What does your workday look like? There is a lot of info of SWE but I'm still confused as to what a security engineer even does. Here is what i am curious about: What does your workday look like from the start to the end of your shift? What is the WLB like? What is the TC like? Do you prefer security engineering over SWE, if so why? Any input is appreciated.
Conpared to SWE: TC is similar, WLB is similar. In my team the best part is the ability to have larger impact, a more free selection of projects, and a wider domain to grow into. I've done multiple SWE roles and SE roles. Day to day work varies from team to team, for me it's focused around security asessments, or projects with other security teams.
Would engineers who write code to mitigate attacks be considered SE or SDE? My graduate research delved into Intel SGX, KPTI (and various meltdown/spectre mitigations), CFI, etc. What kind of role would involve helping build features that make use of these at scale?
If you’re in AppSec, you’d be reviewing system design, performing threat modeling, vulnerability testing, etc. If you’re in SecOps, you’d be working on vulnerability management, incident detection & response, forensic analysis, etc. If you’re in Compliance, you’d be working on policies, risk management, compliance tasks, etc. As you grow in your career, you can target management roles in these areas or become a Principal / Architect
sleep all day, party all night
Security is a huge spectrum and it’s going to be very different based on person, role and company. An example of what I did when I worked in that space was to find every new vulnerability that came out each day and reverse engineer the software to the point I could detect it’s vulnerable without actually exploiting it. It was actually really fun work as long as I wasn’t dealing with any Microsoft protocols. I did that because my company made an automated vulnerability scanner. Other security engineers run that scanner to detect their companies current risk and identify what needs to be secured. Yet others actually make the company policies of what risk the company is willing to take. There’s plenty of other roles within the field as well so it’s a very ambiguous question that you’re asking.
Honestly you're right. Is there any resources that you recommend where I can learn more about the different roles? What you did sounds interesting, what kind of background would I need for that?