How to Screen a Security Engineer

entrepreneur-2326419_1920
Image by Alyibel Colmenares from Pixabay

From personal passwords to national cyberattacks, security is a keyword to the way the present world turns.  And, your business is a microcosm of that world.  From in-house to the perimeter, security can be as simple as a lock to as complicated as intrusion alarms.  Finding the right Security Engineer to cover it all can require a complex screening.

What to Expect of a Security Engineer  

What do you expect of a Security Engineer?  What are your requirements?  From what do you need to be protected?  What does a Security Engineer do?

  1.  They protect several things
  2. Implement and maintain security policies
  3. Protect the network and IT infrastructure
  4. Protect intellectual property
  5. Deal with physical suspicious/actual incursions

Why Hire a Security Engineer?

Security Engineers have a special competence for security.  Such competence might have been acquired through military or law enforcement experience or other lifestyles.  However developed, your SE needs a sense of trust. The benefit of trusting a dedicated individual to the complexities of your business’s security is an important reason to have the right SE.

Your SE might employ the talents of yet another specialist who will attempt to penetrate security measures.  These individuals are “pen-testers,” and their job is to penetrate the security set up by your SE.

What Does the Recruiter Need to Know About Security?

  1. Do not become complacent;  security attacks change channels
  2. Security requires a very broad knowledge of IT topics.
  3. Need to know how those systems come together
  4. Realize new attacks, vulnerabilities, and other security problems are a daily occurrence.

 With What Tools/Techniques Should a SE be Familiar?

The SE has any number of tools for his job, not the least of which is his knowledge and a desire to acquire more.  SEs need to understand social engineering, phishing, buffer overflows, XSS and an increasing number of computer crimes. Basic knowledge of server, fleet, and network administration is essential and basic script programming is important

Screening a Security Engineer Using Their Resume

An applicant’s resume is only the starting point in the interview process. While a resume gives the applicant an introduction and an opportunity to explain why the job is of interest, it also might have certain other clues to technologies with which the applicant is familiar.

The applicant might name certain certificates in the exhibition of computer knowledge. Some of the most commonly mentioned are:

  1. CISSP (Certified Information Systems Security Professional)
  2. OSCP  (Offensive Security Certified Professional)
  3. OSCE  (Offensive Security Certified Expert)
  4. CCNA (Cisco Certified Network Associate)

 Interview Questions During a phone/video Interview

The resume lays the foundation, but the interview builds on it with questions that delve deeper into the applicant’s experiences, formal education and security theories. Three questions that should open meaningful dialog between the applicant and the recruiter are:

  • What’s the candidate’s experience?
  • What are the candidate’s knowledge and security theories?
  • Which security programming test should you choose?

Technical screening of security engineering skills using an online coding test

A coding test is intended to determine the applicant’s ability to code and apply it to network security.  The test should reflect “real” work conditions and allow the applicants to use off all the libraries, frameworks and other tools ordinarily used on the job. The test should be given on a level appropriate to the applicant’s abilities.

Conclusion

New security challenges seemingly arise daily.  There are new directions from which the attacks come and the widening access to networks makes for weaknesses that have to be found and repaired.  All on the shoulders of your Security Engineer.