Security Engineer Resume Example

Professional Summary

Security engineer with 5+ years designing and implementing security controls across cloud infrastructure and application layers. Expert in AWS security services, application security testing, and building security into CI/CD pipelines, with a focus on shifting security left in the SDLC.

Key Skills

What to Include on a Security Engineer Resume

• A concise summary that states your security engineer experience level, strongest domain, and the business problems you solve.
• A skills section that mirrors the job description language for Application Security (SAST/DAST), AWS Security, Terraform (Security), Container Security.
• Experience bullets that connect security engineer, application security, cloud security to measurable outcomes such as cost savings, faster delivery, better quality, or improved customer results.
• Tools, platforms, certifications, and methods that are current for cybersecurity roles.
• Recent projects that show ownership, cross-functional work, and a clear result instead of generic responsibilities.

Sample Experience Bullets

• Built the DevSecOps pipeline integrating SAST, DAST, and container image scanning into every pull request and deployment stage. The pipeline catches over 300 vulnerabilities per quarter before they reach production, and developers get feedback within their normal workflow
• Designed and implemented a zero-trust security model across 80+ AWS accounts, replacing implicit trust boundaries with identity-based access controls and network micro-segmentation. Reduced the estimated attack surface by about 70% based on the threat model assessment
• Facilitated 20+ threat modeling sessions with engineering teams using STRIDE methodology, identifying 150+ security risks at the design stage and documenting reusable mitigation patterns. Teams now request threat models proactively for new features
• Wrote an automated IAM policy analyzer in Python that scanned all 200+ AWS service roles and flagged 45 with excessive permissions. Worked with each team to scope their policies down to least privilege within one quarter
• Migrated 2,000+ hardcoded credentials and API keys from codebases and config files to HashiCorp Vault with automated rotation policies. Added pre-commit hooks that block secrets from being committed going forward
• Reviewed pull requests that touched authentication, authorization, and sensitive data handling code paths, providing security-focused feedback to 8 engineering teams. Caught an average of 3 to 4 security issues per week that automated tools missed
• Worked with the compliance team to map technical security controls to SOC 2 Type II requirements and prepare evidence packages for auditors. Reduced audit prep time from 6 weeks to 2 by automating evidence collection from AWS and GitHub
• Maintained the security tooling stack including Snyk, SonarQube, and Trivy, keeping them updated across all repositories and tuning rule sets to minimize false positives. Handled the vendor relationship and license renewals for each tool
• Delivered quarterly security training sessions to 60+ developers covering OWASP Top 10 vulnerabilities, secure coding practices, and real examples from the company's own codebase. Post-training assessments showed knowledge retention improving each quarter
• Designed the application-level encryption strategy for sensitive customer data, implementing field-level encryption with AWS KMS for PII stored in PostgreSQL and DynamoDB. This satisfied both SOC 2 and GDPR data protection requirements
• Built a security metrics dashboard tracking vulnerability counts by severity, mean time to remediation, and scan coverage across all repositories. Presented these metrics to engineering leadership monthly to track progress on security posture goals

ATS Keywords for Security Engineer Resumes

Use these terms naturally where they match your experience and the job description.

Recommended Certifications

• CISSP
• AWS Certified Security - Specialty
• OSCP

What Does a Security Engineer Do?

• Design, develop, and maintain software solutions using Application Security (SAST/DAST), AWS Security, Terraform (Security) and related technologies
• Collaborate with cross-functional teams including product managers, designers, and QA engineers to deliver features on schedule
• Write clean, well-tested code following industry best practices for security engineer and application security
• Participate in code reviews, technical discussions, and architecture decisions to improve system quality and team knowledge
• Troubleshoot production issues, optimize performance, and ensure system reliability across all environments

Resume Tips for Security Engineers