Role Definition
| Field | Value |
|---|---|
| Job Title | Security Engineer |
| Seniority Level | Mid-Level (3-5 years) |
| Primary Function | Builds, implements, and maintains security infrastructure across the technology stack. Designs and deploys security controls (firewalls, IDS/IPS, SIEM, EDR), writes security automation (Python, PowerShell, IaC), conducts vulnerability assessments, performs incident response, engineers IAM solutions, and ensures compliance controls are implemented. The "build and implement" security role — engineers solutions rather than monitoring dashboards or specialising in a single domain. |
| What This Role Is NOT | Not a Cyber Security Analyst (monitors and triages — scored 2.65 Yellow). Not an Application Security Engineer (SDLC-focused — scored 3.45 Green). Not a Cloud Security Engineer (cloud-specific — scored 3.10 Green). Not a Network Security Engineer (network-specific — scored 3.35 Green). This is the generalist ENGINEERING role that builds across domains without specialising in any one. O*NET code 15-1299.05. |
| Typical Experience | 3-5 years. Often progressed from sysadmin, analyst, or IT support. Certs: Security+, CySA+, CISSP, CASP+, cloud certs (AWS Security Specialty, AZ-500). Python/PowerShell scripting expected. Bachelor's preferred (73% of postings) but not required. |
Seniority note: Junior (0-2 years) would score Yellow — primarily tool configuration and playbook execution, less architecture. Senior/Principal (7+ years) would score deeper Green (~3.5-3.8) — owns security strategy, makes risk acceptance decisions, leads architecture reviews.
Protective Principles + AI Growth Correlation
| Principle | Score (0-3) | Rationale |
|---|---|---|
| Embodied Physicality | 0 | Fully digital, desk-based. All work in consoles, terminals, and dashboards. |
| Deep Interpersonal Connection | 1 | Collaborates with dev teams, infrastructure teams, and stakeholders on security requirements. Some cross-team influence but the core value is technical, not relational. |
| Goal-Setting & Moral Judgment | 2 | Makes security architecture decisions, risk acceptance trade-offs, and prioritises controls. Operates within established frameworks (NIST CSF, CIS Benchmarks) but interprets them for specific environments. Not following playbooks — designing solutions for novel contexts. |
| Protective Total | 3/9 | |
| AI Growth Correlation | 1 | More AI adoption means more infrastructure to secure, more tools to manage, larger attack surface. AI workloads need GPU clusters, data pipelines, and model endpoints secured. Indirect but real — demand grows because AI runs ON infrastructure this role secures. |
Quick screen result: Protective 3 + Correlation 1 = Yellow signal. Low human protection, weak positive from AI growth. Proceed to quantify.
Task Decomposition (Agentic AI Scoring)
| Task | Time % | Score (1-5) | Weighted | Aug/Disp | Rationale |
|---|---|---|---|---|---|
| Design & implement security architecture | 20% | 2 | 0.40 | AUGMENTATION | Novel architecture decisions for specific environments. AI suggests reference designs; engineer adapts to business context, existing infrastructure, regulatory requirements, and risk appetite. Every environment is different. |
| Build & maintain security tooling (SIEM, EDR, IDS/IPS, firewalls) | 20% | 3 | 0.60 | AUGMENTATION | AI-driven platforms handle detection. But deploying, configuring, tuning, and integrating tools across hybrid environments requires engineering judgment. Vendor lock-in decisions, performance trade-offs, and cross-tool orchestration remain human. |
| Security automation & scripting (Python, IaC, SOAR playbooks) | 15% | 3 | 0.45 | AUGMENTATION | AI coding assistants write security scripts and IaC templates well. But designing automation strategy, handling production edge cases, and ensuring automation doesn't introduce vulnerabilities requires engineering judgment. AI accelerates; human architects. |
| Vulnerability assessment & remediation coordination | 15% | 4 | 0.60 | DISPLACEMENT | Scanning fully automated (Tenable, Qualys, Nessus). AI prioritises by exploitability and business context. Remediation ticketing increasingly automated. Human value shifts to coordinating complex cross-team patches and exception handling. |
| Incident response & forensics | 10% | 2 | 0.20 | AUGMENTATION | Live incidents require creative investigation, adversarial thinking, and rapid judgment under pressure. AI assists with log correlation and timeline construction. Novel attacks require human analysis. |
| IAM & access control engineering | 10% | 3 | 0.30 | AUGMENTATION | AI recommends least-privilege policies, detects over-permissioning. Designing IAM architecture for complex orgs (multi-account, federation, PAM) requires understanding trust boundaries and business workflows. |
| Compliance implementation & audit support | 10% | 4 | 0.40 | DISPLACEMENT | Mapping controls to frameworks and gathering evidence is rule-based and AI-automated (Vanta, Drata, AWS Security Hub). Bulk compliance work automated. Human judgment needed for novel requirements and exceptions only. |
| Total | 100% | 2.95 |
Task Resistance Score: 6.00 - 2.95 = 3.05/5.0
Displacement/Augmentation split: 25% displacement, 75% augmentation.
Reinstatement check (Acemoglu): Yes — security engineers now manage AI security tool fleets, design automated detection pipelines, engineer security for AI/ML workloads, and orchestrate SOAR playbooks. "Security tool platform engineer" and "security automation engineer" are genuinely new sub-functions emerging from this role.
Evidence Score
| Dimension | Score (-2 to 2) | Evidence |
|---|---|---|
| Job Posting Trends | 2 | 66,800 US security postings in 2025, up 124% YoY (Robert Half). 20,000 cybersecurity engineer roles specifically. BLS projects 29% growth for information security roles 2024-2034 (~16,000 annual openings). ~2.1-2.3% unemployment for security professionals. |
| Company Actions | 1 | Active hiring across sectors — financial services and manufacturing leading. No companies cutting security engineering roles. However, the generalist "security engineer" title is fragmenting into specialists (cloud, app, network, DevSecOps). Companies hiring domain-specific engineers over generalists. |
| Wage Trends | 1 | Mid-level: $120,000-$180,000 (Glassdoor, Indeed, Gemini consensus). Growing with market but below specialist premiums — cloud security architects ($200K+), AI security engineers ($200K+). Competitive but not explosive. |
| AI Tool Maturity | 0 | Production-ready AI in every domain: SIEM (Copilot for Security, Splunk AI), SOAR (automated playbooks), EDR/XDR (CrowdStrike, SentinelOne), CSPM (Wiz, Prisma Cloud). 95% of security leaders report improved effectiveness. Tools automate monitoring/compliance but create demand for engineers who deploy, tune, and orchestrate them. Net wash. |
| Expert Consensus | 1 | Strong consensus on augmentation not replacement (IBM, Microsoft, Gartner, ISACA, PwC). 72% of decision-makers see unprecedented threat levels. Engineers shift from manual tasks to strategic oversight. Role survives but transforms significantly. |
| Total | 5 |
Barrier Assessment
Reframed question: What prevents AI execution even when programmatically possible?
| Barrier | Score (0-2) | Rationale |
|---|---|---|
| Regulatory/Licensing | 1 | SOC 2, HIPAA, PCI-DSS, GDPR, and EU AI Act require human-overseen security controls. Compliance auditors expect human accountability for implementation decisions. No formal licensing. |
| Physical Presence | 0 | Fully remote capable. |
| Union/Collective Bargaining | 0 | Tech sector, at-will employment. |
| Liability/Accountability | 1 | Security architecture failures trigger regulatory fines and breach liability. Someone must be accountable for design decisions. But mid-level engineers escalate to senior/CISO for consequential calls — accountability is shared upward. |
| Cultural/Ethical | 1 | Organisations want human engineers designing and implementing their security controls. Moderate resistance to fully automated security infrastructure. Trust in human oversight for production-impacting changes (firewall rules, access controls). |
| Total | 3/10 |
AI Growth Correlation Check
Confirmed at 1. AI adoption expands infrastructure requiring security engineering — GPU clusters, data pipelines, model serving endpoints, agentic AI systems all need securing. But the relationship is indirect: this role secures infrastructure AI runs ON, not AI itself. If AI adoption slowed, security engineering would still be needed for cloud, network, and application security. Distinguishes from AI Security Engineer (correlation 2) where demand is directly proportional to AI deployment.
JobZone Composite Score (AIJRI)
| Input | Value |
|---|---|
| Task Resistance Score | 3.05/5.0 |
| Evidence Modifier | 1.0 + (5 × 0.04) = 1.20 |
| Barrier Modifier | 1.0 + (3 × 0.02) = 1.06 |
| Growth Modifier | 1.0 + (1 × 0.05) = 1.05 |
Raw: 3.05 × 1.20 × 1.06 × 1.05 = 4.0736
JobZone Score: (4.0736 - 0.54) / 7.93 × 100 = 44.6/100
Zone: YELLOW (Green ≥48, Yellow 25-47, Red <25)
Sub-Label Determination
| Metric | Value |
|---|---|
| % of task time scoring 3+ | 70% |
| AI Growth Correlation | 1 |
| Sub-label | Yellow (Urgent) — ≥40% task time scores 3+ |
Assessor override: None — formula score accepted.
Assessor Commentary
Score vs Reality Check
The 3.05 Task Resistance Score sits 0.45 below the 3.5 Green threshold, and the composite formula places this in Yellow despite positive evidence. This is the weakest role in the cybersecurity engineering cohort, below Cloud Security Engineer (3.10), Network Security Engineer (3.35), and Application Security Engineer (3.45). The classification depends on the talent shortage persisting and demand continuing to outpace automation. The 70% of task time scoring 3+ signals heavy transformation pressure. If evidence weakens — supply catches up, AI tools mature further, or companies consolidate generalist roles — the resistance erodes further.
What the Numbers Don't Capture
- Title fragmentation. "Security Engineer" is actively splitting into specialists (cloud, app, network, DevSecOps). The generalist "security engineer" may follow the path of "webmaster" — the work persists but the general-purpose title loses value as specialists command premiums.
- The build vs configure spectrum. The assessment scores the BUILD version. Many "security engineers" in practice are closer to "security tool administrators" — configuring vendor products rather than engineering custom solutions. That version scores closer to Security Administrator (2.50, Yellow).
- Supply dynamics. Unlike specialist roles (AI Security, Cloud Security Architect), the generalist security engineer pipeline is well-supplied. Career changers from sysadmin and analyst roles enter this market segment. High supply + AI augmentation = wage pressure even with growing demand.
- Function-spending vs people-spending. Security budgets rise but increasingly flow to AI-powered platforms (Wiz raised $1B at $12B valuation, CrowdStrike's AI-native platform). One engineer with modern tooling covers what three did manually. Budget growth ≠ headcount growth.
Who Should Worry (and Who Shouldn't)
Safer than the score suggests: Engineers writing Python automation, building IaC security templates, designing hybrid security architecture, and orchestrating AI-powered tool fleets. Your engineering skills — writing code, designing systems, solving novel problems — are what distinguish you from AI output. The more you build, the safer you are.
More at risk than the score suggests: Engineers whose "engineering" is mostly clicking through vendor consoles, configuring dashboards from templates, and running pre-built scans. That's tool operation, not engineering. It's the same work CSPM/CNAPP platforms are automating, just with a better job title.
The single biggest factor: whether you BUILD security or CONFIGURE security. Builders who write code, design architecture, and create novel solutions thrive. Configurers who operate vendor tools and follow setup guides face the same compression as the analyst tier, just on a longer timeline.
What This Means
The role in 2028: The Security Engineer of 2028 is a "security platform engineer" — orchestrating fleets of AI-powered security tools, writing automation that ties them together, designing security architecture for increasingly complex hybrid and AI-native environments, and leading incident response for sophisticated attacks. Manual tool configuration, compliance evidence gathering, and vulnerability scanning are fully automated.
Survival strategy:
- Write code. Python, Go, or Rust for security automation. IaC (Terraform, Pulumi) for security-as-code. The engineers who code are the engineers who survive — AI assists coders, it replaces configurers.
- Master security tool orchestration. Deploy, tune, and integrate SIEM/SOAR/EDR/CSPM platforms. Become the person who designs the automated security pipeline, not the person the pipeline replaces.
- Specialise or go strategic. Pick a domain (cloud, application, identity) and go deep, or move toward security architecture where you design rather than implement. The generalist middle ground narrows every year.
Where to look next. If you're considering a career shift, these Green Zone roles share transferable skills with this role:
- Senior Network Security Engineer (AIJRI 58.5) — Direct career progression — your security engineering skills deepen into specialised network defence at the senior level
- Application Security Engineer (AIJRI 57.1) — Security tooling and vulnerability management experience transfers to securing the application layer
- DevSecOps Engineer (AIJRI 58.2) — Infrastructure security skills combined with automation knowledge map directly to DevSecOps practices
Browse all scored roles at jobzonerisk.com to find the right fit for your skills and interests.
Timeline: 5-7 years. Driven by persistent cybersecurity talent shortage (4.8M globally) and expanding attack surface. Tactical configuration work compresses faster (2-3 years), strategic engineering work strengthens.
