Security Engineer

Defend systems before attackers find the cracks.

Very High Demand$100k – $240k USD (levels.fyi, 2026)

Overview

Security engineers protect applications, infrastructure, and data from threats. You perform threat modeling, implement security controls, conduct penetration testing, and build secure-by-default tooling. Every company with users needs you.

“You start by reviewing yesterday's vulnerability scan results and triaging new findings. Mid-morning, you conduct a threat model review for a new feature. After lunch, you write a security automation tool, review PRs for auth bypass risks, and update the team's security runbook based on a recent incident.”

Skills by level

Junior

networking-basics
linux-fundamentals
http-protocol
authentication-basics
encryption-basics
git-basics
web-security
shell-scripting
debugging
SQL Queries

10 required

Mid-Level

networking-basics
linux-fundamentals
http-protocol
authentication-basics
encryption-basics
git-basics
web-security
shell-scripting
debugging
SQL Queries
python-basics
owasp-top-ten
threat-modeling
penetration-testing
security-fundamentals
cloud-security

16 required

Senior

networking-basics
linux-fundamentals
http-protocol
authentication-basics
encryption-basics
git-basics
web-security
shell-scripting
debugging
SQL Queries
python-basics
owasp-top-ten
threat-modeling
penetration-testing
security-fundamentals
cloud-security
incident-response
compliance-frameworks
secrets-management
security-architecture
code-review
mentoring
forensics-basics

23 required

Portfolio projects

When you complete this track, you'll have built:

Authentication System

Secure Auth Flows

RBAC Authorization System

Roles + Permissions

Secrets Manager

Encryption + Key Rotation

OAuth 2.0 Provider

PKCE + Token Management

Rate Limiter Service

DDoS Mitigation

API Gateway

Auth + Rate Limiting

Standards

OWASP Top 10

OWASP Foundation

The industry-standard list of the most critical web application security risks.

NIST Cybersecurity Framework 2.0

NIST

Comprehensive framework for managing cybersecurity risk across organizations.

SOC 2 Type II

AICPA

Trust service criteria for security, availability, and confidentiality of customer data.

ISO 27001

ISO / IEC

International standard for information security management systems.

Certifications

CompTIA Security+

CompTIA

Entry

Certified Ethical Hacker (CEH)

EC-Council

Professional

OSCP (Offensive Security Certified Professional)

Offensive Security

Expert

Where this leads

Roles you can grow into from here.

Solutions Architect

Design systems that outlast the team that builds them.

Engineering Manager

Multiply the impact of your team.