Security and Data Handling (iSEC)
This is an elective skill. You may choose this as one of your required quota from the focused technical category.
Understands fundamental security implications, common attack vectors, and how to handle sensitive data carefully.
LVL 3 - Engineer II
Aware of common features that have security considerations, and works with more senior members to meet security requirements.
- basic knowledge of avoiding vulnerabilities whilst developing applications.
- relies on the constructs within a framework to abstract the security implementation details and understands what's not handled by default and needs to be considered separately.
- knows how to access/transmit sensitive data safely.
LVL 4 - Senior I, TTL, SEM
Considers security implications as part of day-to-day work. Uses good data handling practices and encourages others to do so.
- possesses advanced knowledge of common attack vectors and how to address them, such as XSS, CSRF, login protection, insecure object serialisation etc.
- has practical knowledge of how to make a project GDPR compliant, and guides their team and client to handle data securely.
- addresses issues raised by a security audit.
LVL 5 - Senior II
Owns and looks to improve our security and data handling approaches on their project. Actively guiding others to be compliant through implementation, defining work for others, and education.
- is aware of tools and approaches to ensure applications and servers are secure against possible exploits.
- follows the security checklist to secure applications and servers, knows how to implement all points within the checklist.
- conducts security audits using our security checklist as a guide, and sets a list of prioritised tasks from findings.
- contributes to and helps maintain the security checklist, keeping it up-to-date with new vulnerabilities and also knows who to implement all the points.
- understands multiple levels of PCI compliance and can advise projects on the most appropriate route for compliance.
- understands and knows how to implement security headers for a variety of projects.
LVL 6 - Principal
Leads our approach across Inviqa, teaching and guiding engineers and clients on security topics.
- is able to secure a complete web server including the operating system and application layer.
- drives the security audit strategy for new and existing projects.
- is able to describe and implement a number of cryptographic attacks such as length extension attack and adaptive chosen-cipher attack.
- communicates new security concerns and how to handle them, and manages a plan for teams to implement mitigations for client projects.