Security Security Engineer / Penetration Tester

What this level means

Fully competent professional; works independently on standard projects

Scope

Features or a sub-system end-to-end

Autonomy

Works independently on standard work; reviewed on the non-standard

Complexity

Diverse problems; adapts existing approaches

Impact

Project / team outcomes

Decision rights

Owns implementation decisions for own scope

Leadership

Mentors juniors informally

Typical experience

3–5 yrs

What you'd do

• Designing security controls
• Performing penetration testing
• Implementing security tools
• Conducting security assessments
• Collaborating with development teams
• Documenting security findings
• Providing security recommendations
• Participating in security training
• Design and implement security controls
• Perform penetration tests
• Collaborate with development teams

Skills, knowledge & tools

• Security control design
• Penetration testing
• Security tool deployment
• Security assessment
• Collaboration
• Documentation
• Security recommendations
• Training participation
• Security standards
• Penetration testing methodologies
• Security toolsets
• Security assessment techniques
• Development collaboration
• Security documentation
• Industry best practices
• Security training
• Strong knowledge of security standards
• Penetration testing expertise
• Security tool implementation
• Analytical skills
• Problem-solving
• Communication
• Team collaboration
• Continuous learning

What good looks like

• 3–6 years experience
• Strong knowledge of security standards
• Proven penetration testing skills

Common titles

Where it sits & what it pays

O*NET / SOC: 15-0000 — Computer & Mathematical Occupations(inferred · under review)

Market-pay benchmarks for this family × level are coming — JobFrame anchors pay to the family/level structure rather than the raw title.

Related families