Cybersecurity engineer

Cybersecurity engineer resume tips

August 22, 2019 by Frank Siemons

The role of cybersecurity engineer

The role of the cybersecurity engineer has been around for decades. During that time, it has evolved dramatically. 

First, responsibilities mostly existed within the Layer 3 (firewall) and the signature-based antivirus product space. With the emergence of more advanced threats, intrusion detection and prevention systems, proxy servers, next-generation firewalls and web application firewalls were introduced. As the requirements changed, the security engineers followed the trend. 

Now there is a dramatic shift of IT systems to cloud infrastructure, and the security systems are following suit. To take advantage of the opportunities created by this shift, security engineers will need to upskill. 

And there’s something else that’s just as important: they need to promote themselves within this space. This is something technical people are not always good at, but when that new opportunity or contract comes up, it can really pay off to have a clear, on-point and up-to-date resume ready to go.

Edit for length, grammar and consistency

Something that applies to all resumes, not just in the cybersecurity engineering field, is the need to have a consistent and faultless resume. 

First of all, don’t mix up first (I) and third (he/she) person language. This can indicate a copy-and-paste job and a lack of effort. 

Another important point is to be consistent in fonts, font size, use of bullet point indicators, colors, capitalization and spacing. Once hired, cybersecurity engineer can easily cause a major outage with a wrong number in a command or with bad documentation. A messy resume is not something to present to a hiring manager or HR person for this role. 

Finally, keep the length of the resume between one and two pages. Unless there are many (relevant) important projects and roles to discuss, do not exceed two pages.

Highlight relevant skills and security

The resume of a security engineer will, of course, be highly technical in nature. This means that relevant skills to the role should be highlighted. 

This is not simply a list of known and used applications, languages and systems. Skills should be related to the roles they were obtained and used in. It’s best to highlight relevant skills per previous role, because this allows a recruiter or hiring manager to assess how long and at what level the relevant skills were used.

Where this gets very technical, use a healthy level of security caution. These days, public forums like LinkedIn and many online recruiting sites are scraped by malicious actors in order to find out what security tools their targets potentially use and at who to direct a spear phishing attack. According to Michelle Rafter at Talent Economy, these actors even go as far as staging fake interviews to get their information. 

All this means that sharing too many details about a previous employer’s security systems could not only create a security risk to that organization but reflect badly on the job-seeker when a prospective employer performs a background check.

Vendor and industry certificates versus academic degrees

There is much discussion about industry certifications and the place they should fill within the IT security job market. Opinions from experts range from “completely useless” to “better than academic degrees.”

A reasonable view, supported by many universities and training and employment institutions, is that there is a place for each of them. A formal degree will have a longer lifespan and provide a broader knowledge base, which could lead to faster promotions and higher salaries, but this could also be achieved by hard work and industry certifications. The takeaway here is that they each deserve equal space in the resume. 

Something that also deserves adequate space within the resume is vendor certifications. Especially with the abovementioned move to cloud platforms, vendor certification programs such as the Microsoft Certified Azure Security Engineer and the AWS Certified Security Specialty could be exactly what a potential employer is looking for. Cloud experience and training are very specific to the relevant cloud platform, so make sure to highlight certifications that apply directly to the desired role.

Projects and outcomes

A great way to highlight previous achievements and to present non-technical experience is to list significant projects worked on under previous roles. This will provide an opportunity to show skills such as management, budgeting, technical writing and project management. It can also show the ability to work independently and to work across different levels of a business. 

Project outcomes, such as “achieved successful deployment within budget and within deadline,” should be provided where possible.

Open-source and community work

An engineer is expected to at least have some level of coding knowledge. Whether it’s basic Python or expert-level C+, some solutions will require integration or customization, especially these days when so much emphasis is placed on automation and Security Orchestration, Automation and Response (SOAR) tools. 

There is no better way to showcase any of these skills than to list community work and owned public code repositories on platforms such as GitHub or SourceForge. Of course, make sure the code referred to is accessible, free from bugs and representing the highest skill level. It might be best not to list that 20-year-old buggy school project here.


Although it is never too late to write or update a resume, within the fast-changing cybersecurity sector it’s a good idea to make sure a reasonably updated resume is ready to be sent out when that perfect new role comes by. Last-minute, rushed work can result in a sloppy and messy resume, which might lead to missing out on a great opportunity. Following the tips in this article should help to get started. 

If this is all still too daunting, there are a lot of universities and professional content writers who can provide a great resume for a fee. This too is an option, as long as they also keep in mind the specifics of the cybersecurity engineering field. 



  1. Hackers Want Your People Data. Here’s How to Stop Them., Talent Economy
  2. SOAR (Security Orchestration, Automation and Response), TechTarget
  3. IT Certifications vs. Experience vs. Degree, ITCareerFinder
  4. Microsoft Certified: Azure Security Engineer Associate, Microsoft
  5. AWS Certified Security – Specialty, Amazon
Posted: August 22, 2019
Frank Siemons
View Profile

Frank Siemons is an Australian security researcher at InfoSec Institute. His trackrecord consists of many years of Systems and Security administration, both in Europe and in Australia. Currently he holds many certifications such as CISSP and has a Master degree in InfoSys Security at Charles Sturt University. He has a true passion for anything related to pentesting and vulnerability assessment and can be found on His Twitter handle is @franksiemons

Leave a Reply

Your email address will not be published.