So, you’ve started the process of hiring a security engineer. Your job ad is live, and you’ve already received a few resumes. As you begin to line up your interviews, you’re wondering how you’ll know when you’ve found the right candidate.
The right security professional needs to be more than an excellent cultural fit. They need to possess a set of skills that are unique to their discipline. To help you narrow down your potential candidates, here’s a list of the top 7 qualities you should look for in a security engineer.
Experience is key but not necessary
Security engineer roles are highly technical and require experience. After all, this isn’t an entry-level job. Your ideal candidate will have a deep understanding of the architecture, administration and management of operating systems like Linux and Windows. They should also be familiar with programming languages and scripting languages such as Java and Python. Moreover, when it comes to security solutions, you should expect your security engineer to understand the difference between DLP and CASBs, IDSs and IPSs and so on.
Saying this, we understand that, to a non-security recruiter, trying to decide if a potential candidate has the right amount of security know-how can be challenging. This is why we also recommend that you look for a candidate that has a relevant certification – bonus points if they also have an information security degree.
Some of the most well-known certifications for security engineers are Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CompTIA Security+, and Certified Information Systems Auditor (CISA). Information Systems Security Architecture Professional (CISSP-ISSAP) Information Systems Security Engineering Professional (CISSP-ISSEP) Information Systems Security Management Professional (CISSP-ISSMP).
Passion for security
Cybersecurity is a fascinating field to work in; it’s the good guys vs bad guys, white hats vs black hats. When you interview candidates, ask them why they followed a career path in cybersecurity. A great candidate will give you an answer that’s full of enthusiasm – which is precisely what you want from a security engineer. Passionate candidates are more likely to be self-motivated and keen to do their job well.
An eye for attention
A role in cybersecurity is often akin to hunting for the proverbial needle in the haystack. Vulnerabilities, loopholes and errors are what allow cybercriminals to get into a given system – and it’s a security engineer’s job to prevent this from happening. For these reasons, attention to detail is critical. Security analysts need to be methodical, patient and willing to play by the book, as skipping over steps or rushing through work could easily lead to a security incident.
Moreover, with the threat landscape changing by the day, your ideal candidate will pay attention to security news, blogs and boards – to keep abreast of the latest threats, updates and attack profiles that could harm your business.
Calm under pressure
A security incident is a high-stakes event, and a panicked security team could make things worse. This makes it crucial to find a candidate that can stay calm and think fast under a lot of pressure. They need to be determined to complete the task at hand, no matter how difficult it may be.
Over the last ten years, technology has transformed the way we do business – and the pace of change shows no sign of slowing. Just as technology has evolved, so too have security solutions. This means that security is anything but a stagnant profession. The security solutions that protect a company today might not be fit for purpose tomorrow. So, it would be best if you had a cybersecurity engineer who has an open mind, is willing to learn and adapt, and has an eye towards what’s next.
As well as this, you should avoid know-it-all candidates with a fixed mindset. In the cybersecurity world, you can never know it all. The best candidates will demonstrate a willingness to learn and improve within the role.
Security engineers are in charge of looking after a wealth of sensitive information. This could be PHI, PII or even trade secrets. It’s therefore paramount that you hire someone who has integrity and a solid moral compass.
Remember, many security professionals have the skills to be “black hat” hackers, so you need to hire someone whom you find trustworthy – who you feel confident will use their skills for the greater good. Furthermore, with strict compliance laws like HIPAA and GDPR in force, ensuring that you choose a law-abiding candidate is pivotal to avoiding costly fines.
Cybersecurity is a technical discipline, but it’s also a role that encompasses collaboration, communication and management. Cybersecurity engineers often have to communicate with other departments, stakeholders and general employees.
It would be best to hire a confident candidate who feels comfortable with public speaking and knows how to decode jargon-fueled cybersecurity terms into understandable instructions for the everyday employee. It’s an added bonus if you find a candidate with business acumen. If they can think about the big picture of your business and not just security, then they’re likely to be a real asset.
So, there you have it! Our round-up of the top 7 skills to look for in a security engineer. Happy hiring!