What is an information security engineer (ISE)? For this particular job role, the definition rests on some pretty elaborate jargon in the IT world.
You would think that an information security engineer would, overall, guard sensitive data, but because it's hard to untether the data from the networks and systems that hold it, the information security engineer is often described as a more general-purpose cybersecurity professional who helps to develop security plans and conducts other kinds of broad-spectrum cybersecurity work.
These individuals might conduct testing or implement firewalls, or do other things to protect systems and by proxy, the data that's in systems.
Here's more of what we've heard from professionals in the field about the job of an information security engineer.
Implementations and Controls
Generally speaking, information security engineers will be looking at virtualization platforms, networks, and other types of architectures to make sure they are safe and secure.
“(ISEs) determine and apply security baselines for various systems present in a company,” said Kenny Trinh, CEO of Netbooknews.
“Networks, virtualization, container platform or even just a printer — what are the security hardening guidelines? (They) design, build, implement and operate security controls such as IPS, FW, HIPS, FIM, SIEM, AV, etc. … on the operation side, (they) monitor security control for alerts and classify them and security incidents and respond to them.”
Will Ellis, founder at Privacy Australia, had this to say:
“An information security engineer assists in keeping a company's computer network and systems safe. Some of their responsibilities include building security plans, implementing those plans, testing for vulnerabilities, and monitoring and testing for any breaches in the company’s security. They play an important role in protecting the company from cyber-attacks and usually do not act alone, but rather form part of an IT team, where each other member of the team also has their parts to play in the safety of the company.”
“An information security engineer’s responsibilities largely revolve around constantly improving the overall cybersecurity of an organization as the technological and cyberthreat landscape continues to evolve,” added Attila Tomachek, a Data Privacy Expert at ProPrivacy.
“The information security engineer can do this for an organization by developing cybersecurity protocols and implementing security best practices, recommending improvements to existing security protocols, evaluating new security measures, recommending strategies for regulatory compliance, and conducting security training to educate employees across the organization.”
As for qualifications, companies may look for skills in physical and operations security, security architecture, telecommunications and network security, information security, risk management and more.
“An information security engineer is there to ensure that this does not happen.”
The Other Key Roles
In addition, many information security engineers will be some of those vigilant people on the vanguard of systems to spy any threats that may attack systems holding sensitive information. Because of everything that they do, ISEs are very much in demand.
“The Bureau of Labor Statistics expects an 18% increase in employment growth in the field of Information Security Engineers through 2024, a rate much faster than the average job growth in all other sectors,” said Nidhi Joshi of iFour Technolab Pvt Ltd.
In general, many of the experts we talked to suggested that there are also big changes at work in the ISE job role, and in the field of cybersecurity in general. One that is commonly cited is the phenomenon of “edge computing” or “edge networking.”
Edge Computing and Edge Networking
Edge computing or networking happens when engineering teams distribute the business of data verification and other key work at the edge of a system, rather than in its secure center.
Part of the idea behind edge networking is that when you pursue these routine tasks on the sidelines, the center stays better protected from hackers and cyberattacks. There's also the idea of abstracting the interior of the system, so that people can't see in from the outside — think of a frosted window, and in digital terms, abstracting IP addresses and other elements to foil attackers.
"Engineers need to ensure that all data, both in-flight and at-rest, is encrypted, with the use of SSL/TL security in all communications within an edge computing environment along with multi-factor authentication access,” says Rima Shah at BB.
“This will diminish the importance of physical security, as the data is encrypted with secure access in-place … (the role) of information engineer is to ensure hardware and IoT devices are security-hardened by encryption, use of zero trust networks to verify IP addresses and authenticate users. Create an island effect in which a central security organization does not have visibility into all devices and networks.”
“Edge computing involves distributed data processing,” said Hamna Amjad at Indoor Champ.
“There are a lot of devices, usually various sensors and controllers that work differently, making them very vulnerable. The security engineers must ensure that every host is hardened and patched to maintain a secure environment. Moreover, they must encrypt all data, both in-flight and at-rest. It is essential that all communications within an edge computing environment utilize SSL/TLS security along with multi-factor authentication access.”
Managing Information Security Engineering During COVID-19
These professionals will also have updated jobs and job roles according to today's new threats to the well-being of human populations.
A better question than what does an IS Security Engineer do… is:
"What does an IS Security Engineer do in the face of COVID-19?” asked Nicole Hayward, whose company, Minim, is active in trying to solve remote work problems in this crisis.
“Globally, workforces must now go remote. As a result, the network monitoring that security engineers do must take into account the decentralization of the office network into the home. Even VPN won't protect the company. VPN simply creates an encrypted
connection from the employee device to corporate systems, but it won't help
from files and system infiltration when the employee device is compromised.”
What to do, indeed?
Regardless, ISEs will be on the front lines, trying to keep data and systems safe as everything changes around them.