A security software developer is a new breed of technologist that writes computer programs with an eye toward safeguarding computer systems and data/information. A security software developer is a person that can work well within a team and someone who has excellent written and verbal communication skills. At the same time, they understand how to create and deploy security-oriented computer programs.
A simple way to think about security software development is that the job requires taking the technical knowledge of writing software and combines it with security threat analysis and product development. An eye for detail and a knowledge of the current threat landscape is a must.
Steps to progressing in this career
Strong technology background
This career requires a background in both cybersecurity and computer programming.
Usually, this training starts with college courses or related work experience in software development or software engineering.
A background in dealing with security threats is also an important part of the career development for this kind of position. On-the-ground experience wrangling cybersecurity threats becomes really valuable when trying to conceptualize potential product development problems and solutions.
The best way to acquire experience and background in the field is to get jobs or internships working with actual security threats via corporate cybersecurity departments, consultants, or within a security operations center.
Working with teams
Another important facet of security software development work is the ability to work on teams. During the course of developing technical chops and experience with security threat detection and elimination, it’s also important to develop skills that will help with communication and collaboration.
Additionally, building a professional network and establishing a reputation as a team player will help to create career opportunities in the future.
What is a security software developer?
Software developers need to be creative and goal-oriented with a strong desire to make the best possible product in the face of many obstacles and conflicting requirements. Security software developers need to take this one step further and make sure that the finished software product is also safe and secure from outside threats.
This takes a creative person that conceptualize threats today and threats that might surface in the near future.
Security software developers also often operate under deadline pressure. They are trying to make sure that all the goals and elements of the project are met. Then they have to make it work as designed.
One of the biggest challenges for security software developers is that the job requires balancing product speed and functionality with security. In other words, adding security controls might affect the product’s user experience, so tradeoffs are made by the product development and engineering teams. It’s a big challenge.
Security software developer skills and experience
- A bachelor’s degree in computer science or a related field such as computer engineering, computer networking, or electrical engineering or mathematics.
- Software engineering or development. Prior experience with coding and development is often required.
- Experience in the cybersecurity field. Either as a cybersecurity engineer or cybersecurity consultant, network security engineer are all good fields to work in.
- Certifications and training. There are numerous certifications and training offered via security or software vendors: Cisco CCIE, or CISSP, or Microsoft AZURE Security Associate. There are many more. Gaining these certifications alone can lead to increases in your salary.
- Testing and auditing experience. Another valuable skill for security software developers is experience testing and auditing software (such as experience as a penetration tester) for vulnerabilities.
What do security software developers do?
In 2015, for an experiment for Wired magazine, two computer hackers attacked a Jeep Cherokee while it was running down the highway. The attackers were able to turn on the air conditioner, then the windshield wipers, and eventually they were able to shut down the engine, making the Jeep stop. The interesting thing? The attack was carried out while they were miles away from the vehicle — showing the power and the potential of a targeted cyber attack.
The reason for running this experiment is to show the vulnerability of internet-connected devices or internet-of-things (IoT) devices — even if it’s something as large and sophisticated as a Jeep Cherokee.
Understanding and neutralizing the threats to connected devices is just one example of a prime opportunity for a security software developer.
When the manufacturer developed these computer interfaces just like many of the IoT devices coming onto the market they were developed without much attention to security. The goal was maximum functionality, time to market, and cost. Security was an afterthought.
As a security software developer, there is an increasing number of opportunities coming to market in the coming years that will require making software-based products and services more secure. Security developers need to anticipate these types of threats before a product comes to market and implement design elements to ensure safety and security. And then to test them for efficacy and efficiency.
Security software developer job description
Security software development often requires working directly with a software development team to provide specifications, testing, and design of software components to make them as secure as possible. Communication with a team of developers, designers, and engineers to ensure possible threats are anticipated and properly mitigated is an important part of the job.
Software developers are often required to come up with new engineering designs and are sometimes tasked with building entire security software products from the ground up.
A key part of the development process is testing and implementing advanced systems and security techniques to ensure the efficacy of the product design. These systems will require intimate knowledge of software design and coding and it requires working with architectures that are hardened to ensure against possible future attacks.
This role requires you to be creative and have an active mind to think of every possible contingency. And at the same time to make it fully integrated into your referenced architecture. These kinds of software positions sometimes work on analyzing defenses and countermeasures. As part of that, sometimes security software developers work in red team type scenarios to test products for the proper defenses. These types of adversarial situations can be very exciting.
Security-focused developers will need to have knowledge of attack vectors and possible attack surfaces, and then they need to be able to identify if these attack vectors will be a possible exploit by using testing and red team tactics to flush out these vulnerabilities.
Outlook for a security software developer
This is an exciting field and the potential for growth is very good. The prediction for the cost of cybersecurity attacks in the US is expected to be up to $5 trillion by 2020. At the same time, the growth and expansion of IoT products is immense.
There are currently 300,000 unfilled cybersecurity jobs in the USA. This is expected to balloon to a shortage of 3.5 million jobs by 2021.
The outlook for growth is huge. But the requirements for the correct skills are also demanding.
How much do security software developers make?
For those willing to develop the skills and keep up with the constant change in the industry the compensation is very good. On average, salaries range between $73k and $110,00. Also, these positions often have significant bonuses and possible other compensation items such as benefits, commission, and profit-sharing. There could also be additional compensation with companies that are in the startup phase with equity participation.
Looking for more information about careers in cybersecurity? LEARN MORE.