Security Engineers?

On my team the Security/Network engineers do 100% tech work, implementation type work and 100% monitoring of web traffic and project implementations. I do about 60% tech implementations and 40% policy work but my title is not Security Engineer though, just analyst. So based on that and you will hear it from other people too, you really cant tell what a job entails by just the title, you need to know the job responsibilities as they are described in the job description. 80% policy 20% doesn't sound like a security engineer role to me based on my experience especially since they require ISSEP, that's more of management and designing frameworks, that's why the 80% policy.

ISSEP exam is almost 100% about policies, standards and frameworks. Not sure if there's any tech at all.

TheFORCE wrote: »

On my team the Security/Network engineers do 100% tech work, implementation type work and 100% monitoring of web traffic and project implementations. I do about 60% tech implementations and 40% policy work but my title is not Security Engineer though, just analyst. So based on that and you will hear it from other people too, you really cant tell what a job entails by just the title, you need to know the job responsibilities as they are described in the job description. 80% policy 20% doesn't sound like a security engineer role to me based on my experience especially since they require ISSEP, that's more of management and designing frameworks, that's why the 80% policy.

That's what I am worried about. My last job I was bait and switched as a tech security job that turned into a C&A ISSM job and it royally sucked.

The job description has about a million things like most but one of the requirements is exp with RMF, DIACAP and XACTA. I have that, but don't want to do solely that!

What exp does the sec engineers on your team have?

Was there any specific req's?

gespenstern wrote: »

ISSEP exam is almost 100% about policies, standards and frameworks. Not sure if there's any tech at all.

I have only looked at the ISSAP so you are prob right. Having said that it looks like they might be looking for a policy guy with the weird request of ISSEP.

There is a lot of tech jargon in the job description which seems weird though.

Cyberscum wrote: »

Having said that it looks like they might be looking for a policy guy with the weird request of ISSEP.

That would be my guess. I don't have ISSEP myself (there are plans though), but judging from "ISSEP passed" threads on here it looks like it is very heavy on frameworks. Don't know why (ISC)2 decided to put "engineer" word into this exam, but it doesn't look like it has many things in common with things that are discussed for example in Ross Anderson's "Security Engineering" book which is widely regarded as a foundation stone in engineering field.

devilbones

Is this job with the Navy?

devilbones wrote: »

Is this job with the Navy?

Its with Lockheed Martin. Salary is 120k

I think I might put in. Worst case scenario I get the ISSEP for free lol

jamthat

We're split into Audit, Engineering (with an architect), and Operations. Our engineers are mainly involved with project work (POC, implement/replace projects, major design/redesign/upgrade, etc) as well as a top-level escalation point for troubleshooting/IR (still ironing that out). Part of project close-out is a handoff to operations, where basically all day-to-day operation transitions down..then, onto their next projects.

Still a pretty new group, but right now I'd put engineering at about 90% technical. Over time it will probably be closer to 70/30 technical/policy split.

jamthat wrote: »

We're split into Audit, Engineering (with an architect), and Operations. Our engineers are mainly involved with project work (POC, implement/replace projects, major design/redesign/upgrade, etc) as well as a top-level escalation point for troubleshooting/IR (still ironing that out). Part of project close-out is a handoff to operations, where basically all day-to-day operation transitions down..then, onto their next projects.

Still a pretty new group, but right now I'd put engineering at about 90% technical. Over time it will probably be closer to 70/30 technical/policy split.

Interesting.

Our group is slit up with multiple ISSO's and two ISSM's.

Most of the tech work is done by the ISSO's and almost all policy for the ISSM.

The "security engineer" position I have not heard of. Maybe its more of a civilian title, but from the sound of it its more of an technical ISSO role.

If that's the case I'm in. What kind of credentials do your security engineers have?

I'm wondering because with the CISSP-ISSE req for the job it sounds like more of a policy job.

gespenstern wrote: »

That would be my guess. I don't have ISSEP myself (there are plans though), but judging from "ISSEP passed" threads on here it looks like it is very heavy on frameworks. Don't know why (ISC)2 decided to put "engineer" word into this exam, but it doesn't look like it has many things in common with things that are discussed for example in Ross Anderson's "Security Engineering" book which is widely regarded as a foundation stone in engineering field.

How did you like the ISSAP?

After reviewing the two I think I would enjoy the ISSAP much more than the ISSEP.

Cyberscum wrote: »

How did you like the ISSAP?

After reviewing the two I think I would enjoy the ISSAP much more than the ISSEP.

It was awesome. I was overprepared though. But it was really technical, tons of crypto, tons of various complex scenarios like considerations during mergers & acquisitions of kerberos realms, tons of PKI scenarios involving cross-certifications, various tricky situations with revocations, etc. Very technical, not boring at all as I expect ISSEP is going to be.

Cyberscum wrote: »

What exp does the sec engineers on your team have?

I dont know exactly their previous experience but i know that they are very senior with the company so they started from the very entry level Helpdesk and Windows sys administration. Jamthat above nailed exactly what they do, very involved with network redesign, involved with mergers, domain decommissions, setup of VPN tunnels etc. I believe one of them only has Sec+ and the other probably has an MCSA so they transitioned in these positions as the company started to grow and learned by using the tools and gaining experience on the job. As long as it stays like that they will stay, if they ever have to do policy type work they will probably move on. When it comes to policy they involve me by providing input and suggestions and assisting with the technical requirements behind the policy and then I write it. As i mentioned earlier my work is split between 70/30 tech/policy now but with the introductions of automation the policy becomes really easy to write so in terms of time spend, I'd say I spend close to 85/15 tech/policy. The technical implementations take longer to setup through automation during the project phases than what it takes to write the policy. One thing we do not do though is that we do not hand off to operations(IT) what we complete. Whatever project we complete, we manage from start to finish and we maintain/support it through the entire life cycle. So in that regards our Infosec team and the security engineer/analyst is only growing in responsibilities and it doesn't hurt that all of us report directly to the CISO and no middle management bs stuff. So we get to have some influence on many things.

gespenstern wrote: »

It was awesome. I was overprepared though. But it was really technical, tons of crypto, tons of various complex scenarios like considerations during mergers & acquisitions of kerberos realms, tons of PKI scenarios involving cross-certifications, various tricky situations with revocations, etc. Very technical, not boring at all as I expect ISSEP is going to be.

Perfect! This will be my next challenge. Do you mind sharing any study tips or resources?

I plan on the official study guide and I have access to FEDVTE which has some modules. Anything would help!

TheFORCE wrote: »

I dont know exactly their previous experience but i know that they are very senior with the company so they started from the very entry level Helpdesk and Windows sys administration. Jamthat above nailed exactly what they do, very involved with network redesign, involved with mergers, domain decommissions, setup of VPN tunnels etc. I believe one of them only has Sec+ and the other probably has an MCSA so they transitioned in these positions as the company started to grow and learned by using the tools and gaining experience on the job. As long as it stays like that they will stay, if they ever have to do policy type work they will probably move on. When it comes to policy they involve me by providing input and suggestions and assisting with the technical requirements behind the policy and then I write it. As i mentioned earlier my work is split between 70/30 tech/policy now but with the introductions of automation the policy becomes really easy to write so in terms of time spend, I'd say I spend close to 85/15 tech/policy. The technical implementations take longer to setup through automation during the project phases than what it takes to write the policy. One thing we do not do though is that we do not hand off to operations(IT) what we complete. Whatever project we complete, we manage from start to finish and we maintain/support it through the entire life cycle. So in that regards our Infosec team and the security engineer/analyst is only growing in responsibilities and it doesn't hurt that all of us report directly to the CISO and no middle management bs stuff. So we get to have some influence on many things.

That's awesome to be able to grow within a company without requirements. Its the way it should be but in the gov there are ever growing requirements for certs...which is all about money.

Looks like I will head towards the ISSAP route, do you have any ambitions of going for a concentration?

Cyberscum wrote: »

Perfect! This will be my next challenge. Do you mind sharing any study tips or resources?

I plan on the official study guide and I have access to FEDVTE which has some modules. Anything would help!

Sorry, I don't have much. All I did is cccure and transcender questions and wiki/msdn/technet/other sources for areas where I didn't feel myself comfortable enough. ISSAP domains and regular CISSP domains have many in common so I just relied on previous CISSP studies, experience and question banks drill. Never touched official CBK, read 2nd edition of Ross Anderson's book which is freely available on his web-site.

jamthat

Cyberscum wrote: »

Interesting.

Our group is slit up with multiple ISSO's and two ISSM's.

Most of the tech work is done by the ISSO's and almost all policy for the ISSM.

The "security engineer" position I have not heard of. Maybe its more of a civilian title, but from the sound of it its more of an technical ISSO role.

If that's the case I'm in. What kind of credentials do your security engineers have?

I'm wondering because with the CISSP-ISSE req for the job it sounds like more of a policy job.

Yeah, we aren't public sector or tied to it in any way. As far as their credentials go, they all just have 10-15 years of experience and very diverse backgrounds. Each one could pick up and run with just about anything. I think there's one CISSP, but they largely don't care about certs. We do have a new security manager who wants them all to take and pass CISSP next year, but their thoughts about that are just '...meh'

edit - it's also worth noting that our company is known for having people stay forever. These people aren't thinking about certing up to make the next big job/salary hop - they're all here for life.

Cyberscum wrote: »

That's awesome to be able to grow within a company without requirements. Its the way it should be but in the gov there are ever growing requirements for certs...which is all about money.

Looks like I will head towards the ISSAP route, do you have any ambitions of going for a concentration?

Not planning on any CISSP concentration at the moment, I'd like to go for the CISM next, but haven't decided when. At the same time I'd like to get my SQL knowledge a bit more intermediate because most of my solutions run or SQL servers so I'm watching some videos on the MSCA SQL track just to expand my technical skills a bit more.

reload@

They listed ISSEP for the DoD 8570: IASAE III requirement.

reload@ wrote: »

They listed ISSEP for the DoD 8570: IASAE III requirement.

In this case they will accept ISSAP as well.

zxbane

Sounds like an interesting position, I would certainly consider it. I've read a good amount of the ISSAP CBK and it is definitely technical in nature from what I remember. I am highly interested in the ISSEP but the training materials and exam haven't been updated in so long. I still can't seem to get an answer from ISC2 on why that concentration seems to be the most antiquated.

TechGuy215

Network Security Engineer here! Speaking from my own experiences...

IMO Security Engineer is a more technical position...closer to 100% technical responsibilities while of course adhering to policies and procedures.

My daily duties:

Vulnerability Management
Firewall Management
IPS/IDS Management
Web Content Filtering Management
Penetration Testing Management
Antivirus Management
SIEM Management
DLP Management

And a lot more....

Typically your Sec Engineer is going to be the SME regarding implementation, monitoring and maintenance of all Security Technical Controls.

Policy is usually left to Security Analysts and Compliance and Security Administrators...

beads

From what I understand from Redz, The ISSEP is viewed more or less as a smaller CAP exam. Very much on the US Government verification and audit side of the house. Orange book, FIPS series, all that.

Sounds sexy though.

- b/eads

chrisone

TechGuy215 wrote: »

Network Security Engineer here! Speaking from my own experiences...

IMO Security Engineer is a more technical position...closer to 100% technical responsibilities while of course adhering to policies and procedures.

My daily duties:

Vulnerability Management
Firewall Management
IPS/IDS Management
Web Content Filtering Management
Penetration Testing Management
Antivirus Management
SIEM Management
DLP Management

And a lot more....

Typically your Sec Engineer is going to be the SME regarding implementation, monitoring and maintenance of all Security Technical Controls.

Policy is usually left to Security Analysts and Compliance and Security Administrators...

Sounds just like my job duties exactly lol My job title is Network Security Engineer.

reload@

gespenstern wrote: »

In this case they will accept ISSAP as well.

Yes, ISSAP is listed as well. I'm assuming this is the one in the DC area since it's the only Security Engineer position I found that "required" ISSEP.

SaSkiller

Honestly it could vary. Most of the security pros at my contract company are officially "Information Security Engineer" positions,and i've seen the duties can vary widely. The job postings can even suck, everyone wants to cover all the bases, but little do they realize they are likely scaring good candidates away with postings that sound managerial or non-technical and have "requirements" that should be "preferred qualifications."

UnixGuy

TechGuy215 wrote: »

Network Security Engineer here! Speaking from my own experiences...

....
Vulnerability Management
Firewall Management
IPS/IDS Management
Web Content Filtering Management
Penetration Testing Management
Antivirus Management
SIEM Management
DLP Management

...

So basically 'Management' of Firewalls/IPS/IDS/PenTesting/DLP/SIEM

Can you please explain what management here means exactly?

Do you install/configure the firewalls? Do you add rules? Do you install F5? do you configure F5? Do you configure WAFs? Do you design WAFs? Do you configure the IPS rules? Do you desing install it? Do you write policies for DLP? Do you handle incidents generated by DLP? Do you configure the SIEM and the dashboards there? Do you analyse the logs?

Do you configure the web content filtering? handle the logs? Do you configure the Anti Virus? Do you deal with End Point security?

What is Penetration testing management? Do you actually do any penetration testing or do you overlook reports provided by third party that do the actual penetration testing?

(This seems like a lot of technologies to be an SME for!)

I'm just asking so I can better understand what's required in some of the security engineers position as I'm trying to get one

JustFred

Very curious as well. I'd love to know more about the above.

UnixGuy wrote: »

So basically 'Management' of Firewalls/IPS/IDS/PenTesting/DLP/SIEM

Can you please explain what management here means exactly?

Do you install/configure the firewalls? Do you add rules? Do you install F5? do you configure F5? Do you configure WAFs? Do you design WAFs? Do you configure the IPS rules? Do you desing install it? Do you write policies for DLP? Do you handle incidents generated by DLP? Do you configure the SIEM and the dashboards there? Do you analyse the logs?

Do you configure the web content filtering? handle the logs? Do you configure the Anti Virus? Do you deal with End Point security?

What is Penetration testing management? Do you actually do any penetration testing or do you overlook reports provided by third party that do the actual penetration testing?

(This seems like a lot of technologies to be an SME for!)

I'm just asking so I can better understand what's required in some of the security engineers position as I'm trying to get one

That's exactly what it means in my team. We do all that with the exceptions of Pentesting, we hire outside consultants for that. They provide the reports and we design and implement the controls to close the holes. Not everyone is an expert on all technologies though, the work is divided between the engineers so everyone works on what they are best at.

Kreken

I work as network security engineer. I do mostly implementations and network design. I don't touch anything systems related except SIEM. I don't write policies, I do POC and MOP for them.