Security Engineers?

devilbones

Cyberscum wrote: »

See that's where it gets confusing and titles get blended.

I am a security systems manager, not an engineer and I manage pen testing (vulnerability management), software devs and accreditation, config management, switches, servers etc...

But I do it in a nontechnical way. This is where the confusion is...

So from what I can gather, a security engineer is just another title to pretty much do anything in security lol. Like all other IT titles.

I guess that I misread your initial question. I am a security engineer. I work for the Cyber department for an ISSO. I am embedded with the application programmers and the infrastructer engineers. Our job is to ensure that security is 'baked in' to their engineering process. So if the programmers release some code, we test it and make recomendations on securing it. We have one vulnerability analyst that tries to break everything and then we develop solutions on patching thoses holes. As far as infrastructure, we run ACAS and other tools to ensure STIG compliance. My job is like 50/50 tech and policy, but most of the writing and reports are done by the ISSO and ISSM.

Danielm7

Cyberscum wrote: »

So from what I can gather, a security engineer is just another title to pretty much do anything in security lol. Like all other IT titles.

^^ Ding ding! Titles really only mean anything within the same company, and even then that's debatable. I have the same "Security Engineer" title, my job is almost all technical, in the same company we have a "Security Manager" who I don't report to who is completely not technical and only works on SOX and some PCI compliance and audit issues.