Torchora
Back to Home

Key Responsibilities and Required Skills for IT Security Engineer

💰 $85,000 - $140,000

Information SecurityITCybersecurityEngineering

🎯 Role Definition

We are seeking an experienced IT Security Engineer to design, implement, and maintain enterprise security controls that protect confidentiality, integrity, and availability across on-premise and cloud environments. The ideal candidate will be hands-on with security architecture, vulnerability management, SIEM/monitoring, incident response, and compliance frameworks, and will partner with engineering, operations, and business stakeholders to reduce risk and enable secure delivery of products and services.

Key keywords: IT Security Engineer, cybersecurity, SOC operations, SIEM, incident response, vulnerability management, cloud security, threat intelligence, IAM, network security, DevSecOps, compliance.

📈 Career Progression

Typical Career Path

Entry Point From:

  • Security Analyst / SOC Analyst (Tier 2)
  • Network Engineer with security focus
  • Application Security Engineer or DevOps Engineer transitioning into SecOps

Advancement To:

  • Senior IT Security Engineer
  • Security Architect
  • Manager, Security Operations / Head of Cybersecurity

Lateral Moves:

  • Cloud Security Engineer
  • Application Security Engineer (AppSec)
  • Threat Hunter / Incident Response Specialist

Core Responsibilities

Primary Functions

  • Design, implement, and maintain layered security controls across network, endpoint, application, and cloud environments to prevent, detect, and respond to cyber threats while ensuring minimal business disruption.
  • Lead detection engineering and SIEM use-case development—develop advanced correlation rules, parsers, dashboards, and automated playbooks in Splunk, Elastic, IBM QRadar, Microsoft Sentinel, or equivalent to improve mean time to detect (MTTD).
  • Manage vulnerability management lifecycle: run regular scans using Nessus, Qualys, or Rapid7, prioritize remediation based on risk and business context, coordinate patching, and validate mitigation effectiveness.
  • Operate and tune EDR/XDR solutions (e.g., CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender for Endpoint), perform forensic triage on alerts, and convert findings into actionable controls and detection logic.
  • Lead incident response efforts end-to-end: initial containment, eradication, recovery, root cause analysis, evidence preservation, and post-incident reporting and remediation tracking.
  • Conduct threat hunting activities using telemetry from endpoints, network sensors, and cloud logs to proactively identify stealthy attackers and anomalous behavior not detected by automated tools.
  • Implement and administer identity and access management (IAM) controls, including RBAC, MFA, privileged access management (PAM) solutions (e.g., CyberArk, BeyondTrust), and identity lifecycle processes.
  • Secure cloud environments (AWS, Azure, GCP): design secure landing zones, enforce least privilege, deploy cloud-native security services (CloudTrail, GuardDuty, Security Center), and remediate misconfigurations using IaC scanning (Terraform, CloudFormation).
  • Perform secure architecture reviews and threat modeling for new projects and major changes, providing prescriptive remediation and design recommendations to development and platform teams.
  • Maintain and tune network security appliances and services—firewalls, IDS/IPS, VPNs, web proxies, and WAFs (e.g., Palo Alto, Fortinet, Cisco, F5)—including rule-life cycle, performance optimization, and logging.
  • Develop and maintain security policies, standards, and operational runbooks aligned to compliance frameworks (NIST, CIS benchmarks, ISO 27001, PCI-DSS, HIPAA) and ensure enforcement across teams.
  • Automate repetitive security tasks using scripting (Python, PowerShell) and automation/orchestration frameworks (SOAR), integrating ticketing systems and DevOps pipelines to accelerate response and remediation.
  • Build and maintain comprehensive security telemetry and observability: log aggregation, retention policies, baseline behavior modeling, KPI dashboards, and executive reporting on risk posture.
  • Partner with DevOps and engineering teams to integrate security controls into CI/CD pipelines—static and dynamic application security testing (SAST/DAST), dependency scanning, container scanning, and runtime protection.
  • Lead or support security assessments and third-party vendor risk reviews, including technical testing, control questionnaires, and remediation tracking with procurement and business owners.
  • Perform regular security architecture reviews and code review consultations with application teams to mitigate vulnerabilities early in the SDLC and advise on secure coding best practices.
  • Plan and execute tabletop exercises, red/blue team engagements, and purple team sessions to validate detection and response capabilities, track remediation, and elevate organizational readiness.
  • Monitor threat intelligence feeds and advisories, translate relevant threats into proactive controls and detection rules, and brief leadership on high-risk vulnerabilities and attacker trends.
  • Maintain incident tracking, metrics, and post-incident documentation to drive continuous improvement and knowledge sharing across the security organization.
  • Conduct root cause analysis and remediation verification for security incidents, misconfigurations, and policy exceptions, ensuring permanent fixes and lessons learned are documented and implemented.
  • Coordinate with legal, privacy, and compliance teams during investigations to meet notification, regulatory, and contractual obligations and to ensure evidence integrity.
  • Mentor junior security engineers and analysts, drive knowledge sharing, and contribute to hiring, onboarding, and training programs to scale the security team’s technical capability.
  • Evaluate, pilot, and operationalize new security products and services, creating business cases, ROI assessments, and deployment plans for technology adoption.
  • Ensure business continuity of security operations by maintaining incident response communications, escalation paths, and disaster recovery playbooks for critical security infrastructure.
  • Track and manage security-related projects and initiatives using agile methodologies, ensuring timely delivery and alignment with organizational risk priorities.

Secondary Functions

  • Develop and deliver security awareness training and phishing simulation programs to reduce human risk and improve security culture across the organization.
  • Support internal and external audits by preparing evidence, responding to findings, and implementing remediation plans in partnership with relevant stakeholders.
  • Maintain and update security documentation, runbooks, and process maps so operational teams can follow consistent procedures during incidents and routine operations.
  • Provide subject-matter expertise to cross-functional projects such as M&A integrations, cloud migrations, and platform rollouts to ensure security requirements are embedded early.
  • Assist in procurement and vendor management for security tools—evaluate RFPs, review contracts, and track SLA/health metrics for third-party security services.
  • Participate in sprint planning and agile ceremonies when embedded with platform and product teams to ensure security tasks are prioritized and completed within delivery cycles.
  • Create and maintain security metrics and executive-ready dashboards that communicate risk posture, compliance status, and remediation coverage to business leadership.
  • Support business units with risk assessments and security exceptions processes to balance security controls with operational needs while documenting compensating controls.

Required Skills & Competencies

Hard Skills (Technical)

  • SIEM and detection engineering (Splunk, Elastic/ELK, Microsoft Sentinel, IBM QRadar) — rule writing, parsing, dashboards, and alert tuning.
  • Endpoint detection and response (EDR/XDR) administration and forensic investigation (CrowdStrike, SentinelOne, Carbon Black, Microsoft Defender).
  • Vulnerability management tools and methodology (Nessus, Qualys, Rapid7); risk-based prioritization and remediation workflows.
  • Cloud security expertise across AWS, Azure, and/or GCP: native security services, IAM, network and storage controls, and IaC security (Terraform, CloudFormation).
  • Network security design and administration: firewalls, IDS/IPS, VPNs, WAFs, and secure network segmentation best practices.
  • Scripting and automation: Python, PowerShell, and automation frameworks (SOAR like Demisto, Swimlane) to automate detection and response tasks.
  • Identity and access management (IAM) and Privileged Access Management (PAM) tools and processes (Okta, Azure AD, CyberArk).
  • Application security testing and secure SDLC: SAST/DAST tools, dependency scanning (Snyk, Dependabot), container scanning (Aqua, Clair), and runtime protection.
  • Digital forensics and incident response (DFIR) skills: memory and disk analysis, log correlation, chain-of-custody, and evidence handling.
  • Compliance and frameworks knowledge: NIST CSF, NIST 800-53, CIS Controls, ISO 27001, PCI-DSS, HIPAA; ability to map controls to requirements.
  • Threat intelligence consumption and translation into operational detection/mitigation (commercial and open-source feeds).
  • Familiarity with DevOps toolchains and CI/CD integration (Jenkins, GitLab CI, GitHub Actions) to build security gates and automated checks.
  • Security architecture and design reviews, threat modeling (STRIDE/MITRE ATT&CK), and secure network/application design.
  • Logging and observability technologies, log retention strategies, and cost-effective telemetry engineering.

Soft Skills

  • Strong communication skills—able to translate technical risk into business impact and present to technical and non-technical stakeholders.
  • Critical thinking and investigative mindset—methodical, curious, and persistent during triage and root-cause analysis.
  • Collaboration and influence—works cross-functionally with engineering, product, legal, and operations to embed security as a business enabler.
  • Time management and prioritization—manages competing security incidents and projects with clear triage and escalation.
  • Mentorship and leadership—coaches junior staff, runs training sessions, and contributes to team hiring and development.
  • Adaptability—stays current with fast-changing threat landscapes and new technologies; able to pivot priorities when required.
  • Attention to detail—careful documentation, precise rule tuning, and rigorous validation of mitigations and controls.
  • Problem solving under pressure—calm and decisive during incident response and when handling escalations.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Information Technology, or a related technical discipline; or equivalent practical experience.

Preferred Education:

  • Master’s degree in Cybersecurity, Computer Science, Information Security, or related field.
  • Industry certifications such as CISSP, CISM, CEH, GCIA, GCIH, CRISC, AWS/Azure/GCP Security, or vendor-specific certs (Splunk, CrowdStrike).

Relevant Fields of Study:

  • Computer Science
  • Information Security / Cybersecurity
  • Computer Engineering
  • Information Technology
  • Network Engineering

Experience Requirements

Typical Experience Range:

  • 3–7 years of hands-on experience in IT security, SOC operations, or information security engineering for a mid-level IT Security Engineer role. (Senior roles typically require 7+ years.)

Preferred:

  • 5+ years with demonstrable end-to-end incident response ownership, SIEM and EDR administration, cloud security architecture, and a track record of driving security projects to completion.
  • Experience working in regulated industries or enterprises with mature security programs and cross-functional stakeholder engagement.
Explore More Careers