Job Descriptions

You may search job titles by skills within selected job category

Security Engineer/Technologist

DESIGN & DEVELOP

Skills

Job Description

This includes:

  • Encryption Engineer/Technologist
  • Operational Technology Engineer/Technologist

Other Titles Include

  • Security Designer
  • Security Requirements Analyst
  • Network Security Engineer
  • Security engineering technologist
  • Operational technology engineer
  • Encryption engineer

Note: This role is most commonly found in large or medium-sized organizations

Reporting relationship

To be completed by the user of this job description as appropriate

Job purpose / summary

Given references, organizational security documentation, IT security guidance and required tools and resources researches and defines the business needs for security and ensures that they are addressed throughout all aspects of system engineering and throughout all phases of the System Development Life-Cycle (SDLC).

Duties and responsibilities

  • Define/validate business needs for security & security requirements
  • Review and analyze security IT / OT architectures & design documents, as well as related systems, protocols, services, controls, appliances, applications, encryption and crypto algorithms relative to security requirements and industry standards
  • Develop and review system use cases
  • Identify the technical threats to, and vulnerabilities of, systems
  • Manage the IT /OT security configuration
  • Analyze IT / OT security tools and techniques
  • Analyze the security data and provide advisories and reports
  • Analyze IT / OT security statistics
  • Prepare technical reports such as IT security solutions option analysis and implementation plans
  • Provide Independent Verification and Validation (IV&V) on IT / OT Security Projects
  • Oversee IT / OT security audits
  • Advise on security of IT /OT projects
  • Advise on IT / OT security policies, plans and practices
  • Review system plans, contingency plans, Business Continuity Plans (BCP) and Disaster Response Plans (DRP)
  • Design/development and conduct IT / OT security protocols tests and exercises
  • Review, develop and deliver training materials

Competencies

The security engineer/engineering technologist requires a basic level of application of the following KSAs while the security engineer requires an advanced level of application of the following KSAs:

  • Security engineering models
  • Defining and communicating security approaches that support organizational requirements
  • International security standards and compliance
  • Security architecture concepts and enterprise architecture reference models
  • SDN, NFV, and VNF functions
  • Systems security during integration and configuration
  • Security assessment and authorization processes
  • Security testing and evaluation methodologies and processes
  • Security across the system / software development lifecycle
  • Vulnerability assessment and penetration testing methodologies and applications
  • Systems and software testing and evaluation methodologies
  • Evidence-based security design
  • Developing and testing threat models
  • Project management and security assessment throughout the project life-cycle
  • Procurement processes and supply chain integrity assessments
  • Advising on security requirements, policies, plans and activities
  • Drafting and providing briefings and reports to different audience levels (users, managers, executives)

In addition, in High Assurance, Encryption, and Cryptographic environments:

  • Security governance in high assurance, encryption and cryptographic environments
  • Advanced threat modeling and risk management in sensitive information environments
  • Key management policies and practices (including Communications Security [COMSEC])
  • Emissions security standards
  • Physical and IT security zoning
  • Cryptography and encryption including algorithms and cyphers
  • Stenography
  • Testing and implementing Cross-domain solutions 
  • Key management, key management products and certification life-cycle
  • Advanced persistent and sophisticated threat actor tactics, techniques and procedures.
  • Quantum safe/resistant technology
  • Assessment and auditing encryption/cryptographic networks and systems

In addition, within Operational Technology (ICS/OCS/SCADA) environments:

  • Industry standards and organizationally accepted analysis principles and methods
  • Control system:
  • architecture and system defenses
  • governance and management in various environments
  • attack surfaces, threats and vulnerabilities
  • security monitoring, tools and techniques
  • IT systems and protocols within control systems configurations
  • Integration of IT and OT control systems
  • Hardening and monitoring OT control systems
  • Security assessment and authorization process of OT systems
  • Incident response planning and activities in control system environments
  • Business continuity planning and disaster recovery plans and activities in a control system environment

Tools & Technology

  • Threat and risk assessment tools and methodologies
  • Protective and defensive systems including firewalls, anti-virus software and systems, intrusion detection and protection systems, scanners and alarms
  • Security event and incident management systems and/or incident reporting systems and networks
  • Authentication software and systems
  • Vulnerability management processes and vulnerability assessment systems including penetration testing if used
  • Security services provided if applicable
  • Security testing and evaluation tools and techniques

Direct reports (if appropriate)

To be completed by the user of the job description as appropriate

Qualifications

Education. Relevant engineering degree or technologist diploma (depending on organizational requirements). 

Certifications. Valid industry level certification in related cybersecurity specialization (e.g. network security, cryptography, systems integration, etc.).

Other relevant qualifications.

Typically follows formal education and 5-10 years’ experience in related IT engineering, systems design, or systems integration functions. This role often requires advanced training, education or experience related to system capabilities. May be employed in general or specialized contexts such as Cryptography / Encryption, security testing and evaluation, or Operational Technology (ICS/DCS/SCADA).

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Moderate experience (3-5 years) in security and associated systems design, integration, testing and support.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.