An ISSE first must determine the client’s security requirements and then take measures to build systems around those requirements to maintain the security of systems and information. The ISSE designs the architecture of an information system (IS) and chooses the pieces of the system used to perform the needed functions. The ISSE then prepares a security design for the system and chooses the components to instill system security measures. This can involve selecting commercial off-the-shelf (COTS) software or custom products.

Next, the ISSE implements system security by ensuring that the entire system works as planned. This includes testing and documenting the entire system and may include training people on the systems.

There are certifications that may be obtained by an ISSE to help secure employment, such as the following:

• Certified Information Systems Security Professional (CISSP) - Offered by the ISC
• Information Systems Security Engineering Professional (ISSEP) - Offered by the ISC
• DOD Information Technology Security Certification and Accreditation Process (DITSCAP)
• DOD Information Assurance Certification and Accreditation Process (DIACAP)