What Does a Security Software Developer Do?
What is a Security Software Developer?
A Security Software Developer (a.k.a. programming guru) does one of two things: 1. Develops security software. 2. Integrates security into applications software during the course of design and development. In the first job, you will be creating new tools & systems for virus/spyware/malware detection, intrusion detection, traffic analysis, etc. In the second job, you will be ensuring that security measures are “baked-in” to any software your organization produces.
Choose wisely. Some software development jobs can end up being quite repetitive and dull. But others will give you plenty of space to stretch your creative muscles (e.g. time to work on forensics side projects) and collaborate with a team of developers. Remember, too, that a Security Software Developer’s job involves auditing, testing, and documentation. Your defense has to be the best of the best.
Security Software Developer Job Responsibilities
Your day-to-day responsibilities will vary according to which job you choose. Depending on the position, you could be required to:
- Oversee a team of developers in the creation of secure software tools
- Take a leadership role in software design, implementation and testing
- Develop a company-wide software security strategy
- Facilitate meetings and workshops to define client processes and needs
- Create new software systems or forensic tools
- Participate in the lifecycle development of software systems using agile methodologies
- Design and build proof of concept prototype solutions
- Institute programming techniques that are free from logical design and technical implementation flaws
- Gain a thorough knowledge of attack vectors that may be used to exploit software
- Leverage attack tools to test your work for software vulnerabilities
- Counsel your colleagues on secure programming practices
- Research/identify flaws and remedy development mistakes
- Document the software development lifecycle
- Support software deployments to customers
If you’re working in a large team, you may report to a Security Software Architect.
Security Software Developer Careers
Security Software Developer Career Paths
Security Software Developers generally get their start as normal Software Developers before applying for this mid-level position. After you’ve gained some experience as a Security Developer, you might move up the ladder to become a:
- Security Software Architect
- Security Architect
The term “Security Software Developer” is one of a few related job titles on the market. Equivalent positions include:
- Cyber Developer
- Security Developer
- Security Software Engineer
Security Software Developer Salaries
According to Payscale, the median salary for a Software Developer is $69,908 (2019 figures). Overall, you can expect to take home a total pay of $47,657 – $106,831. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
However, Security Software Developers are usually paid more. In a comparison of Cyber Security Developer jobs listed on Indeed, the most popular range was $90,000-$100,000, with plenty of salary offers above those numbers.
Security Software Developer Job Requirements
Security Software Developer job postings are not as common as listings for Security Engineers and Software Developers, but they do exist. Most companies are happy to consider candidates who have a BS in a relevant technical field. However, a lot of them will be looking for some kind of background/work experience in standard software development.
Squeeze in as much software security experience as you can during your prep years. Go to cyber security & digital forensics conferences, get accredited, take courses – anything that will give you real-world practice. We also recommend you reach out to current Security Software Developers in your chosen arena (e.g. government, finance, consultancy, etc.) and ask them about their experiences. The more you know about your options, the more strategic you can be.
Security Software Developers are expected to have a bachelor’s degree in Computer Science or the equivalent (e.g. Math, Network Technology, Electrical Engineering, etc.). You can supplement this degree with certifications and on-the-job training. A master’s degree is a plus, but is not considered mandatory. Employers will be focusing on your hard skills and your years of experience in software development.
The standard baseline requirement for Security Software Developers is 5 years of experience. You typically can’t become a security-specific developer until you’ve completed three years of work as a developer and two years as an auditor/tester, but this rule isn’t set in stone. A number of organizations (e.g. NSA, small regional companies, etc.) are willing to take on relative newbies. Better yet, they may offer on-the job training, internal courses, and external training opportunities. Look for “Junior” in the job title.
Programming chops are the biggest must-have. In our canvassing of job descriptions, we have seen employers ask for expertise in:
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java, ASM, PHP, PERL
- TCP/IP-based network communications
- IP security
- Relational databases (e.g. SQL, MySQL, SQLite, etc.)
- Hypervisors (e.g. VMware, KVM, etc.)
- Python Experience in HTML/CSS
- XML/Web Services, AJAX
- Cloud computing
Great software development rests on communication. That means you should be comfortable leading a team, talking to clients and C-level executives, mentoring colleagues and documenting your processes.
Add to that list problem-solving and analytical skills. In your job as master-creator, you will be battling new security challenges every day. Employers are also interested in seeing if you can meet tight deadlines and work under pressure.
Certifications for Security Software Developers
Here are a few certifications to investigate in the road towards better pay and opportunities. We always recommend checking with employers and colleagues to learn which certifications are favored.
- ECSP: EC-Council Certified Secure Programmer
- CSSLP: Certified Secure Software Lifecycle Professional
- GSSP-JAVA: GIAC Secure Software Programmer-Java
- GWEB: GIAC Certified Web Application Defender
- GSSP-.NET: GIAC Secure Software Programmer- .NET
- CEH: Certified Ethical Hacker
- CES: Certified Encryption Specialist