Security engineer

What part of the country are you in?

Security Engineer is really broad. What specifically are you looking to do? Incident Response, Infrastructure Security, Threat Detection?

Interview at companies that you don’t care for, for roles you like. You’ll quickly learn where your weaknesses and strengths are. This will help you focus your studies. Go to conferences, create your own tools. If you’re still learning, look into doing the OSCP.

OSCP. That’s more for offensive security. Pentesting, and red teaming.

I work in security and I’ll say when I see someone with a “security” degree that’s not PhD (note different than comp sci w/ security focus) it default turns me off, but I try not to let it affect any decisions by itself. Get recognized somehow to prove you have expertise in an area that you want to work in. If you still find it hard to get interviews, network at your local bsides to get referrals.

Recognition = create or contribute to relevant tools/projects. Your github profile will speak volumes on your behalf. Certs are garbage.

Certs certainly aren’t garbage but they don’t necessarily mean you have the required skills. They do show you take the initiative to learn about something though and sometimes that’s more important than the cert itself. GitHub and commits are more so if you want to go into development, IMO, or if you are motivated to contribute to open source projects, which is also important. If you’re interested in Entry/Mid level roles for Incident Response please PM me. My current company is hiring at multiple levels, however it is based in MN

It’s very hard to get security engineer positions right off the bat unless you’re a rock star and contributed to some open source project or spoke at some conference and discovered some 0 day. I would suggest you find a SWE position where you write security tools. I get so many recruiters trying to recruit me for that. It’s not a pure security engineer position but will get security on your resume and will get you a high TC at FAANG because it’s a SWE position. From there you will get respect enough to try to transfer to a security engineer position you want except maybe not intense offensive security positions. If you can’t code for shit (or hate it like me) then you must take a pay cut and start as a security analyst of some sort at a no name or consulting company. FAANG (and other tier 1-2 companies) don’t usually hire security analysts because they want engineers and if you want engineer in your title you must know how to code. For analyst positions, easiest is go into incident response or forensics/logging. You will work with many ex military people and the job will involve a lot of policy and compliance, a Hell hole you want to get out of to reach FAANG but need to suck it up for a few years to get some industry security experience (in lieu of being some rock star leet hacker). Policy and compliance is a Hell hole because even though it’s security related, the jobs in that area are not very technical and you deal with a lot of project management crap, paperwork, and government policies. This is not what security engineers do so get your exp and get out ASAP. Before the interview, read some books and be familiar with infosec concepts and impress someone at an interview and you can get your foot in the door to get a tech interview. Add some tools to your resume like netcat, wireshark, nmap, burp suite. Go play some CTFs so you can say you have experience using these tools. Book knowledge or school knowledge is not good enough and interviewers will not be impressed. You don’t need github or blog or whatever but having those things doesn’t hurt. At minimum to get a security engineer position, you must know how to script (python, Perl, shell script). That’s the difference between security engineer and security analyst. The pay difference is not trivial either which is why I suggest go the security SWE route.