Software Security Engineering
Currently I work with infrastructure but I'm really looking to move into Software Security Engineering. Information seems to be fairly sparse on specifics or just all over the place. Job ads aren't much help as they typically read like a normal SDE with a couple keywords like cryptography and such sprinkled in. What are some of the technical skills required and what is the typical path to such a role?
Add a comment
I have been in AppSec for 5+ years. Technical skills include knowledge of security principles (e.g. least privilege), security vulnerabilities and how to fix them (e.g. OWASP top 10), applied cryptography (e.g. TLS, encryption), infrastructure/platform security (e.g. AWS, server) plus other stuff. These are just basics. Specific skills you need may depend on the type of software/systems you are supporting e.g. embedded systems vs. IoT vs. web applications.
How are you liking working in that space?
Lots of challenges. Some new some old. With everyone and their mother getting into coding these days insecure software is here to stay :)