Soc Implementation Engineer – Job Review
This review covers a range of Security Operation Centre Implementation Engineer roles.
From a specialist engineer covering one or more security solutions being provided in the SOC. For example this could be a SIEM or DDoS Implementation Engineer. Or maybe a more generalist IT systems implementation engineer who has predominantly worked in a Managed Security environment.
And it is very likely this latter role type is more of the entry level that will then allow the person to develop new specialist skills and so further develop their career potential.
Cyber Security is a subject high on the agenda of any company wanting to remain in business. Businesses are increasingly aware of the threat Cyber Security poses to their success. As a result more and more managed security solutions are being deployed, either directly or via a third party supplier.
The consequence of this is that there is an increasing demand for good IT engineers with specialist knowledge of Cyber Security solutions.
As such these people really do know their worth; there is a strong tendency for the specialist engineer to work on a freelance (Contract) basis as this provides the maximum earning potential with very little risk.
Given that Cyber Security is a massively growing Job Market, there is currently an estimated 350k Cyber Jobs open in the USA with a predicted shortfall of over 3 Million Jobs by 2021, then you can be certain that these people are in demand, at all levels and as with the SOC Analyst, there will be a shortfall.
Entry Level Implementation Engineer
Entry into this type of role can come from:
- Direct from University, there are many graduate entry programmes that will take people with a strong Bachelors or Masters degree in an IT or computer related subject with a view to seeding their organisation. Typically a person will be given a programme to follow and then directed to the area they show greatest potential. As a result they may well get time in the SOC environment working both in the engineering side and the analytics side.
- Alternatively the SOC engineer may have been an IT systems engineer previously with skills developed in Managing, Monitoring, Installing and Maintaining IT Systems Infrastructure and would have developed skills in areas such as Virtualisation, Cloud Solutions, Programming and scripting languages and operating systems. With these skills already established, then this person is ideal to work alongside the more experience Cyber Security Specialist Engineers where they can learn the specific security systems.
- They may have come into the SOC environment as an Analyst so have developed already the knowledge of the Cyber Security systems but may want to develop their career more as an engineer. Provided they have good experience form their degree then making the switch will be possible.
Established Implementation Engineer
As a person gains experience as a SOC Implementation Engineer they will gain Cyber Security related certification and specialist knowledge. Usually this knowledge will be Vendor specific across the broad range of systems deployed in the Security Operations Centre. They will be generalist in terms of Security Systems, but specialist in Cyber Security Implementation, Configuration, Maintenance and support. Still using the broad range of IT related skills, ie Virtualisation, Operating Systems, Network knowledge etc.
The Certification they will need will relate to products they have worked with. Products such as Arcsight, Splunk, LogRhythm or other SIEM systems OR DDoS protection systems such as Arbor Networks or Cloudflare. Other systems can include Networks or Web Access Firewalls (Checkpoint, Fortinet, etc.). As well as Vendor certification they will also work toward specific Security related certification like CISM, CISSP, GIAC or similar.
Their IT skills will have developed by now and they will have strong IT related skills. These will cover a full range of IT Infrastructure, both cloud and on premises. By this point they will have achieved a range of certification in these as well.
By now they will be working on their own, or perhaps as a team leader. They will mentor new entry and junior level personnel and are able to implement and configure a broad range of systems. They will also be able to offer full 3rd line support for these systems.
As they develop they may well become systems experts, deep specialists in one or two specific systems within the SOC. Eg. the SIEM, they will provide a full level expertise of the system being the go to Subject Matter Expert. They may possibly be involved in sales (if they are working for a service provider). They will be able to provide full 3rd and 4 level support for these systems.
Very often, as a person’s skills and experience develop, they may well opt out of full time permanent employment preferring to offer their services on a freelance basis, this is increasingly becoming the case and it is probably true to say that over 60% of qualified Security Implementation Engineers are now working on this basis.
What they can attract – Salaried
An IT Implementation Engineer with 2/3 years of experience can probably attract a salary of between £35k to £45k base. As with the SOC Analyst, salary is dependent upon a number of factors and Geography is an important consideration. Plus there will be add-ons such as; Call Out, Overtime, On shift or on call allowance etc.. If they are expected to travel to client sites they may well also receive a Car or Car Allowance.
Entry Level of course is lower than this and maybe will start at base of £18 to £25k, (Grad Entry). Or £22k to £30k if they are moving into the SOC from other area. This would usually indicate 6 to 18 months previous IT related experience.
As a person becomes more experienced and skilled and gains certification then as with any role this will increase. But there is also the Cyber Security factor to build into this. The increasing and very high levels of demand for skilled Cyber Security professionals adds at least 15% to their salary.
So a Skilled Implementation Engineer with over 5 years’ experience can easily attract a base salary of > £60k. This may easily progress to £75k or £80k, and I have seen salaries up to £90 or even £100k base. At this level the role tends to be more of a leadership position rather than Individual Contributor.
In addition they may well also attract a good bonus (up to 20% of their base, plus Car Allowance if travel is required).
What they can attract – Contract Rate
But by this time they will more likely be looking at contract day rates.
An Implementation Engineer with 3 to 5 years’ experience of can easily look at a day rate of £350 to £450. (Plus there will be management fees to add to this with margins up to 20%).
For an Engineer with over 5 Years’ experience the day rates start at circa £500 a day. Many skilled engineers I know demand rates > £600 a day. (Plus expenses if this requires them to work away from home).
If they move from here to consultancy then Day rates can step up to > £1000
A good Cyber Security Implementation Engineer, may well chose to build his value by gaining a broad range of vendor experience and therefore be able to attract Higher rates.
This however tends to lead her or him on to becoming more of a Cyber Security Consultant. In this role she or he will provide more of an advisory services to her or his clients.
The role now tends to look more like a Solutions Consultant or Architect. They will have added value that they can not only provide consultancy, they can also design and implement the solutions. They will also be experienced enough to build the team they will need to do this.
Another possibility is to move into Management and become a Security Director progressing toward CISO. The experience they now have would be invaluable for any company that needs help to set up their Security structure.
From a more junior level then they may prefer to move into Sales or Technical Sales. From this they can progress toward becoming a Security Solutions Architecture.
‘Helping our clients attract the Top Performing Cyber Security Talent they need for their business.’
This is the second in the series of Job Reviews for SOC roles, the first was:
Discover why The Candidate Qualification & Selection Process. Will deliver the candidates you need, every time.