Security Engineering & Operations Topics
Operational security practices, secure systems implementation, threat modeling, penetration testing, vulnerability assessment, and security operations at production scale. Covers network security, endpoint security, secure architecture implementation, incident response mechanics, and security automation. Distinct from Security & Compliance (which addresses governance, compliance frameworks, and policy) and from Security Research & Innovation (which addresses novel techniques and research contributions).
Threat Modeling and Secure System Design
Applying threat modeling and structured problem solving to secure system design. Candidates should be able to decompose complex security challenges by identifying business context, critical assets, threat actors, attack surfaces, and compliance requirements. Topics include threat modeling methodologies, attacker capability and motivation analysis, risk assessment and prioritization, selection of mitigations and compensating controls, and evaluation of trade offs among security, usability, cost, and performance. Candidates should also be able to produce implementation and monitoring plans that address scalability and maintainability and to clearly explain and justify design choices and residual risk to stakeholders.
Incident Response Forensics and Crisis Management
Covers the full spectrum of preparing for, detecting, investigating, containing, and recovering from security and operational incidents, plus managing their business and regulatory impact. Candidates should understand the incident response lifecycle including detection and monitoring, triage and prioritization, containment, eradication, recovery, and post incident review. This includes forensic evidence preservation and analysis practices such as secure collection of logs and artifacts, tamper proofing, chain of custody, immutable storage, timeline building, memory and disk examination fundamentals, and legal and regulatory considerations for evidence. It also covers designing infrastructure and tooling to enable rapid response at scale: logging and telemetry architecture, data retention policies, secure evidence storage, automated collection and alerting, integration with runbooks and response workflows, and readiness of teams and playbooks. Finally, it addresses crisis and stakeholder management skills: incident command and coordination across engineering, security, product, legal, customer support and executive stakeholders, internal and external communications and status updates, customer and regulator notification procedures, postmortem and lessons learned processes, tabletop exercises and drills, and leadership and decision making under pressure.
Security Considerations
Security practices and threat aware design principles for systems and applications. Topics include input validation and protection against injection vulnerabilities, authentication and authorization models, secrets and key management, encryption in transit and at rest, least privilege and role based access design, threat modeling and attack surface reduction, dependency and supply chain risks, and operational processes for vulnerability management and incident handling.
Network Device Firewalls and Security Appliances
Basic understanding of firewalls (stateful vs stateless), how firewalls protect networks, firewall policies and rule creation, common firewall technologies (packet-filtering, stateful inspection). Understanding where firewalls fit in network architecture.
Infrastructure Security and Access Control
Design and implementation of security controls within infrastructure and access management. Topics include network segmentation and isolation, security groups and network access control lists, identity and access management policies and least privilege principles, encryption at rest and in transit, secrets management and key management practices, audit logging and monitoring, secure remote access patterns such as bastion hosts and virtual private networks, session recording and privileged access governance, threat modeling for infrastructure components, and trade offs for compliance and operational complexity.
Infrastructure Security and Compliance
Designing, implementing, and operating security and compliance controls for infrastructure and delivery pipelines at scale. Topics include identity and access management, authentication and authorization patterns, role based access control and least privilege, secrets management and rotation, encryption for data at rest and in transit, network segmentation and microsegmentation, zero trust architecture, audit logging and retention, vulnerability scanning and patch and remediation workflows, endpoint protection, threat detection and monitoring, threat modeling and risk assessment, incident detection and response planning and runbooks, software supply chain security including artifact signing and dependency scanning and provenance, policy as code and automated security gates in continuous integration and continuous delivery pipelines, automated testing and validation of controls, and the trade offs between security controls and developer velocity. Also covers embedding and operationalizing compliance requirements from common regulatory frameworks and standards such as the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, Service Organization Controls two, the Payment Card Industry Data Security Standard, and International Organization for Standardization two seven zero zero one, and how those requirements influence architecture, controls, automation, monitoring, and auditability as systems scale globally.
Data Protection and Encryption
Design and practical application of controls to protect sensitive data with a primary focus on encryption and key management across cloud and on premises environments. Core areas include encryption at rest, encryption in transit, and encryption in use; selection and trade offs between symmetric and asymmetric algorithms and relevant protocols; standards based and application level techniques such as field level encryption and end to end encryption; client side and server side encryption patterns; envelope encryption and hardware backed key storage. Includes design and operational practices for key lifecycle management including secure key generation, secure storage, rotation, revocation, backup and recovery, high availability and disaster recovery, multi region and multi account deployments, and integration with hardware security modules and managed key vaults. Covers complementary techniques such as tokenization, format preserving encryption, and data masking, as well as identification and classification of sensitive data and sensitive data flows and consistent enforcement across databases, object storage, caches and message queues. Also includes transport layer protection and secrets management, performance and scalability trade offs of encryption and key rotation, audit logging and monitoring of encryption controls, incident response and breach handling for encrypted data, access controls and separation of duties around key access, and regulatory and compliance considerations including data residency and standards relevant to payment and personal data protection.
DevSecOps and Secure SDLC
Covers integrating security into the software development lifecycle and operational pipelines. Topics include securing continuous integration and continuous delivery pipelines, automated security testing such as static application security testing, dynamic application security testing, and software composition analysis, dependency and container image scanning, secrets management in pipelines, vulnerability management, security gates and shift left security practices. Also includes infrastructure as code security, runtime and deployment security, compliance automation, interpreting and tuning security tool output to reduce false positives, and designing secure development architecture that enables rapid delivery while maintaining required security controls.
Network Security Architecture
Fundamentals and design of network security including the Transmission Control Protocol and Internet Protocol stack, Domain Name System, Hypertext Transfer Protocol and Hypertext Transfer Protocol Secure, and common network protocols and services that impact security. Covers core network security controls such as firewalls, intrusion detection system and intrusion prevention system, network segmentation, virtual local area network design, access control lists, network access control and micro segmentation, secure tunneling and Virtual Private Networks, and secure protocol configuration such as Transport Layer Security and Internet Protocol Security. Includes threat models for network based attacks including man in the middle attacks, Domain Name System poisoning, reconnaissance, lateral movement across network boundaries, and distributed denial of service, along with detection, monitoring, logging, and incident response practices. Also covers architecture level patterns such as segmentation and zero trust networking, secure deployment of network appliances, and trade offs between performance and security.