Post on 23-Mar-2020
transcript
Talent Deep Dive – Security Engineer, Security Software Development and Security Compliance(Washington DC, Greater Boston, Austin and Vancouver)
February 2019
22
AGENDA
Talent Deep Dive – Security Engineer, Security Software Development and Security Compliance
(Vancouver, Greater Boston, Austin and Washington DC01
Defining 3 Roles: Responsibilities, technical skills &
sample roles
Talent Dashboards for the 3 roles across 4 locations
Relevant employee profiles
Top Peer Company Employers, workload & salary
distribution
Skills, certification and tools
33
Clusters Description Responsibilities (Not exhaustive) Technical Skills
Security Engineer
A Security Engineer develops solutions to complex security issues across kernels, virtualization, device emulation, firmware and hardware . They are responsible to drive security reviews, threat modeling and develop tools to detect security threats. A security engineer is also responsible for security reviews of new products and systems, design security architecture and build delivery metrics
• Design security systems and architecture • Design, implement and integrate enterprise
security solutions such as web application firewalls (WAF), intrusion prevention/detection systems (IDS/IPS), secure log management and anti-malware solutions
• Design and execute automated penetration testing modules to detect vulnerabilities
• Develop and implement security policies and procedures such as authentication rules, security escalation procedures and encryption routines
• Configure, upgrade and troubleshoot firewalls, web proxies or intrusion detection /intrusion prevention systems
Skills:• Firewall, IDS/IPS, network access control and
vulnerability testing• Security concepts related to DNS, routing,
authentication, VPN,TELNET, proxy services and virtualization technologies
• Router, switch and VLAN security, wireless security and information security
• Networking protocols like OSPF, DHCP, EIGRP, TCP/IP, VRF, IPSec, BGP and RIP
Certifications:CEH, CISM, CISSP, GSEC, CISA, GPEN, ISSAP, GIAC
A Security Software Developer develops security software and integrates security features into application software during the design and development phase. They globally distribute security systems and oversee the compliance required. Interact with security researchers to build best practices and provide scalable and globally distributed security systems
Security Software Developer
• Participate in the lifecycle development of software systems using agile methodologies
• Develop security software solutions and applications and delivery through large scale distributed systems
• Design and develop security architecture and fix vulnerabilities
• Perform both SAST and DAST security assessments of software releases in the SDLC
• Design and maintain continuous integration using Jenkins and related tools, mobile build tools and perform QA of security test cases
• Build Prototypes, Proof of Concept and Reference Models that demonstrate security value
Skills:• C, C++, C#, Java, ASM, PHP, PERL, Python,
Spring, Hibernate, Maven • TCP/IP security, Cyber security, Cryptography• HTML, CSS, REST, OpenGL, OpenCV, Maven,
Node.js• Relational databases (e.g. SQL, MySQL,
Transact- SQL, PostgreSQL, etc.)• Object oriented design, Shell scripting,
Information retrieval• XML, Restful Web Services, AJAXCertifications:ESCP, GWEB, CEH, CES, CSSLP, GSSP - JAVA, .NET
1)
2)
List of 3 unique job clusters and definitions extracted from sample profiles (1/2)
Sample Roles
• Network Security Engineer• Cybersecurity Engineer• Penetration Tester• Cryptographer• Information Systems Security
Engineer• End Point Security Engineer• Cyber Threat Intelligence
Analyst• Firmware Security Engineer• Security Engineer -
Incident Response
• Cyber Security Software Developer
• Security Software Architect• Software Developer -
Security Distributed Systems
• Embedded Security Software Engineer
• Full Stack Developer, Security
• Software Engineer, Cloud Security
• Cyber Security Implementation Engineer
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Feb, 2019
44
Security Compliance
A Security Compliance Engineer is responsible for defining and implementing information security strategies and procedures. Conduct regulatory examinations and providing advice on action plans designed to address regulatory findings, and track timely remediation of regulatory issues. Compliance specialist should act as a trusted advisor and drive in the implementation of continuous improvements to the security organization
• Perform security audits, risk analysis, network forensics and penetration testing
• Research and analyze compliance trends and leverage GRC tools to eliminate risks and to adhere with the industry standards such as FISMA, NIST and RMF
• Develop and report performance metrics that demonstrate readiness, business impact and risk reduction. Drive compliance initiatives internally and with customers
• Build risk management frameworks to support all aspects of cybersecurity compliance
• Identify security flaws and vulnerabilities among servers, systems and network devices
• Maintenance of security infrastructure, analyzing threat intelligence, security incidents and security risk monitoring
Skills:• C, C++, C#, Java, Perl, Python, ASP.NET,• Intrusion Detection, Penetration
Testing, Vulnerability assessment• HTML, CSS, XML• Transact-SQL, PostgreSQL• DDoS mitigation• Cryptography
Certifications:CISSP, GCIA, GCIH, GCFA, CEH, CCE, GPEN,CISA, CISM, CASP, GSLC
3)
List of 3 unique job clusters and definitions extracted from sample profiles (2/2)
Clusters Description Responsibilities (Not exhaustive) Technical Skills Sample Roles
• Compliance Officer -Cybersecurity
• Cybersecurity Compliance Engineer
• Security Engineer, Compliance• Security Compliance
Consultant• Risk & Compliance Security
Analyst• Senior technology/cyber
security Compliance Officer• Security Compliance Analyst• Cybersecurity Policy and
Compliance Engineer
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Feb, 2019
55
Certifications in Cybersecurity have accelerated talent upskilling and enabled employees to command higher compensations
Beginner Intermediate Advanced Expert
CompTIA A+
Microsoft Technology Associate: Security
Fundamentals
CompTIA Security+
CompTIA CySA+
CompTIA PenTest+
Cisco Certified Network Associate Security
SANS GIAC Certified Incident Handler
SANS GIAC Information Security Professional
EC Council Certified Ethical Hacker (CEH)
EC Council Computer Hacking Forensic Investigator
EC Council Certified Network Defender
GIAC Certified Intrusion Analyst
CompTIA Advanced Security Practitioner (CASP+)
Cisco Certified Network Professional Security
ISC² Certified Secure Software Lifecycle Professional
ISACA Certified Information Systems Auditor
CSA Certificate of Cloud Security Knowledge
GIAC Security Leadership Certification
GIAC Certified Enterprise Defender
Security University GIAC Certified Enterprise Defender
Cisco Certified Internetwork Expert -Security
Securing Cisco Networks with Threat Detection and Analysis
Certified Information Systems Security Professional (CISSP)
ISACA Certified Information Security Manager
Mile 2 Certified Penetration Testing Engineer
Note: The above list of certifications is non-exhaustive and the analysis shows the most commonly accepted Cybersecurity certifications found from CompTIA and curated by DRAUP Research Team
66
Cybersecurity Tech Stack for analysed roles: Security Engineer, Security Software Development and Security Compliance
Note: The represented data is a stack derived by analysing multiple Cybersecurity profiles and job postings. This domain clustering is defined by DRAUP’s Talent Module updated in Feb, 2019
Domain Roles
• Enterprise Security Architect• Information Systems Security
Engineer• Network Security Engineer• Cybersecurity Engineer• Penetration Tester• Cryptographer
• End Point Security Engineer• Cyber Threat Intelligence
Analyst• Firmware Security Engineer• Security Engineer -
Incident Response
Cyb
erS
ecu
rity
Te
ch-S
tack
• Security Compliance Consultant• Risk & Compliance Security Analyst• IT Security Audit and Compliance• Cybersecurity and Infrastructure
Audit• Cloud Security Audit Governance &
Compliance• Privacy & Compliance Officer
• Cyber Security Software Developer
• Software Developer -Security Distributed Systems
• Security Software Architect• Security Implementation
Engineer
• Embedded Security Software Engineer
• Full Stack Developer (Security)• Cloud Software Engineer (Cyber
Security)• Security Implementation
Engineer
Security Engineer Security Software Development Engineer Security Compliance
Security Standards
Firmware Security
Threat/Attack Mitigation
Log Analysis
Encryption and Data Masking
NetFlow Analysis
Transport Layer Security
Forensic Investigation
Penetration Testing
Vulnerability Management
Cryptography
Virtual Private Network Technology
Distributed Systems
Application Programming Interface
Unified Threat Management
Error Detection Framework
IAM
Complexity Analysis
Security Algorithm
Software Architecture
Firewall
Compliance tools Management
Root Cause Analysis
Security Audit
Risk Management / Risk Management Framework
Security Standards
ISO/IEC 27001/2 ISACA COBIT 5 ISO 27017 ISO 27018 ISO 9001 CSA 4.0 DISA
GRCTools & Software
Integrated Governance, Risk & Compliance solutions
Domain specific GRC solutions
Point solutionsIBM Security QRadar SIEM
MetricStream Compliance
ArcSight EMC RSANetwrixAuditor
77
Talent Landscape: Precisely estimating the talent suited for Security Engineer, Security Software Developer and Security Compliance, involves several interviews and deeper understanding of technical stacks across resumes and profiles
Austin, Texas
Greater Boston Area
Washington DC Metro Area
Vancouver, Canada
Security Engineer Security Software Developer Security Compliance
18,000 10,000 2,200
5,900 3,700 800
2,500 1,600 300
1,650 1,050 100
Total Talent Pool
30,200
10,400
4,400
2,800
Note : DRAUP’s Talent Simulation Module
88
Washington DC, Metro Area
99
Washington DC, Metro Area, Talent Landscape: Approximately 68% of the Security Compliance talent in Washington DC, Metro Area has more than 10 years of experience. Leading Software and Banking giants is the major employer of this talent
Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets
Washington DC, Metro Area
*Listed roles are a sample set and are not exhaustive
RolesMedian talent pool by experience levels (years)
0-5 6-10 10+ Total
Security Engineer 4,350 4,500 9,150 ~18,000
Security Software Developer
2,000 2,500 5,500 ~10,000
Security Compliance 250 450 1,500 ~2,200
Overall 6,600 7,450 16,150 ~30,200
0-5 years 6-10 years 10+ years
Talent Split By Experience
22%
25%
53%
Sample Roles
Sample Roles
Sample Roles
• Cyber Security Engineer• Information Security Engineer• Cyber Information Assurance Analyst• Threat Hunter• Security Architect
• Cyber Security Software Engineer• Security Software Developer• Cyber Software Engineer• Security Software Architect• Cloud Security Software Developer
• IT Audit Analyst• Compliance Analyst• Information Security Compliance Analyst• Cybersecurity Risk, Control, Audit• Cyber Security and Compliance Analyst• Compliance Analyst
Security Engineer
~18,000
Security Software Developer
~10,000
Security Compliance
~2,200
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
1010
Location Hotspot: Bethesda Maryland, Financial District, Maryland Avenue are the key employer hotspot in Washington DC, Metro Area which is a home to many tech giants like Google, Microsoft, IBM, Oracle etc.,
Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database
Washington DC, Metro Area
Microsoft
Oracle GoogleIBM
Dell EMC
Boxboat
VerizonHughesNet
ManTech International
Capital One
AXA
Tarkik
Kublr
Financial District
Northrop Grumman
Leidos
Verisign
Bethesda, Maryland
Bethesda, Maryland has presence of multiple Technology and BFSI companies
Financial District
Financial District is home to technology giants and major companies in the Software / Internet vertical
Maryland Avenue majorly hosts companies in Cybersecurity, Aviation, and BFSIMaryland Avenue
Peer Employer Extended List
BAE International General Dynamics Thales Freddie Mac CSRA Inc.
Carahsoft Technology
Marriott International
VISA
AES Corporation Raytheon
Danaher
Hilton
Capital One
Bethesda, Maryland
Maryland Avenue
Fannie Mae Cisco AES CorpHotspot Employer Locations
1111
90
120
155
100
135
175
75
100
135
Security Engineer Security Software Developer Security Compliance
Ave
rag
e Sa
lary
(0
00
’ USD
) p
er a
nn
um
Washington DC, Metro Area: Average talent cost for a Security Software Developer is greater than the average talent cost of a Security Engineer and Security Compliance Officer
Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets
Entry Level(0-5 Years)
Mid Level(6-10 Years)
Senior Level(10+ Years)
Average Salary$115,000 USD
Average Salary$130,000 USD
Average Salary$80,000 USD
1212
Washington DC, Metro Area: Top Employer Profiles for Security Engineer talent pool
~160
~140
~60
~30
~30
Top Employers & Headcount Job Titles Workloads
• Cyber Security Architect• Cyber Security Threat and Vulnerability
Engineer• Information System Security Architect• Penetration Tester
• Cyber Security Engineer• Information Security Engineer• Cyber Systems Engineer• Cyber Information Assurance Analyst
• Cyber Security Engineer• Cyber Security Architect• Security Analyst• IAM Engineer
• Security Architect• Cyber Security Engineer• Lead Security Operations Engineer• Application Security Engineer
• Develop technical and written solutions to prevent cyber security vulnerabilities• Design and recommend integrated system solutions internally and for the client• Create new techniques for solving and optimizing existing operational security issues
and POAM items to reduce program risk• Identify and report cyber threat surface and risk mitigation postures
• Perform data centric risk assessment including vulnerability scans, penetration tests• Install, configure and use tools such as Fortify, HP Scan to perform white box security
assessments• Drive vulnerability testing by leveraging COTS and GOTS based tools and generate
security finding reports and build security control test cases
• Development and support the Identity and Security Platform for customer apps• Configure and handle security tools in compliance with DoD requirements • Provide information security domain expertise throughout the security tools
development task and translate security requirements into technical designs• Develop decentralized apps using blockchain with non relational database
• Build an incident response program for incident detection, analysis, containment, eradication, recovery and forensic artifacts required for additional investigations
• Security guidance to new projects and initiatives, and develop software's in PHP, C/C++, Java and Python
• Develop automation and processes to identify security flaws, and enforce security standards
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Cyber Security Engineer• Cyber Threat Intelligence Analyst• Security Analyst
• Develops technical and procedural knowledge of all MSS services• Configure, implement, maintain, patch and update deployed security devices in a global
environment• Develop and operate tools to detect security threats and incidents• Respond to detected threats by driving quick mitigation policies
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
1313
Core ResponsibilitiesCore Responsibilities
Washington DC, Metro Area: Security Engineer : Sample Talent Profiles (1/2)
Mike MicheoEducation: BS Computer and Information Sciences, StrayerUniversity
• Provide threat and risk assessment reviews and guidance. Respond to and successfully triage incoming client requests
• Responsible for developing Standard Operating Procedures (SOP), System Design Documentation (SDD), System Manuals, Standing Instructions (SI) and Bench Level Instructions (BLI)
• Installation and maintenance of equipment and tools employed including firewalls, gateways, routers, switches, specialized Intrusion Detection Systems, Data Lost Prevention servers & workstations, RedSeal, Qualys, and Splunk
Sr. Security AnalystExperience in Current Role: 2+ YearsTotal Experience: 8+ Years
Robert BoyerEducation: N/A
• Install and maintain security scanning, monitoring, and evaluation tools used across the enterprise
• Create scripts to automate repetitive and recurring tasks
• Perform static and dynamic analysis of .NET and Java based applications including code reviews
• Implement and oversee security tools, technologies and security hardening of device configurations
• Design, develop, administer, and secure the enterprise Linux systems in the lab
Cyber Security EngineerExperience in Current Role: 9+ YearsTotal Experience: 18+ Years
• Design and develop system security architectures, security controls for client network and infrastructure
• Troubleshooting the issues discovered during subsystem and system level testing. Conduct protective and corrective measures when a security incident on vulnerability is discovered
• Evaluate industry trends and security documentation including SSAAs, COOPs, and SOP assess security tools
• Monitor vulnerability reports and observe National Vulnerability Database and US Cert Cyber Security Bulletins for identifying impacts
Ricky A. MarzettEducation: MS Information system security, Strayer University-Maryland
Senior Security SpecialistExperience in Current Role: 12+ YearsTotal Experience: 19+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Troubleshoot security related issues such as firewalls, switches, physical and virtual servers
• Evaluate, design and implement secure solutions for networking, authentication and authorization with the latest security and infrastructure technologies
• Responsible for securing and monitoring Windows and Linux servers on-premise and in the AWS
• Assess threat advisories to determine vulnerability. Design, recommend integrated system solutions ensuring proprietary or confidential data and systems are protected
Alexandra PelanEducation: N/A
Security EngineerExperience in Current Role: 1+ YearTotal Experience: 14+ Years
Core Responsibilities
1414
Core ResponsibilitiesCore Responsibilities
Washington DC, Metro Area: Security Engineer : Sample Talent Profiles (2/2)
Mohad MohamedEducation: MS Information Systems, George Mason University
• Establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis and reporting
• Design incident response for cloud service models
• Protect the network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters)
• Analysis and definition of security requirements for applications and systems
Cyber Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 8+ Years
Marshall MutumanjeEducation: N/A
• Analyze, measure and report risk occurred due to software vulnerability
• Responsible for maintaining the integrity & security of enterprise wide cyber systems and networks
• Perform cyber threat intelligence analysis, correlate actionable security events
• Perform network traffic analysis using raw packet data, net flow, IDS, IPS, & custom sensor output
Security EngineerExperience in Current Role: 4+ YearsTotal Experience: 18+ Years
• Configure and troubleshoot cyber security device, test security products and systems to detect weakness in information security
• Review security plans and assist in developing security measures to safeguard information
• Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation
• Develop and implement information systems security programs. Develop new product, process, standards or operational plans to improve the existing cyber security process
Bruce WitherspoonEducation: N/A
Principal Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 7 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Perform CND trend analysis and threat intelligence reporting
• Verify new cyber threat adversary tools, tactics, and processes
• Identify Advanced Persistent Threat (APT) activities and review DoD and open source intelligence for threats
• Test and identify risks and vulnerabilities to key applications within cyberspace
Sahil SethiEducation: Btech Computer Science, Punjab Technical University
Security EngineerExperience in Current Role: 5+ YearsTotal Experience: 11 Years
Core Responsibilities
1515
Washington DC, Metro Area: Top Employer Profiles for Security Software Developer talent pool
~180
~140
~120
~60
~50
Top Employers & Headcount Job Titles Workloads
• Cyber Software Engineer• Software Developer and Malware Analyst• Web security developer
• Cyber Security Software Engineer• Cloud Migration Security Developer• Security Software Architect
• Cyber Security Software Developer• Software Engineer – Security• Product Security Developer
• Software Engineer• Senior Software Engineer• Chief Software Architect
• Build, test and maintain reusable and reliable code for Online Aerospace Supplier Information System (OASIS) web application development
• Develop and implement security related solutions to harden the security posture• Run vulnerability assessment, penetration testing and create assessment reports
• Build product processes, automation and operational framework• Develop new applications and frameworks to help the enterprise discover cyber risks• Maintain application and servers within the distributed systems• Perform Network vulnerability assessment testing
• Design and develop protocol parsers for detecting application threats and vulnerabilities on the network
• Perform application vulnerability assessments on high-risk targets within the Company’s intranet
• Utilize application security testing methodologies to perform vulnerability assessments• Develop multi factor authentication and implement RESTful API for internal UI
development and for external users• Develop network sensor apps, establish GRPC-based remote backend connection, and
build Docker containers for functional customization
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Software Engineer• Senior Software Engineer• Principal Software Engineer
• Develop and provide enhancements to multithreaded system utility software • Develop system level software in C, C++ and Python for all cybersecurity products• Conduct requirement gathering, design and documentation, code review,
implementation and testing, and software release• Front end integration and development for the Cybersecurity offerings
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
1616
Core ResponsibilitiesCore Responsibilities
Washington DC, Metro Area: Security Software Developer : Sample Talent Profiles (1/2)
Ethan PedoeimEducation: BS Computer Engineering, University of Maryland College Park
• Design, implement and demonstrate software applications within an IT security architecture
• Develop and implement IDS & SIEM solution to detect malicious threats and anomalous network activity
• Create and maintain automation scripts leveraged for integrations between data sources and SOC solutions
• Construct and execute roadmaps for cybersecurity strategy implementation and communication
Cybersecurity/Software EngineerExperience in Current Role: 1+ YearsTotal Experience: 3+ Years
Justin ChenEducation: BS Computer Engineering, University of Maryland College Park
• Responsible for platform and security application development, database and micro-service design
• Perform security assessments and vulnerability analysis on company assets
• Build, test and maintain efficient, reusable, and reliable code for Online Aerospace Supplier Information System (OASIS) web application development
• Integrate and test software components into systems to meet requirements
Software Developer & Malware AnalystExperience in Current Role: 4+ YearsTotal Experience: 8+ Years
• Develop several web applications using ASP.NET, C#.NET, SQL Server, XML, XSLT
• Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc
• Responsible for penetration testing on cloud-based solutions and in house products
• Perform feasibility testing on security programs. Lead releases through Gate 3 and ensure compliance with standards and requirements
Cyber Cloud Architect & DeveloperExperience in Current Role: 1+ YearsTotal Experience: 12+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Design, develop, test and productize security content updates across multiple security product lines
• Develop distributed, fault-tolerant software using Python, Java, C++ programming
• Design, develop and implement framework to calculate the security risks of the cloud carrier by identifying the router vulnerabilities using C#.NET, ASP.NET, SQL Server, Java, Python, XML
• Drive client requirements in the strategic design process and translate security & business requirements into technical designs
Anthony ChowEducation: BS Computer Science,University of Maryland College Park
Cyber Security Software DeveloperExperience in Current Role: 1+ YearTotal Experience: 14+ Years
Core Responsibilities
Daniel GuymonEducation: MS Computer Engineering, Virginia Polytechnic Institute and State University
1717
Core ResponsibilitiesCore Responsibilities
Washington DC, Metro Area: Security Software Developer : Sample Talent Profiles (2/2)
Pallavi ShridharEducation: MS Information Systems, George Mason University
• Create test plans and test data for validation of security in the software
• Develop frond end for registration system using Python/Flask/Bootstrap/Jquery
• Provide Transaction Management using the Hibernate configurations
• Responsible for creating map services, implementing security using ArcGIS server
Information Security Software SpecialistExperience in Current Role: 2+ YearsTotal Experience: 8+ Years
David HarmonEducation: BS Computer Science,Dartmouth College
• Develop network sensor apps, establish GRPC-based remote backend connection, and build Docker containers for functional customization
• Optimized host-level resource assignments to achieve scalable flow rates for any customer
• Develop multi factor authentication and implement RESTful API for internal UI development and for external users
Senior Software Engineer Experience in Current Role: 1+ YearsTotal Experience: 9+ Years
• Design, research and develop components of software architecture
• Use cryptographic methods to verify integrity and authenticity of the software products
• Develop and implement tests for the verification of requirements
• Develop frontend security application using Angular, HTML, CSS, Javascript, Jquery, Bootstrap
Mary LiebEducation: MS Cyber Security, Johns Hopkins Whiting School of Engineering
Cybersecurity Software ArchitectExperience in Current Role: 1+ YearsTotal Experience: 16+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Develop and provide enhancements to multithreaded system utility software
• License management, remote configuration, file/folder synchronization and process management
• Redesigned and refactored the security apps system using Spring and related technology
• Redesigned the Fidelis software update process using Python, C++ and enhanced the efficiency of bandwidth and maintenance window
Sandeep ReddyEducation: MS Computer Science, University Of Maryland College Park
Software EngineerExperience in Current Role: 1+ YearsTotal Experience: 3+ Years
Core Responsibilities
1818
Washington DC, Metro Area: Top Employer Profiles for Security Compliance talent pool
~30
~25
~20
~20
~15
Top Employers & Headcount Job Titles Workloads
• Cyber Governance, Risk & Compliance Officer• Cyber Governance and Risk Analyst• Cybersecurity Audit lead• Information Security Risk & Compliance Officer
• Cyber Security Strategy Analyst• Cyber Security Analyst• Senior Security Compliance Audit Analyst
• Cyber Security Analyst• Security Analyst• Security and Compliance Engineer
• Information Security Compliance Auditor• Cybersecurity Compliance Engineer• Information Assurance Compliance Analyst
• Deliver all necessary cybersecurity reporting, and prepare IT security programs for mandatory governmental compliance inspections
• Develop and implement IT site security procedures to ensure full compliance with government classification guidelines
• Develop and administer companies Cybersecurity plans and adhere to standards
• Develop security policies and ensure security compliance for Cloud implementation• Perform complex analysis of cyber intelligence and law enforcement/ counter
intelligence policy and governance issues• Drive security requirements for the customer, integrating multiple capabilities and
scenarios supporting the cloud implementation
• Manage internal and external data regulatory Security Compliance efforts• Implement and monitor standards such as NIST 800 series, ISO 27000 series, GDPR, etc• Act as a subject matter expert for applicable regulations such as ISO, SOC, HIPAA, PCI,
FedRAMP/FISMA• Develop, implement, maintain and oversee security policies
• Plan, execute and lead security compliance audits• Collaborate with various departments to improve security compliance, to manage risk
and to bolster security effectiveness• Evaluate the efficiency, effectiveness and compliance of operation processes with
corporate security policies and related government regulations
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Corporate Security – Governance, Risk, & Compliance officer
• Security Compliance Consultant
• Test, evaluate and verify hardware & software products to determine governance and compliance with defined security specifications
• Drive in the support of standards such as NIST internally and with the customers. Overseeing the Trading Partner Manager platform to identify any security breaches
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
1919
Core ResponsibilitiesCore Responsibilities
Washington DC, Metro Area: Security Compliance: Sample Talent Profiles (1/2)
Jason SEducation: MS Cybersecurity,The University of Dallas
• Provide process improvement support in the functional area of Governance, Risk and Compliance
• Conduct targeted validations and reviews on standards such as ISO/IEC 27001 and 27002
• Develop compliance by design strategies and process resources within the Cyber Assurance
• Design and implement internal risk and control governance processes
• Participate in governance forums and assess compliance and risks to Information Data Management policy and standards
Cyber Governance & Risk ManagerExperience in Current Role: 1+ YearsTotal Experience: 17+ Years
John MadsenEducation: MS Cyber Security Strategy, George town University
• Develop, implement and communicate IT security policies, standards, best practices, guidance and procedures
• Develop cyber strategy and policy documents to support the operational execution of cybersecurity programs
• Lead security engineers, risk analysts and IT/cybersecurity professionals to ensure security and privacy requirements are incorporated throughout the policy development life-cycle
• Perform complex analysis of cyber, counter intelligence policy and governance issues
Cyber Security Strategy AnalystExperience in Current Role: 4+ YearsTotal Experience: 30 Years
Cyber Security Compliance ManagerExperience in Current Role: 8 YearsTotal Experience: 9 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
Matthew BreedenEducation: MS Cyber Security, University of Maryland University College
Cyber Security AuditorExperience in Current Role: 2+ YearsTotal Experience: 14 Years
Core Responsibilities
Jim McCormackEducation: PhD Neuroendocrinology, Virginia Polytechnic Institute and State University
• Conduct assessments on complex systems using common compliance assessment methodology, tools, and applications to determine cyber security frameworks
• Plan, execute and lead security compliance audits across the organization
• Inspect and evaluate information systems, management procedures and security controls
• Review the personnel to establish security risks and complications
• Develop, implement, maintain and oversee enforcement of security policies
• Collaborate with security architects and technical security teams to implement security processes based on industry-standard and compliance requirements
• Act as a subject matter expert for applicable regulations such as ISO, SOC, HIPAA, PCI, FedRAMP/FISMA
• Ensure the use of standard methodologies such as NIST 800 series, ISO 27000 series, GDPR wherever applicable
2020
Core ResponsibilitiesCore Responsibilities
Washington DC, Metro Area: Security Compliance : Sample Talent Profiles (2/2)
Harry LEducation: BA English Language and Literature, North Carolina Central University
• Develop and implement programmatic strategies for enterprise compliance and integrate program management strengths with Agile practices to drive Cyber objectives
• Drive governance and coordinate periodic reviews to identify opportunities and refine initiatives
• Lead IT strategy relating to privacy, security and compliance assurance
• Design and articulate the compliance posture and run test audits to ensure compliance. Assist in capturing, maintaining, and analyzing compliance data and build a holistic compliance risk management framework
Cyber Governance, Risk & Compliance ManagerExperience in Current Role: 5 MonthsTotal Experience: 8+ Years
Loretta LemonEducation: MS Management –Information Systems Security, M.S.- Colorado Technical University
Cybersecurity, Privacy & Compliance ManagerExperience in Current Role: 8+ YearsTotal Experience: 12 Years
Cuong NguyenEducation: MS Cyber Security, George Mason University
IT Security Compliance AnalystExperience in Current Role: 2+ YearsTotal Experience: 11 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
Doug EnnelsEducation: NA
Information Systems Security Risk Analyst - ComplianceExperience in Current Role: 2+ YearsTotal Experience: 5 Years
Core Responsibilities
• Evaluate security governance including payment card industry (PCI) security, identity and IT regulatory compliance needs and gaps against business requirements and objectives
• Provide recommendations and allocate resources to manage security risks and compliance
• Develop an IT security plan to manage risk and automate multiple risk management programs
• Manage IT governance, risk and compliance and deliver leadership in Security Strategy Risk and compliance
• Conduct vulnerability and compliance assessment scans on assigned systems using Tenable Nessus, Retina, and AppDetective tools
• Review systems, programs, and other elements to determine compliance using Cyber Security Framework
• Create, maintain and implement the security governance, security frameworks ,compliance polices and standards for ICT infrastructure program in accordance with standards that needs to be adhered
• Develop, implement and maintain System Security Plans (SSP), Standard Operating Procedures (SOP) and information security policies to ensure compliance with Risk Management Framework (RMF) guidelines
• Conduct risk assessments and implement compliance in accordance with government regulations and cybersecurity guidelines
• Perform hardware/software configuration management, develop hardware/software approval letters for government approval and perform IA self inspections to measure regulatory compliance
2121
Greater Boston Area
2222Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets
Greater Boston Area
*Listed roles are a sample set and are not exhaustive
RolesMedian talent pool by experience levels (years)
0-5 6-10 10+ Total
Security Engineer 1,200 1,300 3,400 ~5,900
Security Software Developer
600 700 2,400 ~3,700
Security Compliance 70 130 600 ~800
Overall 1,870 2,130 6,400 ~10,400
0-5 years 6-10 years 10+ years
Talent Split By Experience
18%
20%
62%
Sample Roles
Sample Roles
Sample Roles
• Information Security Engineer• Network Security Architect• Embedded Security Engineer• Security Analyst, Malware and Forensic Lead• Cybersecurity Risk Assessment Engineer
• Cyber Security Software Engineer• Security Software Developer• Cyber Software Engineer• Security Software Architect• Cloud Security Software Developer
• IT Audit Analyst• Compliance Analyst• Information Security Compliance Analyst• Cybersecurity Risk, Control, Audit• Cyber Security and Compliance Analyst• Compliance Analyst
Security Engineer
~5,900
Security Software Developer
~3,700
Security Compliance
~800
Greater Boston Area, Talent Landscape: Approximately 75% of the Security Compliance talent has more than 10 years of experience. Leading Software and Banking giants is the major employer of this talent
2323
Location Hotspot: Westford, Cambridge and Plymouth are the key employer hotspot in Greater Boston Area for the analysed security talent roles
Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database
Hotspot
Greater Boston Area
IBM
MathWorks
RSA Security
Akamai Technologies
State Street
Pivotal
Microsoft
Fidelity Investments
Liberty Mutual
Insurance
Athenahealth
RedHat
Plymouth
Wesford
Employer Locations
Dell EMCCambridge
Raytheon
National Grid
Cambridge Cambridge is home to technology giants and major companies in the Software / Internet vertical
Westford Westford has a mix of Software, BFSI and Cybersecurity companies
Plymouth majorly hosts companies in BFSI, Healthcare and Energy/PowerPlymouth
Peer Employer Extended List
Cisco Boston Scientific Schneider Palo Alto Networks Honeywell
Symantec BAE Systems Iron Mountain Bank Of America Boston Scientific
Sanofi Fiserv NetScout AT&T Analog Devices
2424
80
105
140
90
115
155
65
90
125
Security Engineer Security Software Developer Security Compliance
Ave
rag
e Sa
lary
(0
00
’ USD
) p
er a
nn
um
Greater Boston Area: Average talent cost for a Security Engineer is greater than the average talent cost of a Security Software Developer and Security Compliance Officer
Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets
Entry Level(0-5 Years)
Mid Level(6-10 Years)
Senior Level(10+ Years)
Average Salary$102,000 USD
Average Salary$120,000 USD
Average Salary$72,000 USD
2525
Greater Boston Area: Top Employer Profiles for Security Engineer talent pool
~180
~55
Top Employers & Headcount Job Titles Workloads
• Security Hardware Engineer• Network Security Engineer• Security Architect
• Troubleshoot storage-related reliability, availability and performance issues• Security field solution design for XtremeIO Business unit• Perform storage virtualization, fully automated storage tiering and disaster recovery• Perform customer’s risk and fraud environment analysis, including extensive production
data to identify vulnerabilities and risk patterns
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Information System Security Engineer• Industrial Security Specialist• Network Security Engineer
• Develop cyber security requirements, including design and architecture artifacts, strategy, plans, and policies
• Implement security controls for networking devices, operating systems and hardware and software components
• Perform vulnerability assessments
~30
~25
• Information Security Engineer• Network Security Architect• Security Solutions Engineer
• Assess the security and vulnerability of deployed systems using tools and adversary Tactics, Techniques, and Procedures (TTPs)
• Develop networking prototypes and security capabilities in advanced labs• Conduct security reviews of internal facing prototypes and services
• Network Engineer – Cyber Security• Cyber Security Analyst• Cybersecurity engineer• Cybersecurity Risk Assessment Engineer
• Develop and maintain an Information Assurance Vulnerability Management (IAVM)• Develop threat models, measures and metrics for security• Integrate Linux security configurations via DISA STIGs• Analyze and integrate scalable human-assistive cyber decision support tools
~20
• Information Security Engineer• Security Analyst, Malware and Forensic Lead• Computer Forensic Analyst• Security Architect
• Design, develop, implement and integrate IA and security systems and system components
• Validate and verify system security requirements definitions and analysis and establish system security design
• Build of security architectures and mitigate system security threats throughout the program life cycle
2626
Core ResponsibilitiesCore Responsibilities
Greater Boston Area: Security Engineer : Sample Talent Profiles (1/2)
Tim HonkerEducation: BS Astronautic/Space Engineering, The University of Texas at Austin
• Responsible for tools and data collection, tracking and analysis, internal processes, threat awareness and training, and external engagement domains
• Design, build, test and deploy SIEM and Security Architectures
• Perform security incident analysis and recommend remediation steps
• Develop, implement and maintain security polices and standards
Senior Cyber Security EngineerExperience in Current Role: 3+ YearsTotal Experience: 10+ Years
Ronald HodgesEducation: BS Computer Engineering, Virginia State University
• Investigate incidents and create accurate incident reports for records
• Deploy cloud-based test network infrastructure and design embedded systems pen-testing framework
• Build data architecture and implement vulnerability theory
• Develop Systems Security Plans (SSP) and Plan of Action and Milestones (POAM) for missile defence testing and training systems
Cyber Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 5 Years
• Establish a framework to improve delivery of IaaS security services
• Architect product portfolio in the areas of encryption, authentication, system integrity, and policy management
• Develop security features into cutting edge storage products, and perform security penetration tests
• Manage secure development life cycle (SDLC) for products
Sharath HugluvalliEducation: MS Computer Information Systems, St. Mary's University
Senior Security ArchitectExperience in Current Role: 12+ YearsTotal Experience: 19+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Conduct vulnerability scans, static code scans and dynamic code scans to detect software vulnerabilities
• Implement, maintain and integrate various enterprise cybersecurity tools and provide integration support to NAVFAC
• Create and maintain multiple virtual server systems based on VMware
Jason HillEducation: MS Cybersecurity Technology, University of Maryland College
Senior Cyber Systems EngineerExperience in Current Role: 9+ YearTotal Experience: 12+ Years
Core Responsibilities
2727
Core ResponsibilitiesCore Responsibilities
Greater Boston Area: Security Engineer : Sample Talent Profiles (2/2)
TJ McCannEducation: NA
• Generate and update Cyber Security plans as required
• Provide IT Policy and targeted incident reduction to the software projects
• Develop security artifact templates for security assessment plans and reports
• Perform automated and manual testing for vulnerabilities and misconfigurations
• Responsible for providing on-site IT security support to remote field sites
Cyber Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 19+ Years
Ari SeitelmanEducation: MS Information Assurance & Cyber Security, Northeastern University
• Provide guidance and oversee vulnerability assessments
• Define, negotiate, and execute Assessment and Authorization (A&A) programs
• Define security development and test efforts for the implementation of security controls of networking devices, operating systems and hardware & software components
• Define and develop cyber security requirements, including design and architecture artifacts, strategy, plans and policies
Cyber Security EngineerExperience in Current Role: 3+ YearsTotal Experience: 13+ Years
• Perform network troubleshooting, firewall changes, security auditing, and vulnerability management
• Manage, monitor and troubleshoot systems with strong focus on continuous improvement
• Manage incident response and troubleshoot the issues when raised
• Design, implement and maintain security processes and controls, ensure compliance with core applicable standards (PCI-DSS, SOC2 Type II, ISO27001)
Salman SyedEducation: Information Technology Cybersecurity, University of Cumberland
Network Security EngineerExperience in Current Role: 1+ YearTotal Experience: 3+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Test and implement appropriate security methods and control techniques such as firewalls, intrusion detection software, data encryption, data backup and recovery
• Evaluate, develop and implement security standards and procedures
• Review the development, testing and implementation of security plans, products and control techniques
• Assist with automation development of security process by interacting with the development and product teams
Dale GoinsEducation: BS Information Technology, University of Phoenix
Senior Information Security AnalystExperience in Current Role: 1+ YearTotal Experience: 13+ Years
Core Responsibilities
2828
Greater Boston Area: Top Employer Profiles for Security Software Engineer talent pool
~100
~80
~80
~50
Top Employers & Headcount Job Titles Workloads
• Principle Software Engineer• Sr Software Engineer• Security Software Developer
• Security Front End Developer• Cloud Security Engineer• Security Software Developer
• Cloud Security Software Developer• Security Software Engineer• Software Engineer II (Security)
• Security Software Engineer• Cyber Software Engineer• Security Software Architect
• Build advanced threat protection and endpoint protection solution• Develop network security software solutions• Perform penetration testing and system attack for the software projects• Build API translation layer for integrating mobile security solutions
• Develop distributed, fault-tolerant security software for IBM products• Enhance the Bluemix application development platform and avoid threat indulgence• Create and maintain secure machine learning models with a focus on big data• Develop creative technology solutions and implement new features and enhancements
for the next generation cybersecurity controls
• Perform user implementation for customer facing application using AWS active directory service hosted on AWS elastic bean stack
• Design, build and own production deployments such as Kafka, Kubernetes, Elasticsearch and PostgreSQL
• Design, implement, debug and fix problems with the software applications• Develop products and solutions that are hardened against emerging cyber threats• Develop and enhance security tools• Perform crash analysis, vulnerability assessment, malware detection, code
development, system hardening and security certification and accreditation
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill setsNote : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
~30 • Cyber Security Software Engineer• Security Software Developer
• Perform penetration testing and system attack for the software projects• Conduct internal forensic investigations and develop global security monitoring and
incident response programs • Support Big data and analytics, including application of Map Reduce programming
model and analytics technologies such as Hadoop, Hive and Pig
2929
Core ResponsibilitiesCore Responsibilities
Greater Boston Area: Security Software Engineer: Sample Talent Profiles (1/2)
Omar RazaEducation: N/A
• Design, research and develop components of security software architecture
• Build and manage testing environments, and assist in debugging application issues
• Design and code servers, services, applications and databases that are reusable, scalable and meet critical architecture goals
• Design, develop and create automated frameworks, processes and test cases based on functional and non-functional requirements
Security Software Development EngineerExperience in Current Role: 2+ YearsTotal Experience: 8+ Years
Zach BornsteinEducation: BS Information Security and Forensics, Rochester Institute of Technology
• Design and implement systems that enhance Liberty Mutual’s security infrastructure
• Implement software security techniques in compliance with Linux Kernel and Android software architecture
• Perform threat modelling, implement attack surface reduction and kernel hardening features
• Guide the software development team in implementing security standards and tools
Senior Software DeveloperExperience in Current Role: 11 MonthsTotal Experience: 6+ Years
• Design, develop, test, deploy, maintain and improve software
• Architect and design security software to meet current and future requirements and test vulnerability assessments
• Responsible for implementing design specifications, system flow diagrams, documentation and testing of security software
• Drive application security and conduct incident management of Google’s products and applications
Sr Software Engineer - CybersecurityExperience in Current Role: 3+ YearsTotal Experience: 20+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Design, architect security software solution in components like deep learning security, secure boot, Secure OS on Tegra platform
• Develop Secure OS and Secure OS applications used in various security use cases like secure key exchanging and web security
• Triage and debug various software issues in complex applications
• Develop, review and execute test plans and test cases
Rajesh RameshEducation: MS Computer Science, Northeastern University
Application Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 8+ Years
Core Responsibilities
Sachin PatilEducation: MS Computer/Information Technology, MIT
3030
Core ResponsibilitiesCore Responsibilities
Greater Boston Area: Security Software Engineer: Sample Talent Profiles (2/2)
Jay McDermottEducation: N/A
• Build platforms by architecting reusable building blocks
• Responsible for software architecture, operating system fundamentals, API designs, and system security
• Design strategy for deployment, maintenance and monitoring the platform infrastructure
• Develop cloud micro-services and platforms and provide functionality to Bose products and mobile applications
Cloud Security Software EngineerExperience in Current Role: 3+ YearsTotal Experience: 20+ Years
William NeilonEducation: BS Computer and Information Systems Security/Information Assurance, The University of Texas at San Antonio
• Develop and enhance security tools, exploit development, reverse engineering of software and hardware products
• Perform crash analysis, vulnerability assessment, malware detection, code development, system hardening and security certification and accreditation
• Support generation of documentation to include software development folders, design presentations and problem reports
Sr. Software Engineer IIExperience in Current Role: 2+ YearsTotal Experience: 12+ Years
• Build integration design between cloud applications using Java/J2EE and related web application technology without compromising security of data
• Responsible for interface design and develop connectivity diagrams
• Design and develop Single Page Application(SPA) using Angular 5 and integration to .NET Web API (Restful Web service)
• Implement Single Sign On (SSO) solution using RSA SECUREID
Senior Security Software EngineerExperience in Current Role: 3+ YearsTotal Experience: 5+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Develop modules of security and authentication components for multipurpose usage of toolkits in C, and C++
• Develop and maintain secure authentication with LDAP authorities AD, Open LDAP along with role based authentication
• Implement and test new features and modules of the toolkit
Anup Swamy VeenaEducation: MS Computer Science, Northeastern University
Security DeveloperExperience in Current Role: 2+ YearsTotal Experience: 5+ Years
Core Responsibilities
Sachin PatilEducation: MS Computer/Information Technology, Central Michigan University
3131
Greater Boston Area: Top Employer Profiles for Security Compliance talent pool
~25
~25
~20
~15
~10
Top Employers & Headcount Job Titles Workloads
• Security Compliance Officer• Cybersecurity and Infrastructure Audit Analyst• IT Risk & Compliance officer
• IT Audit Analyst• Compliance Analyst• Information Security Compliance Analyst• Cybersecurity Risk, Control, Audit
• Security Compliance Officer• Information Security and Compliance Officer• Cloud Security and Compliance Officer
• Security & Compliance Analyst• IT Security and Risk Analyst• Compliance Analyst
• Identify real-time CRMT process improvements and suggest resolutions when applicable• Implement a Compliance Monitoring program over the IT Organization and provide subject
matter expertise in the design and testing of infrastructure technology• Liaise with Compliance Advisory to detect gaps, issues, breaches and process
improvements
• Monitor control remediation plans in the Governance Risk and Compliance (GRC) system• Perform IT general control readiness assessments• Design and operate effectiveness of Information Security controls required for cloud based
platforms and applications
• Utilize information security practices such as NIST 800 series, ISO 27000 series, GDPR, etc• Develop, implement, maintain and oversee enforcement of security policies• Conduct regular audits on systems and host third-party audits as required, in order to
maintain certifications and compliance certificates
• Manage the Cyber Security risk assessment program for Liberty Mutual projects• Provide process improvement support in the functional area of Governance, Risk and
Compliance• Provide periodic analysis of corporate risk position, assist in the development,
configuration and implementation of GRC toolsets
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Cyber Security and Compliance Analyst• Compliance Analyst• Information Security Compliance Analyst
• Develop, implement and maintain key operational Compliance and Vulnerability metrics for the software projects
• Manage security and compliance activities for development, testing, configuration and life cycle management of cloud software
• Develop strategies to solve complex technical challenges
3232
Core ResponsibilitiesCore Responsibilities
Greater Boston Area: Security Compliance : Sample Talent Profiles (1/2)
Lored FabbricatoreEducation: Diploma in Information Technology Networking at Latin University of Costa Rica
• Develop, implement, maintain and oversee enforcement of security policies
• Create, implement and maintain appropriate enterprise programs, policies and procedures to be compliant with all applicable regulations including ISO, SOC, HIPAA, PCI, FedRAMP/FISMA
• Determine secure operation of all computer systems, servers, and network connections in accordance with the policies, procedures and compliance requirements
• Assist team members and internal clients with highly complex security issues applicable in cloud enterprise environment
Cloud Security Audit Governance & Compliance leadExperience in Current Role: 1+ YearTotal Experience: 20+ Years
Joshua KeilsonEducation: BA Economics, University of Massachusetts
• Design and operate effectiveness of Information Security controls required for cloud based platforms and applications
• Provide guidance on cloud based application solutions which include regulatory, contractual, security and architecture standards
• Actively monitor control remediation plans in the Governance Risk and Compliance (GRC) system
• Ensure Information Security, Regulatory Compliance, Incident Management, Problem Management and Change Management practices
Compliance AnalystExperience in Current Role: 7+ YearsTotal Experience: 11+ Years
• Design and conduct monitoring activities networks/systems, corporate security policies, systems and network architectures, documentation review and development, vulnerability assessments and security testing and evaluation
• Track and follow up ongoing audit and compliance efforts
• Monitor Information Security team projects and activities. Regularly update the compliance process and standards maintained
• Provide process improvement support in the functional area of Governance, Risk and Compliance
IT Risk & Compliance OfficerExperience in Current Role: 1+ YearTotal Experience: 4+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Remediation tracking, support and escalation of compliance gaps identified through the Security and IT Compliance Dashboard
• Develop compliance strategy in alignment with business requirements, objectives and metrics
• Responsible for ensuring the security controls which are operating effectively in the organization
• Perform vendor risk assessment annually for existing vendors and identify gaps. Identify any breach of compliance by vendors in the security space
Gerardo Barrios E.Education: BS Computer Science, Westfield State University
Senior Compliance AnalystExperience in Current Role: 4+ YearsTotal Experience: 30+ Years
Core Responsibilities
Stephanie InvernizziEducation: MS Information Security and Assurance Field Of Study Cybercrime and Critical Infrastructure, Norwich University
3333
Greater Boston Area: Security Compliance: Sample Talent Profiles (2/2)
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Perform technical compliance reviews including configuration hardening reviews, vulnerability assessments and penetration testing
• Evaluate and report on security risks, processes and projects to various stakeholders
• Manage compliance to security frameworks, e.g. ISO/IEC 27001/27018, SOC 2 Type 2, PCI DSS, ITGC/SOX, etc.,
• Act as an advocate to ensure compliance for security standard methodologies for cloud and network specific design concerns
Core Responsibilities
Randy OldenburgEducation: BS Computer Science, Worcester State University
ITS Quality & Compliance AnalystExperience in Current Role: 2+ YearsTotal Experience: 13+ Years
• Develop a comprehensive controls and governance approach
• Develop risk analysis, risk management framework and processes, risk evaluation and quantification methodology and risk standards
• Responsible for security compliance and privacy to develop and implement effective IT risk management practices
IT Risk, Compliance and SecurityExperience in Current Role: 13+ YearTotal Experience: 13+ Years
Core Responsibilities
Bob ClairmontEducation: N/A
Core Responsibilities
Randall LawrenceEducation: MA Justice Studies,University of New Hampshire
• Responsible for the identification and escalation of changes that affects the information security policy, standards and procedures
• Establish and leverage interfaces to relevant internal or external functions and experts
• Provide periodic analysis of corporate risk position, assist in the development, configuration and implementation of GRC toolsets
Regulatory Compliance AnalystExperience in Current Role: 2+ YearsTotal Experience: 6+ Years
• Focuses on assessing and prioritizing risk across the organization and compliance with information security policies
• Perform risk assessments and control gap analysis against Information Security Policies and Risk Management Standards
• Perform security control assessments utilizing established industry frameworks (SSAE18 SOC 1 & 2 Type 2, HIPAA, PCI DSS, FedRAMP, NIST CSF, NIST 800-53, ISO 27001, etc)
Information Security Compliance ManagerExperience in Current Role: 7+ YearTotal Experience: 24+ Years
Core Responsibilities
Steve TurnerEducation: N/A
3434
Austin, TX
3535
Austin, Texas Area, Talent Landscape: Approximately 77% of the Security Compliance talent in Austin, Texas Area has more than 10 years of experience majorly employed across technology giants like Dell, IBM, and Oracle
Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets
Austin, Texas Area
*Listed roles are a sample set and are not exhaustive
RolesMedian talent pool by experience levels (years)
0-5 6-10 10+ Total
Security Engineer 450 600 1,450 ~2,500
Security Software Developer
300 400 900 ~1,600
Security Compliance 35 35 230 ~300
Overall 785 1,035 2,580 ~4,400
0-5 years 6-10 years 10+ years
Talent Split By Experience
18%
24%
59%
Sample Roles
Sample Roles
Sample Roles
• Cyber Security Engineer• Information Security Analyst• Cyber Security Analyst• Information Security Engineer• Security Engineer
• Security Software Engineer• Security Software Developer• Cyber Security Software Developer• Cyber Software Engineer• Cyber Security Software Engineer
• Security and Compliance Engineer• Cyber Security Analyst• Information Assurance Compliance Analyst• Security Compliance Audit Analyst• Cybersecurity Compliance Engineer• Security Compliance consultant
Security Engineer
~2,500
Security Software Developer
~1,600
Security Compliance
~300
3636
Location Hotspot: North Austin is the key employer hotspot in Austin, Texas Area
Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database
Austin, TexasNorth Austin
North Austin is the employer hotspot in Austin Texas. Software/Internet and Telecom & Networking are the major companies located here
Peer Employer Extended List
Rapid7 HP Force point CSRA Inc.
Intel Corporation
NXP Semiconductors
Accenture
General Motors FlextronicsAccruent
3M Corporation
AMD
Freescale Semiconductor
Dell Technologies
IBM
Apple
Hewlett Packard Enterprise
AT&T
Cisco SystemsGeneral Motors
Oracle
North Austin
VISA
Fannie Mae Gemalto
Hotspot Employer Locations
3737
65
95
135
75
100
140
55
70
100
Security Engineer Security Software Developer Security Compliance
Ave
rag
e Sa
lary
(0
00
’ USD
) p
er a
nn
um
Austin, Texas Area: Average talent cost for a Security Engineer is greater than the average talent cost of a Security Software Developer and Security Compliance Officer
Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets
Entry Level(0-5 Years)
Mid Level(6-10 Years)
Senior Level(10+ Years)
Average Salary$90,000 USD
Average Salary$98,000 USD
Average Salary$58,000 USD
3838
Austin, Texas Area: Top Employer Profiles for Security Engineer talent pool
~130
~40
~40
~20
~20
Top Employers & Headcount Job Titles Workloads
• Security Architect• Network Security Engineer• Security Specialist
• Security Engineer• Network Security Engineer• Network Development Engineer
• Security Architect• Information Security Engineer• Network Engineer
• Cyber Security Engineer• Network Engineer• Network Security Engineer
• Implement security related strategies and proposals, identify and manage security related task
• Manage network intrusion detection and data loss prevention to determine their root cause
• Execution of penetration test for external and internal networks, wifi and web applications
• Configure and maintain next generation firewalls, web filtering, database firewalls• Proactive threat hunting and malware analysis using commercial and open source tools• Troubleshoot and deploy security devices across various network segments• Identify root cause for vulnerabilities in design, implementation or in configuration and
recommend future preventative measures
• Implement and upgrade security measures and controls to protect digital files and information systems from unauthorized access
• Design and implement security operations and critical network integrations• Develop, implement and maintain security assessment processes and tools to review
the security controls
• Design and architect secure applications, systems and networks in line with industry best practices, company policy and compliance frameworks
• Monitor the cybersecurity landscape to identify trends and emerging risks• Evaluate and assess the security of components within global connectivity platforms
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Security Support Analyst• Security Control Specialist• Network Security Engineer
• Deploy and troubleshoot IP subnets, routers, switches, access points and modems• Develop and implement strategies to detect, prevent and analyse security threats• Troubleshoot and install unified Communications and wireless devices
3939
Core ResponsibilitiesCore Responsibilities
Austin, Texas Area: Security Engineer : Sample Talent Profiles (1/2)
Jennifer ChavezEducation: B.S. Management Information Systems, Doane University
• Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
• Configure and troubleshoot security based firewalls, routers and switches
• Design, implement and analysis of end-to-end testing methodologies to analyze the interoperability of networks
Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 11+ Years
John SnellEducation: N/A
• Perform application vulnerability, threat modelling and security risk assessments
• Develop policies, procedures and technical reports associated with operating and maintaining global network security
• Analyze the performance of strategic network security and troubleshoot end to end connectivity problems
Network EngineerExperience in Current Role: 21+ YearsTotal Experience: 21+ Years
• Build integration and automation tools for security processes to build infrastructure and servers
• Design and development of security solutions using IBM security capabilities
• Build enterprise security level catalog , techniques and patterns to enable secure implementation of features in products
• Design and implement network intrusion detection and data loss prevention systems
Jaya RamanathanEducation: Doctor of Philosophy (Ph.D.) Computer Science, Michigan State University
Security EngineerExperience in Current Role: 16+ MonthsTotal Experience: 17+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Correlate threat intelligence with security systems and controls to handle security events
• Deploy and manage hardware security modules
• Troubleshoot access Network issues, patch Vulnerabilities and Mitigate DDoS attacks on Firewalls
• Identify and solve cyber threats by defining security requirements and performing penetration tests
• Analyse code reviews for vulnerabilities and adherence to requirements
Vincent Le RoyEducation: N/A
Security EngineerExperience in Current Role: 1+ YearTotal Experience: 22+ Years
Core Responsibilities
4040
Core ResponsibilitiesCore Responsibilities
Austin, Texas Area: Security Engineer: Sample Talent Profiles (2/2)
Jorge Pina
Education: BA Public Administration, University of Arizona
• Implement and design protocol compatibility standards and network management components
• Implement hardware and software solutions to mitigate a wide variety of network attacks
• Configure, monitor and troubleshoot network routers, switches and encryption devices in Windows Active Directory environment
• Oversee Anomaly Detection, Intrusion Detection, Anti-phishing, Web Application Firewall and Network Security
Network EngineerExperience in Current Role: 5+ YearsTotal Experience: 20+ Years
Angelo Colon
Education: Bachelor of Science (B.S.) Biomedical, California Polytechnic State University
• Develop system security plans, risk management matrix, security control traceability matrix and security test procedures
• Develop policies, procedures and technical reports associated with operating and maintaining global network
• Configure antivirus servers and program its applications to integrate with existing applications
• Create network using active directory, Splunk and analyze log files of incoming attacks into the network
Cyber Security EngineerExperience in Current Role: 5+ YearTotal Experience: 7+ Years
• Troubleshoot problems with applications, network and security infrastructure including routers, switches, firewalls, VPN appliances, proxy servers, DNS appliances and Wireless devices
• Configure and troubleshoot routing protocols like MP-BGP, OSPF, EIGRP, RIP, BGP v4 and MPLS
• Build or enhance solutions to detect and mitigate new threats that increase security and organizational efficiency
Joshua Eastman
Education: N/A
Network Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 10+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Define design requirements in hardware, software and infrastructure to achieve desired security assurance levels
• Design and develop micro architecture for hardware components and implement strategies for mitigating damage and preventing future breaches
• Maintain cyber defense initiatives, indicator lists, threat reports, incident response techniques and cyber defense technologies
Aditya Katragada
Education: MS Computer Engineering, University of Missouri-Rolla
Security ArchitectExperience in Current Role: 8+ YearsTotal Experience: 9+ Years
Core Responsibilities
4141
Austin, Texas Area: Top Employer Profiles for Security Software Engineer talent pool
~200
~110
~90
~70
~50
Top Employers & Headcount Job Titles Workloads
• Software Security Developer• Software Security Architect• Cloud Software Engineer• Software Analyst
• Software Security Developer• Software Engineer
• Security Engineer• Software Security Engineer
• Security Software Engineer• Software Engineer
• Build automation or integration with API’s using automation tools such as Ruby, Go and Perl
• Design and develop applications, libraries and scripts using rapid automation tools• Design, develop and integrate object oriented applications
• Develop and implement high performance web application and mobile application using Microsoft .NET technologies
• Design and develop secured RESTful Application Programming Interface (API) layer using ASP.NET Web API
• Provide technical direction on product planning for complete security software systems
• Develop web based application using Java, JavaScript, HTML/CSS and MySQL• Develop secure frameworks, libraries and create threat models for a complex set of
technologies• Develop automation testing framework using selenium web driver, TestNG and spring
• Design and develop company wide standardized versioning system for both internal configuration management using Jenkins
• Implement TLS/SSL features in the next generation firewall and IPS appliance based on Fire Linux OS
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Application Security Developer• Software Security Engineer
• Deploy and troubleshoot IP subnets, routers, switches, access points and modems• Develop next generation web applications for managing firewall and intrusion
prevention systems
4242
Core ResponsibilitiesCore Responsibilities
Austin, Texas Area: Security Software Engineer : Sample Talent Profiles (1/2)
Alfredo Mellado
Education: N/A
• Design, develop GCCX security architecture and gateway system to consume micro services on spring cloud framework
• Design and implement UI on angular 5 framework and Integrated Azure AD, Spring security and OAUth2 protocol to secure services
• Design and implement the next generation service engineering delivery systems
Software DeveloperExperience in Current Role: 3+ YearsTotal Experience: 7+ Years
William Hunt IIIEducation: MS Cyber Security, National University
• Design, develop, configure, test and integrate host based security monitoring software
• Setup single sign on authentication using ping federate to provide identity management with API security
• Design, develop and migrate legacy application from third party data centers to in house data centers
• Develop security related modules and libraries for building secure applications using python
Cyber Security EngineerExperience in Current Role: 4+ YearsTotal Experience: 5+ Years
• Implement and verify secure coding techniques to build the next generation payment processing solutions
• Design and develop web 2.0 rich UI for self service application using jQuery ajax framework and screen functionality using HTML, CSS and JavaScript
• Design, build and maintain DevNet Sandbox’s APIs and associated deployment architecture
• Develop rest APIs with design patterns and java frameworks like spring and hibernate
salauddin sEducation: MS Computer and Information Systems, University of the Cumberlands
Software DeveloperExperience in Current Role: 2+ YearsTotal Experience: 9+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Design, code, and debug both front-end and backend security interfaces
• Design, build, configure data security solutions and data protection and privacy software capabilities
• Develop unified AP and LAN ports features using Ruby on rails and PostgreSQL
• Design and develop spring boot application (GMM simulator) to simulate upto 8000 IR800s series gateways in a cluster
Alok Nath SahaEducation: MS Electrical and Computer Engineering, New York University
Security Development EngineerExperience in Current Role: 2+ YearsTotal Experience: 9+ Years
Core Responsibilities
4343
Core ResponsibilitiesCore Responsibilities
Austin, Texas Area: Security Software Engineer : Sample Talent Profiles (2/2)
Avi KatzEducation: Master of Science (MS) Electrical Engineering, Arizona State University
• Design, Develop and Test BIOS/UEFI Firmware for Dell PowerEdge Server and ESI Servers using C and x86 assembly
• Design and develop ACP, PCI Express, IPMI, Power management and SMBIOS modules
• Debug BIOS/UEFI using JTAG debugger, Oscilloscope and other instruments
• Develop GUI interface using angularJS, Bootstrap, CSS3, HTML5 and enterprise inter process communication frame work using Spring REST Service
Software EngineerExperience in Current Role: 4+ YearsTotal Experience: 11+ Years
Srujith reddyEducation: N/A
• Architect and build security response and forensic automation platforms to enhance security incident response function
• Prepare application deployment plan using SQL script files, code component compilation script for UAT and production deployment
• Develop data access layer and Build management using spring DAO and Gruntjs
• Design and develop several software integrations by utilizing ASP.NET, jQuery and restful webservices
Software Security DeveloperExperience in Current Role: 3+ YearsTotal Experience: 9+ Years
• Design security solutions covering DLP, SIOC, IRP areas in the Software Development Life Cycle (SDLC)
• Design and develop front end GUI modules for automatic report generation application and maintain online GIS applications based on ArcGIS server
• Develop unit test suite for session modules within a GUI tuning tool
• Design, develop and Develop automated and reporting process for real time mapping and online applications
Ben KellerEducation: Bachelor of Science (BS) Software Engineering, Behrend College
Software DeveloperExperience in Current Role: 4+ YearsTotal Experience: 5+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Design major software components, systems and features for IBM security software products
• Architect and build security response and forensic automation platform
• Build security framework and security integration platform includes authentication, authorization, Crypto, Multi-Tenancy and Vulnerability Protection
George WilsonEducation: Bachelor of Science (B.S) Computer Science, Louisiana State University
Security DeveloperExperience in Current Role: 19+ YearsTotal Experience: 30+ Years
Core Responsibilities
4444
Austin, Texas Area: Top Employer Profiles for Security Compliance talent pool
~20
~10
~10
~10
~10
Top Employers & Headcount Job Titles Workloads
• Security Compliance• Compliance Specialist• Security Risk and Compliance• Security and Compliance Architect
• Security Compliance• Compliance Engineer• IT Security Compliance Specialist
• Governance Technical Analyst• Information Security Risk Specialist• Data Governance Compliance
• Compliance Engineer• IT Security Compliance Specialist
• Implement compliance audit including PCI, HIPPA, SOC AND ISO 27001• Monitor and analyze system activity to identify malicious activities using cyber defense
tools• Monitor open source feeds and reporting on the latest threats against computer
network defenses
• Develop and implement DHS IT security processes and policies with different security tools and communication protocols
• Act as a SME for security compliance and actively guide the broader risk and compliance team on all security related technical components
• Monitor external data sources like cyber defense vendor sites and ensure the adherence to standards
• Define, prepare and communicate on reports and metrics related to compliance and control activities
• Develop and document risk mitigation plans and recommendations to reduce information security risk
• Review enterprise agreements or contracts with organizational IT security requirements
• Continuously research and design new security technologies, architectures, and products to support/improve security and meet the compliance requirements
• Comply with standards such as ISO27001/2, PCI-DSS, HIPAA, FedRAMP, SSAE16, SOC 1, SOC 2, IEC62443
• Extract, transform and validate data for compliance management
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Compliance Analyst• Security and Compliance Architect
• Perform security and compliance assessments at all levels of the Infrastructure, Platform and Software by utilizing established security frameworks
• Interact with cybersecurity architects, engineers and product teams to continuously monitor security capabilities and to adhere with the required standards
4545
Core ResponsibilitiesCore Responsibilities
Austin, Texas Area: Security Compliance: Sample Talent Profiles (1/2)
Pam PowellEducation: N/A
• Develop systems and strategies to comply with security standards such as SOC, SOC2, ISO 27001/2, GDPR
• Prepare audits of compliance files to ensure accuracy of documentation
• Develop, implement, maintain and oversee enforcement of security policies
• Develop and implement appropriate processes to achieve and maintain compliance and reduce risk
Security compliance EngineerExperience in Current Role: 21+ YearsTotal Experience: 21+ Years
Greg VinsonEducation: N/A
• Diagnose the root cause of problems and propose solutions for failed patches, false positives on system test and authentication problems. Identify root cause issues impacting multiple audit frameworks and support compliance framework
• Develop and control audit third party vendors on IT security compliance such as external threats, network hardening and manufacturing quality checks
• Drive continuous service improvement and service excellence. Continuously get updated on cyber security technical risks and perform ad-hoc security architecture/app reviews to assess new risks
Compliance EngineerExperience in Current Role: 18+ YearsTotal Experience: 20+ Years
• Establishment and maintenance of GDPR, PCI and HIPAA compliance to establish efficient flow of security information and drive consistent application standards to networks, systems and software
• Monitor compliance activities to reduce cyber security risks and prepare security related documentation
• Deploy and monitor SIEM, AV, IDS, IPS and other security tools to reduce risk factors
• Analyze, design, develop and implement security assessments to ensure compliance with National Institute of Standards and Technology (NIST)
Richard HarmanEducation: MA, European Studies/Civilization, University of Surrey
Security Compliance SpecialistExperience in Current Role: 2+ YearsTotal Experience: 22+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Identify root cause and remediate issues in timely manner including policies, standards, procedure and guidance
• Deploy and manage complex enterprise software solutions in the areas of cloud brokerage, cloud management, data center transformation, Enterprise Hybrid Cloud Architectures and IT Governance
• Establish and maintain unified control and policy framework to support various security, compliance audit, regulatory and third party audit requirements
Frank BlackEducation: N/A
Security Strategy, Risk & ComplianceExperience in Current Role: 1+ YearTotal Experience: 12+ Years
Core Responsibilities
4646
Core ResponsibilitiesCore Responsibilities
Austin, Texas Area: Security Compliance: Sample Talent Profiles (1/2)
Matt BurrusEducation: Bachelor of Information Systems, Florida State University
• Identify and analyze potential threats and vulnerabilities to determine their impact on business objectives
• Implement and deploy Security Operations Center (SOC) and Security Information Event Management (SIEM), Vulnerability Scan Management and Firewall Risk Management tools
• Implement new tools and polices to configure and patch hardware systems and applications. Ensure that all cybersecurity related standards are met
Security - Governance, Risk, and ComplianceExperience in Current Role: 1+ YearTotal Experience: 3+ Years
Charles McCordEducation: N/A
• Comply with standards such as ISO27001/2, PCI-DSS, HIPAA, FedRAMP, SSAE16, SOC 1, SOC 2, IEC62443
• Establish strategic security & network architecture vision including standards and frameworks that are aligned with overall business strategy
• Continuously research and design new security technologies, architectures, and products to support/improve security and meet the compliance requirements
Security - Risk Management Compliance & AssuranceExperience in Current Role: 3+ YearsTotal Experience: 20+ Years
Chuck CarlsonEducation: B.S.C Computer Studies, University of Maryland University College
Compliance AnalystExperience in Current Role: 3+ YearsTotal Experience: 38+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Drive compliance with company identified security frameworks and practices (NIST & CSA)
• Track and monitor the completion of vulnerability, static and dynamic scans includes penetration test and ethical hacking
• Monitor security log collection, database activity monitoring, network access control, identity and access management, security controls and networking monitoring
Michael EmbryEducation: MBA, University of Pittsburgh
Data Governance officerExperience in Current Role: 4+ YearsTotal Experience: 37+ Years
Core Responsibilities
• Perform compliance assessments at all levels of the Infrastructure, Platform and Software by utilizing established security frameworks
• Develop process and procedures to improve incident response times, analysis of incidents, and overall S&C functions
• Implement and maintain Vulnerability Management, Network traffic and log analysis on critical infrastructure
4747
Vancouver, Canada Area
4848
Vancouver, Canada Area, Talent Landscape: Approximately 70% of the Security Compliance in Vancouver, Canada Area has more than 10 years of experience majorly handling the security compliance and audit for large MNCs in Software and Banking verticals
Note : DRAUP’s Talent Simulation Module was used to analyze the distribution of ideal talent by locations and skill sets
Vancouver, Canada Area
*Listed roles are a sample set and are not exhaustive
RolesMedian talent pool by experience levels (years)
0-5 6-10 10+ Total
Security Engineer 380 470 800 ~1,650
Security Software Developer
260 340 600 ~1,200
Security Compliance 10 20 70 ~100
Overall 650 830 1,470 ~2,950
0-5 years 6-10 years 10+ years
Talent Split By Experience
22%
28%
50%
Sample Roles
Sample Roles
Sample Roles
• Threat Information Security Analyst• Security Engineer• Cyber Security Engineer• Information Security Engineer• Information Security Analyst
• Software Engineer – Security• Software Developer - Security Engineering• Cyber Software Developer• Software Engineer• Cyber Security Software Engineer
• Security Compliance Audit Analyst• Information Security Risk & Compliance
Officer• Security and Compliance Engineer• Information Security Compliance Auditor• Cybersecurity Compliance Engineer
Security Engineer
~1,650
Security Software Developer
~1,200
Security Compliance
~100
4949
Location Hotspot: Downtown is the key employer hotspot in Vancouver, Canada Area which is home to many tech giants such as Microsoft, IBM and SAP in Vancouver
Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database
Vancouver, Canada AreaDowntown
Downtown is home to large MNCs especially in Software and Banking verticals having a talent presence in the analysed roles
Peer Employer Extended List
3M Accenture Inc Air Canada Adobe Systems Fidelity Canada
Graham GroupOpenText
Corporation
Shopify
Procter & Gamble Inc.
SaskTel
Schneider Electric
Pfizer
TD Bank Freddie Mac Salesforce
IBM
Fortinet
Telus
SophesSAP
Downtown
Boeing
PaypalAvigilon
PCL ConstructionHSBC Ford Motor Digital Extremes
Samsung Electronics
Hotspot Employer Locations
5050
50
70
105
55
75
110
40
55
75
Security Engineer Security Software Developer Security Compliance
Ave
rag
e Sa
lary
(0
00
’ USD
) p
er a
nn
um
Vancouver, Canada Area: Average talent cost for a Security Software Developer is greater than the average talent cost of a Security Engineer and Security Compliance Officer
Note : DRAUP’s Talent Simulation Module was used to analyze the talent cost by locations and skill sets
Entry Level(0-5 Years)
Mid Level(6-10 Years)
Senior Level(10+ Years)
Average Salary$65,000 USD
Average Salary$67,000 USD
Average Salary$48,000 USD
5151
Vancouver, Canada: Top Employer Profiles for Security Engineer talent pool
~150
~30
~20
~10
~10
Top Employers & Headcount Job Titles Workloads
• Security Engineer• Network Security Engineer• Information Systems Security Engineer
• Security Engineer• Cyber Security Engineer• Network Security Engineer• Information Security Analyst
• Security Engineer• Cyber Security Engineer• Information Security Engineer• Network Security Engineer
• Cyber Security Engineer• Security Engineer• Information Security Engineer
• Analyse and design robust solutions to address specific vulnerabilities of the information security environment
• Manage strategic cyber security infrastructure, platforms and critical applications, with automation of dynamic asset management and configuration activities
• Develop and implement IT security and risk management framework and policies
• Develop automation scripts to handle and track security incidents• Analyse information security incidents and risk assessments to ensure protection and corrective
measures• Administrate and maintain security vulnerability scanning, event logging services and devices
• Design and implement redundant structures of backup using Arcserve UDP and UTM Firewalls• Analyse data to perform incident response and deploy security services for platforms through
BC/DR policy• Develop system security/IA plans and controls in DIACAP, RMF, NIST 800-53 and NISCAP
• Create and maintain security enablement activities for global IBM Cloud and Application security• Design authentication rules, security escalation procedures, encryption routines and security
policies• Design security solutions with enterprise quality assurance and conduct web app security testing
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Cyber Security Engineer• Security Engineer• Information Security Engineer
• Develop, implement and test advanced software security techniques and review code to improve software security
• Analyse and optimize internal software and hardware vulnerabilities and threats• Identify and integrate security issues, cyber security incidents with threat intelligence platform
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
5252
Core ResponsibilitiesCore Responsibilities
Vancouver, Canada: Security Engineer: Sample Talent Profiles(1/2)
Palance Ng
Education: BA Computer Science, The University of British Columbia
• Analyse and detect network based security activities and threats with new exploits and vulnerability research
• Design and test IPS signatures to detect intrusive activities such as DoS attack
• Develop security based configuration standards and hardening guide for DNS, Apache, AD Domain controllers and windows servers, MSSQL, Cisco devices, Linux, MySQL and Vmware ESXi server
IPS Security AnalystExperience in Current Role: 7+ YearsTotal Experience: 10+ Years
• Create Information Security policies and procedures for Cloud, Wireless and Virtualized solutions
• Deploy security solutions for public social media channels using UTM, SFOS XG Firewalls, Enterprise/Central Endpoint and Web gateway
• Design and maintain firewall/proxy for proxying HTTP(S) connections and block connections based on the web content
Network Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 3+ Years
• Design complex IT Systems, Network infrastructure and Cyber security solutions including selection and acquisition of system software and hardware components
• Identify cyber-security risk to system, assets, data, capabilities and develop risk management strategy
• Develop and implement security policies, procedures and standards to deploy access control and data security activities
Harvinder Virk
Education: MCA, Punjab Technical University
Information Security EngineerExperience in Current Role: 7+ YearsTotal Experience: 17+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Deploy information security governance and develop medium scale information security based on business security requirements
• Design, establish and maintain security based access control workflow and matrices with cybersecurity and request authorizations
• Deploy, maintain, monitor and upgrade ELK stash security logging tier with Kafka, Logstash, Elasticsearch and Kibana clusters
Security EngineerExperience in Current Role: 8+ MonthsTotal Experience: 6+ Years
Core Responsibilities
Florentino Sanchez
Education: Diploma Computer Information Systems, The University of British Columbia
Mitch Kelsey
Education: BA International Security and Conflict, Political Science,Simon Fraser University
5353
Core ResponsibilitiesCore Responsibilities
Vancouver, Canada: Security Engineer: Sample Talent Profiles(2/2)
Pritpal Manak
Education: MS Computer Networks, The University of British Columbia
• Develop security standards, patterns to identify and track the remediation of software security vulnerabilities
• Analyse and review information on cyber threats and internal information security activities
• Design and implement Information Security Management System (including BCP) for SOX and DRP for Cloud solutions
• Information security administration with security risks, gap analysis and check compliance for security configuration baseline
Security EngineerExperience in Current Role: 2+ YearsTotal Experience: 7+ Years
Jefferson Aguilar
Education: Diploma in Telecommunication Engineering, Northern Alberta Institute of Technology
• Provide administrative and operational support for both physical security access control system and security enabled system
• Develop and enforce business related information security policies and evaluate security technology
• Design standards and solutions to manage device information, proactive monitoring of data and maintenance plans
• Develop requirements and design constraints for secure solutions and develop security documents with specifications and test plans
IT Security EngineerExperience in Current Role: 1+ YearsTotal Experience: 12+ Years
• Develop and deploy security solutions related to information security, compliance and risk management
• Design scripts and programs for penetration test automation of security activities
• Detect and assess cybersecurity threats and incidents across security based environment
• Implement and customize technical security controls in recognized hardening frameworks and design secure software development standards
Sorin Popa
Education: N/A
Cyber Security EngineerExperience in Current Role: 3+ YearsTotal Experience: 20+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Implement security based Checkpoint Firewalls and Websense BlueCoat Proxys for reliable security solutions
• Design and test security solutions using industrial standards and security technologies
• Deploy antivirus, intrusion detection related security tools and endpoint process recordings for solving security issues
• Design and implement cybersecurity technical solutions to perform cybersecurity operational activities
Paulo Brito
Education: BE Computer Engineering, Potiguar University
Security EngineerExperience in Current Role: 5+ MonthsTotal Experience: 11+ Years
Core Responsibilities
5454
Vancouver, Canada: Top Employer Profiles for Security Software Engineer talent pool
~60
~40
~30
~30
~30
Top Employers & Headcount Job Titles Workloads
• Security Software Engineer• Security Software Implementation Engineer• Application Security Engineer
• Security Software Architect• Software Application Developer
• Security Software Engineer• Security Software Architect• Embedded Security Software Engineer
• Security Software Architect• Software Engineer(Security)
• Create and support internal software solutions related to security incidents and threats• Integrate, configure and test software security solutions to manage network, system firewalls
and intrusion detection systems• Develop, document and implement information security procedures to enforce compliance with
information security standards and policies
• Develop, integrate, optimize, maintain and troubleshoot proprietary DNS server software with Security Extensions (DNSSEC) for Linux using C++ language
• Develop security application Forti Authenticator which provides RADIUS, LDAP and 802.1X wireless authentication, certificate management and Single Sign-on
• Develop security solutions for RESTful API web services using modern stack of technologies
• Design and build software tools for security infrastructure using Jenkins, Pipeline and Plugins• Develop and maintain advanced security automation frameworks• Design, implement and operate feature toggle management software for SAP Cloud security
systems
• Support security based activities such as detecting loopholes and intrusion preventive measures• Design and develop internal security, administrative tools and reports for gaming software• Design security architecture for online and cloud games
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Cyber Security Software Developer• Security Software Engineer
• Design and develop security applications, system to system interfaces and software solutions• Perform vendor-related activities for security and create documentation such as user guides and
software development guides• Develop testing frameworks and source control systems for authentication and identification of
security vulnerabilities
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
5555
Vancouver, Canada: Security Software Engineer: Sample Talent Profiles(1/2)
Core Responsibilities
• Design and develop security features such as IPsec, IP source filtering, IPSG, Mac filtering, Egress filtering and RA Guard for software modules
• Design, deploy and support security solutions for information technology architecture and hardware/software application
• Monitor security threats, event analysis, attacks and incident response for Windows logs and servers
Security Software EngineerExperience in Current Role: 2+ YearsTotal Experience: 12+ Years
Core Responsibilities
• Design and implement authentication and security solutions for web based portal and develop API for communication using UDP
• Design, implement and validate security features for quality enhancement of components in analytical and cloud software
• Design software related components for encompassing kernel drivers, virtualization and emulation technologies, behaviour detection, pattern matching, network protocol parsers and intrusion prevention
Security Software EngineerExperience in Current Role: 1+ YearsTotal Experience: 22+ Years
Core Responsibilities
• Develop and implement the security policies and procedures such as authentication rules, security breach escalation procedures for XSUnit frameworks and APIs
• Build frameworks and tools which provides solution for security issues related to logging and monitoring activities
• Design scalable security services-oriented applications in microservice environment
• Perform penetration and vulnerability tests on internal processes and systems
Software Engineer- SecurityExperience in Current Role: 9+ MonthsTotal Experience: 4+ Years
Core Responsibilities
• Design and implement automated testing and security services to monitor mechanism for Fortinet business applications
• Perform public facing servers and internal data warehouse security audit by using ISACA audit control
• Deploy continuous API integration with multiple external entities to ensure high system availability and security services
Security Software ArchitectExperience in Current Role: 2+ YearsTotal Experience: 23+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Stone Liu
Education: Bachelor of Aerospace Engineering, Beijing Institute of Technology
Wesley Wineberg
Education: BTech Computer Systems, British Columbia Institute of Technology
Felipe Cerqueira dos Santos
Education: Information Technology and Systems, Infnet Institute
Christopher Le
Education: BE Computer Science Engineering, Simon Fraser University
5656
Vancouver, Canada: Security Software Engineer: Sample Talent Profiles(2/2)
Core Responsibilities
• Design, deploy, prototype and integrate security features into SAP services related to RASP SQL injection detection & big data anonymization
• Develop and maintain relevant risk metrics to monitor and report information security risks through security governance activities
• Design and deploy security specific configuration for AUTOSAR, GUAM based platforms and other software components
Software Engineer- SecurityExperience in Current Role: 10+ MonthsTotal Experience: 3+ Years
Core Responsibilities
• Design and deploy weblogic based application with performance and vulnerability analysis
• Implement security solutions such as Host Intrusion Prevention, SIEM, Checkpoint firewalls, Onsite Aggregators and Vulnerability scanners
• Analyse events, flows and advanced analysis of potential security incidents for integration and automation of applications
Security Software DeveloperExperience in Current Role: 8+ YearsTotal Experience: 19+ Years
Core Responsibilities
• Develop and implement security policies and procedures for gaming applications and APIs using security auditing procedures, firewalls and encryption routines
• Support online SE software for authentication and authorization with EA services
• Deploy security services on FUT for both client and server applications
Security Software EngineerExperience in Current Role: 3+ YearsTotal Experience: 17+ Years
Core Responsibilities
• Design and deploy rapid incident resolution and consistent security operations for software activities
• Design and code D3 Python library and playbook to solve SOC and IR related issues by automating tasks, orchestrating machine processes and incident documents
• Design web application with streamlining workflows including authorization and control access routines
Software Developer- SecurityExperience in Current Role: 2+ YearsTotal Experience: 12+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Kevin LEducation: ME Computer Software and Theory,Yanshan University
Paul Vu
Education: Bachelor of Applied Science and Computer Engineering, Simon Fraser University
Chris C
Education: BSc Computer Engineering, University of Alberta
Yaroslav Pelekh
Education: NA
5757
Vancouver, Canada: Top Employer Profiles for Security Compliance talent pool
~25
~25
~20
~15
~10
Top Employers & Headcount Job Titles Workloads
• Security Compliance Engineer• Compliance Engineer
• Infrastructure Security & Compliance Engineer• Compliance Engineer
• Security Compliance Analyst• Compliance Specialist
• Governance, Risk and Compliance Engineer• IT Security Compliance Specialist
• Develop automated process for incident response alerting and attack detection• Resolve issues in applying compliance and security controls including remediation
deficiencies, flaws and vulnerabilities• Configure and monitor Host Based Security System (HBSS), ePO servers, rogue sensors,
firewalls and Intrusion Prevention/Detection Systems
• Maintain corporate information security policy, platform standards including periodic assessments of changes to domestic and international regulatory guidance
• Assess and monitor compliance with regulatory requirements related to cyber security• Create and manage incident response plans and actively conduct vulnerability assessments
• Maintain security controls for compliance standards such as SOC 2 and ISO 27001• Support cybersecurity privacy analysis throughout the security assessment and compliance
lifecycle process• Develop a framework for vulnerability assessments, review findings and manage
remediation activities
• Improve and maintain security controls and policies for designing new controls with security compliance and certifications
• Design and implement security baselines, automated compliance checks and desired state configuration
• Design, configure and troubleshoot security platforms and tools for IT security infrastructure
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Security and Compliance Engineer• Compliance Analyst
• Design compliance strategy with business requirements, objectives and metrics • Support security control assessment systems using ICD 503, CNSSI 1253, NIST 800-53, NIST
Cyber Security Framework• Implement Critical Infrastructure Protection (CIP) compliance with cyber system security
policies and practices
Note : The analysis doesn’t include Service Provider companies, Government entities and Defence Organization
5858
Core ResponsibilitiesCore Responsibilities
Vancouver, Canada: Security Compliance : Sample Talent Profiles(1/2)
Eva Kuiper
Education: MS Computer Science, University of California
• Develop and maintain security controls for different compliance standards such as SOC 2 and ISO 27001
• Design and develop procedures for handling security breaches, manage internal communication of security incidents, compliance and governance
• Support security risk, control and compliance operations for desired architecture and solution
Security and Compliance ConsultantExperience in Current Role: 1+ YearTotal Experience: 23+ Years
• Responsible for ISO: 27001 certification and documentation along with compliance of IT act
• Deploy security solutions for public social media channels using UTM, SFOS XG Firewalls, Enterprise/Central Endpoint and Web gateway
• Design and maintain firewall/proxy for proxying HTTPs connections and block connections based on the web content
Security and Compliance SpecialistExperience in Current Role: 2+ YearsTotal Experience: 12+ Years
• Support and maintain vulnerability management infrastructure, problem solving and investigate root cause of the issues
• Define and maintain the dashboard for IT infrastructures security vulnerabilities and security compliance
• Develop and implement IT security related policies, standards and procedures relating to cyber-security controls, applications, networks and operating system
Paolo CarEducation: BA, University of Victoria
Security and Compliance EngineerExperience in Current Role: 2+ YearsTotal Experience: 20+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Monitor Cyber security resilience framework with its standards such as PCI-DSS, ISO 27001 and GDPR
• Manage and support network device management configuration, periodic review of firewall rules and access control lists
• Develop information security risk and compliance management strategies with business goals and protect the confidentiality, integrity and availability of information assets
Karen Villanueva
Education: N/A
Security and Compliance AnalystExperience in Current Role: 19+ YearsTotal Experience: 22+ Years
Core Responsibilities
Vira Krykus
Education: N/A
5959
Core Responsibilities
Vancouver, Canada: Security Compliance : Sample Talent Profiles(2/2)
Andrew BaxterEducation: BA Computer Science, Acadia University
Security Compliance EngineerExperience in Current Role: 1+ YearTotal Experience: 19+ Years
• Develop and update system security plans, system security inventories and cyber security queries
• Manage security intake process engagement for various risk assessments including security architecture review, vulnerability assessment, vendor assessment and legal document review
• Implement and integrate global service delivery process and control framework for cyber security compliance
Fabrice Renaud
Education: N/A
Security and Compliance EngineerExperience in Current Role: 1+ YearTotal Experience: 19+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Administer annual security awareness, secures application development and auditing of Internal controls through the testing, tracking and reporting of internal controls
• Implement and execute comprehensive risk tracking GRC process and assessment process
• Develop and track performance metrics, cyber security policies and periodic audit on ISO 27001
Amanda Alblas-Stepanov
Education: BA History, University of British Columbia
Security and Compliance AnalystExperience in Current Role: 1+ MonthTotal Experience: 7+ Years
Core Responsibilities
Eva Kuiper
Education: N/A
• Support PCI compliance activities such as vulnerability analysis, penetration testing, patch management and risk analysis
• Install and monitor internal firewalls, intrusion detection system and centralized anti virus solution
• Build, test, patch and reconfigure security systems, security audit and cloud security
• Develop new governance and technical procedures for Network Security, Application Security and Endpoint Security
Core Responsibilities
Gabriel Kojima
Education: N/A
• Responsible for Governance Risk and Compliance for Telus external clients
• Perform technical and Security Compliance Assessments
• Create and recommend remediation for components of assessments such as security policies, procedures and standards
• Responsible for governance, risk management, incident response, security analysis and vulnerability management including security methodologies, standards, and practices such as NIST, ISO 27001, NERC, and PCI
Information Security –Compliance AnalystExperience in Current Role: 3+ YearsTotal Experience: 13+ Years
Source : DRAUP
60
60