective to cross-organization projects, programs, and activities.
  • Patch Monitoring: Monitor and validate third-party security patches to ensure that the reliability of the system is maintained.
  • Security Evaluation: Evaluate the cybersecurity functionalities of the product and improve the security posture.
  • Security Testing: Participate in security testing of the product to ensure that vulnerabilities are addressed before release.
  • Product Hardening: Perform product hardening to allow only necessary functions for product operation.
  • Environment Maintenance: Maintain the test environment with updated software and hardware for current and future use.

2. Cybersecurity Engineer Details

  • Compliance Assurance: Ensure compliance with ISO 27K for software products and operations.
  • Project Leadership: Lead sub-projects/initiatives within the Information & Cybersecurity field (global perspective).
  • Vulnerability Identification: Identify security vulnerabilities in SKF solutions and support remediation.
  • Incident Support: Support post-incident activities for systems and applications within the domain.
  • Pre-Sales Support: Support pre-sales discussions with customers around cybersecurity.
  • Solution Customization: Support the business with regional customization of solutions, ensuring security.
  • Training Support: Support training on Information and Cybersecurity across SKF Technology Development.
  • Technology Awareness: Proactively keep up with the latest technologies as part of the role.
  • Security Platform Management: Perform development, automation, deployment, management, configuration, testing, and integration tasks related to the firm's enterprise security platforms.
  • Procedure Development: Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the firm's enterprise security platforms.
  • Technical Input: Provide technical inputs to management during proof-of-concept reviews for new security products.
  • Guidance Provision: Provide technical guidance to the Security Operations Center and/or the lines of business during investigations or incident response.

3. Cybersecurity Engineer Responsibilities

  • Prototyping: Trade-off and prototyping of new IT security solutions.
  • Market Analysis: Conduct market analysis and create trade-off reports for design, implementation, and maintenance of new IT security solutions.
  • Documentation Management: Create relevant documentation for change management procedures.
  • Plan Documentation: Develop plan documentation (e.g., implementation, test, and verification plans).
  • Procedure Development: Establish relevant procedures (e.g., test and operational procedures) for evolving existing IT security solutions.
  • Deliverable Management: Ensure deliverables as per “design, implementation, and maintenance of new IT security solutions.”
  • Compliance Verification: Verify compliance of activities with applicable IT security requirements.
  • Audit Reporting: Prepare review, audit, and/or assessment reports.
  • Compliance Matrix: Create a compliance matrix for security requirements.
  • Vulnerability Assessment: Conduct IT security assessments and auditing at various levels.
  • Assessment Reporting: Generate assessment reports for the full lifecycle of activities related to IT systems vulnerability management.
  • Vulnerability Analysis: Provide weekly vulnerability statistics, trends, and graphs.

4. Cybersecurity Engineer Accountabilities

  • Incident Response: Provide incident response and event analysis assisting the 24x7 Security Operation Center.
  • Compliance Assistance: Assist with internal compliance deadlines and requirements.
  • Data Protection: Ensure customer data and infrastructures are protected by enabling the appropriate security controls.
  • Change Management: Participate in change management processes.
  • Vulnerability Testing: Test and identify network/system vulnerabilities.
  • Hardening Standards: Assist with hardening standards and test against them.
  • Administrative Support: Handle daily/weekly administrative tasks and reporting.
  • Effective Communication: Communicate effectively with customers and team members.
  • Cybersecurity Design: Assist in designing, planning, enhancing, and testing cybersecurity technologies used throughout the enterprise, including baselining current systems, trend analysis, and capacity planning as required for future systems requirements and new technologies.
  • Programming Utilization: Utilize modern programming languages (Python, Go, Ruby, JavaScript, etc.) to build or enable desired cyber capabilities.
  • Cloud Solutions Development: Focus on developing and securing cloud solutions that are highly available and resilient.
  • Innovative Solutions: Utilize security practices and reusable patterns (i.e., models, testing, and experience) to exercise judgment and identify innovative solutions.

5. Cybersecurity Engineer Functions

  • Threat Detection: Detect security threats, conduct detailed and comprehensive investigations, and drive issues to remediation and closure.
  • Threat Response: Detect and respond to advanced threats, actor techniques, and anomalous or suspicious activity to identify potential and active risks to systems and data.
  • Incident Investigation: Investigate incidents, provide resolution, or make recommendations for corrective action or enhancement to security systems and controls.
  • Vulnerability Awareness: Stay current on emerging vulnerability and threat trends and correlate these threats against CoreCivic systems and data under NIST 800-53 guidelines.
  • Cybersecurity Governance: Perform assignments involving cybersecurity governance, policy, and process redesigns across the IT enterprise.
  • Policy Implementation: Assist in the implementation of security policies and requirements to support the NIST Cybersecurity Framework (CSF) and make recommendations for accepting, mitigating, and escalating risk.
  • Application Security: Stay current on all aspects of cybersecurity and apply technical application security testing expertise to assist in identifying weaknesses and vulnerabilities that affect the confidentiality, integrity, and availability of corporate protected, sensitive, and confidential company information and data.
  • Monitoring Improvement: Recommend new capabilities and efforts to improve the effectiveness of a continuous monitoring program and assist with developing and maintaining plans of action and milestones (POAM).
  • Security Collaboration: Collaborate on security issues related to systems and workflows, ensuring internal security controls for business operations are in place and adhere to applicable InfoSec regulations.
  • Consultation: Serve as an internal consultant to various levels of management and facility leadership regarding emerging technologies.
  • Process Adherence: Follow and adhere to defined processes, policies, and change-management procedures.

6. Cyber Security Engineer Roles and Responsibilities

  • Security Controls Recommendation: Recommend security controls and identify solutions that support a business objective.
  • Incident Response Membership: Active membership of the SIRT, expected to assist in the investigation and response of security incidents to ensure that the company knows as much as possible, as quickly as possible about security incidents.
  • Technical Solution Development: Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks, ideally working alongside DevOps/DevSecOps teams to analyze security systems and seek improvements on a continuous basis.
  • Cyber Threat Integration: Integrate Cyber Threat Intelligence into the Security workflows (e.g. alerting, vulnerability management).
  • Security Controls Recommendation: Recommend security controls and identify solutions that support a business objective.
  • Team Support: Supporting the existing security team: Security Architecture, Security Operations, DevSecOps, and Compliance.
  • Subject Matter Expertise: Provide subject matter expertise on architect-managed security.
  • Vulnerability Management Participation: Participate in initiatives to holistically address vulnerability management reports from multiple sources.
  • Innovation Opportunities: Look for innovation opportunities between several teams with a willingness to experiment and to boldly confront problems of large complexity and scope.
  • Cost-Effective Solutions: Find cost-effective solutions to cybersecurity problems.
  • Business Environment Understanding: Understand software, hardware, and internet needs while adjusting them according to the business environment.
  • Best Practices Development: Develop best practices and security standards for the organization.
  • Intrusion Monitoring: Actively monitor systems and networks for intrusions.

7. Cyber Security Engineer Duties and Roles

  • OT Environment Security: Securing Honeywell OT environments.
  • Network Security Management: Management of OT/ICS network security services.
  • Endpoint Security Management: Management of endpoint security services.
  • Team Collaboration: Collaboration with other security/IT teams (Incident response, Threat Operations...).
  • Documentation and Reporting: Documentation and reporting, troubleshooting.
  • Mentorship: Mentoring and coaching junior colleagues in the team.
  • Stakeholder Communication: Communication with stakeholders in the company on a global level.
  • Security Measures Implementation: Implementing, coordinating, monitoring, and upgrading security measures for the protection of the OT devices in hybrid Power Plants.
  • Problem Troubleshooting: Troubleshoot security and network problems.
  • Security Breach Response: Respond diligently to all system or network security breaches.
  • Data Protection: Ensure that the OT data and infrastructure are protected by enabling the appropriate security controls.
  • Change Management Participation: Participate in the change management process.
  • Vulnerability Testing: Test and identify network and system vulnerabilities.
  • Application Security Integration: Assist in efforts to further embed application security within the SDLC, specifically leveraging automation & continuous integration.

8. Cyber Security Engineer Responsibilities and Key Tasks

  • Security Tooling Development: Develop security tooling and automation to identify security risks and promote remediation efforts for code defects at scale.
  • Technical Deliverables Interpretation: Interpret requirements into technical deliverables.
  • Automation Validation: Validate existing automation and monitoring mechanisms, and plan for improvements.
  • DevOps Collaboration: Work with DevOps tools such as GitLab, Docker containers, etc., to deploy cloud-based applications.
  • Security Automation Development: Develop automation to improve security detection and prevention capabilities.
  • Threat Modeling: Threat model in-vehicle features and off-board communications/interactions for Autonomous and/or Electric (AV/EV) platforms and programs.
  • Security Requirements Development: Develop security requirements for AV/EV vehicle modules, networks, and connected features.
  • Verification Plans Crafting: Craft and develop security verification plans and procedures for AV/EV features and vehicle components.
  • Penetration Testing Coordination: Balance priority, schedule, interactions, and issue resolution for externally sourced Penetration Testing activities.
  • Single Point of Contact: Serve as the single point of contact with Product Development, Mobility, and Suppliers for in-vehicle AV/EV security-related issues.
  • Investigation Tool Development: Develop and maintain tools for internal security investigations and design verification.
  • Security Support: Support vehicle programs, design teams, and functional areas with security concepts and solutions.
  • Application Security Communication: Communicate with Application Development when upgrades introduce application security issues.

9. Cyber Security Engineer Roles and Details

  • Cybersecurity Tool Implementation: Assist in implementing and deploying cybersecurity tools.
  • Technical Expertise: Provide technical expertise for onboarding and implementation.
  • Security Reviews: Perform security reviews of the tools and monitor the production environment.
  • Security Posture Review: Review security posture (Database, network, application) for all services to ensure excellent performance.
  • Customer Support: Support customers in designing, managing, and troubleshooting different connectivity access models.
  • Stakeholder Communication: Act as a link between the customers and their stakeholders for requests and troubleshooting, maintaining 100,000+ VPN users, 100+ firewalls, and 1,000+ third-party extranet connections.
  • Project Management: Manage and execute projects such as the integration and upgrade of security solutions (firewalls, proxies, web application firewalls, DDoS, EDR, identity and privilege account management solutions, SIEM, vulnerability management solutions, and NAC).
  • Incident Response: Conduct incident response investigations.
  • Intrusion Investigation: Identify and investigate intrusions to determine the cause and extent of the breach by performing host, network, and log analysis, as well as threat intelligence.
  • Security Review: Review the design and architecture of the customers’ environments against industry security best practices and guidelines such as NIST 800-53, ISO 27001, and CIS Top 20 Controls.
  • Configuration Review: Review the configuration and hardening state of the customers’ information assets (e.g., security and network devices, workstations, servers, applications, and middleware) against security best practices and guidelines such as the CIS Benchmarks.
  • Network Troubleshooting: Perform network and security-oriented troubleshooting to diagnose and isolate common network problems using strong TCP/IP and Wireshark skills.

10. Cyber Security Engineer General Responsibilities

  • Collaboration: Work with the Incident Response, Cyber Threat Intelligence, and Cloud teams to gather project requirements and feedback.
  • Automation Development: Use Python to create playbooks within a SOAR platform to streamline incident response tasks.
  • API Integration: Interact with key security application APIs to gather information and perform actions.
  • Security Engineering: Engineer security solutions for cloud and embedded products, and the planning and implementation of risk-mitigating security solutions.
  • Backlog Management: Maintain a backlog of security-related tools that will improve the maintainability and security of the code and the pace of development.
  • Agile Methodology: Work in an Agile-like environment, defining and fulfilling project requirements, milestones, and outcomes.
  • On-Call Support: Participate in occasional on-call after-hours support rotation to ensure that critical performance issues are resolved promptly, per established customer expectations and SLAs.
  • Best Practices Promotion: Promote best practices, design patterns, and standards through workshops, knowledge sharing, and code walk-throughs.
  • DevSecOps Implementation: Utilize DevSecOps methodology to secure platform features/capabilities that are deployed onto hybrid infrastructure consisting of on-prem and commercial environments.
  • Application Development: Lead the efforts to design and develop data applications using selected tools and frameworks.
  • Engineering Collaboration: Work closely with the engineering team to integrate work into the production systems.
  • Application Security: Design, develop, and secure applications as an individual contributor.
  • Data Analysis Support: Support business decisions with ad hoc analysis.
  • Agile Participation: Be an active member in daily scrum meetings, bi-weekly sprint planning, quarterly milestone planning, and as-needed pairing sessions.
Relevant Information
What Does A Cybersecurity Analyst Do?
What Does A Cybersecurity Consultant Do?