What Does a Security Software Developer Do?
The Short Version
A Security Software Developer (a.k.a. programming guru) does one of two things:
- Develops security software
- Integrates security into applications software during the course of design and development
In the first job, you will be creating new tools for virus/spyware/malware detection, intrusion detection, traffic analysis, etc. In the second job, you will be ensuring that security measures are “baked-in” to any software your organization produces.
Security Software Developer Responsibilities
Your day-to-day responsibilities will vary according to which job you choose. Depending on the position, you could be required to:
- Oversee a team of developers in the creation of secure software tools
- Take a leadership role in software design, implementation and testing
- Develop a company-wide software security strategy
- Facilitate meetings and workshops to define client processes and needs
- Create new software systems or forensic tools
- Participate in the lifecycle development of software systems using agile methodologies
- Design and build proof of concept prototype solutions
- Institute programming techniques that are free from logical design and technical implementation flaws
- Gain a thorough knowledge of attack vectors that may be used to exploit software
- Leverage attack tools to test your work for software vulnerabilities
- Counsel your colleagues on secure programming practices
- Research/identify flaws and remedy development mistakes
- Document the software development lifecycle
- Support software deployments to customers
If you’re working in a large team, you may report to a Security Software Architect.
Security Software Developer Career Paths
Security Software Developers generally get their start as normal Software Developers before applying for this mid-level position. After you’ve gained some headway as a Security Developer, you have the option to move up the ladder to become a:
- Security Software Architect
- Security Architect
The term “Security Software Developer” is one of a few related job titles on the market. Equivalent positions include:
- Cyber Developer
- Security Developer
- Security Software Engineer
Security Software Developer Salaries
According to Payscale, the median salary for a Software Developer is $65,668 (2014 figures). Overall, you can expect to take home a total pay of $43,141 – $101,384. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
However, Security Software Developers are usually paid more. In a comparison of Cyber Security Developer jobs listed on Indeed, the most popular range was $80,000-$100,000.
Security Software Developer Job Requirements
Security Software Developers are expected to have a bachelor’s degree in Computer Science or the equivalent (e.g. Math, Network Technology, Electrical Engineering, etc.). You can supplement this degree with certifications and on-the-job training.
A master’s degree is a plus, but is not considered mandatory. Employers will be focusing on your hard skills and your years of experience in software development.
The standard baseline requirement for Security Software Developers is 5 years of experience. You typically can’t become a security-specific developer until you’ve completed three years of work as a developer and two years as an auditor/tester.
Squeeze in as much software security experience as you can during these years. Go to conferences, get accredited, take courses – anything that will give you real-world practice.
Programming chops are the biggest must-have. In our canvassing of job descriptions, we have seen employers ask for expertise in:
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java, ASM, PHP, PERL
- TCP/IP-based network communications
- IP security
- Relational databases (e.g. SQL, MySQL, SQLite, etc.)
- Hypervisors (e.g. VMware, KVM, etc.)
- Python Experience in HTML/CSS
- XML/Web Services, AJAX
- Cloud computing
Great software development rests on communication. That means you should be comfortable leading a team, talking to clients and C-level executives, mentoring colleagues and documenting your processes.
Add to that list problem-solving and analytical skills. In your job as master-creator, you will be battling new security challenges every day. Employers are also interested in seeing if you can meet tight deadlines and work under pressure.
Certifications for Security Software Developers
Here are a few certifications to investigate in the road towards better pay and opportunities. We always recommend checking with employers and colleagues to learn which certifications are favored.
- ECSP: EC-Council Certified Secure Programmer
- CSSLP: Certified Secure Software Lifecycle Professional
- GSSP-JAVA: GIAC Secure Software Programmer-Java
- GWEB: GIAC Certified Web Application Defender
- GSSP-.NET: GIAC Secure Software Programmer- .NET
- CEH: Certified Ethical Hacker
- CES: Certified Encryption Specialist