information-security-engineer

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Information Security Engineer

信息安全工程师

When to Use

使用场景

Implement and operate security controls such as SSO, RBAC, PAM, KMS, certificate management, WAF, DLP, EDR, or SIEM integrations
Translate security architecture, audit findings, or policies into deployable guardrails and validation checks
Build identity, encryption, secrets, logging, or security automation workflows
Harden cloud accounts, endpoints, SaaS apps, and baseline configurations with security ownership
Validate remediation for vulnerabilities and control gaps

实施并运营SSO、RBAC、PAM、KMS、证书管理、WAF、DLP、EDR或SIEM集成等安全控制措施
将安全架构、审计发现或政策转化为可部署的防护规则与验证检查机制
构建身份管理、加密、密钥、日志或安全自动化工作流
负责云账户、终端、SaaS应用及基线配置的安全加固
验证漏洞及控制缺口的修复效果

When NOT to Use

非使用场景

Board briefings, risk appetite, security budget, crisis exec comms →
```
chief-information-security-officer
```
Define security strategy or enterprise security program →
```
cybersecurity
```
GRC program, framework scope, audit prep, questionnaires →
```
compliance-specialist
```
Triage alerts, SOC playbooks, or shift ops →
```
soc-analyst
```
Deep investigation, hunts, or detection authoring →
```
defensive-security-analyst
```
Execute authorized pentests or exploit validation →
```
penetration-tester
```
,
```
network-pentester
```
,
```
web-pentester
```
Plan adversary simulation or purple-team campaigns →
```
red-team-specialist
```
Add CI/CD security gates, SBOMs, or artifact signing only →
```
devsecops
```
Design tenant isolation and product data-plane boundaries →
```
product-infrastructure-security-engineer
```
Cloud org guardrails, CSPM, multi-account IAM/network security →
```
cloud-security-engineer
```
IAM program design, access reviews, federation, PAM, SoD (without tool deploy) →
```
iam-specialist
```

董事会简报、风险偏好、安全预算、危机高管沟通 →
```
chief-information-security-officer
```
制定安全战略或企业安全项目 →
```
cybersecurity
```
GRC项目、框架范围界定、审计准备、调查问卷 →
```
compliance-specialist
```
告警分诊、SOC剧本、运维移交 →
```
soc-analyst
```
深度调查、威胁狩猎、检测规则编写 →
```
defensive-security-analyst
```
执行授权渗透测试或漏洞利用验证 →
```
penetration-tester
```
,
```
network-pentester
```
,
```
web-pentester
```
规划 adversary simulation（ adversary模拟）或紫队演练 →
```
red-team-specialist
```
仅添加CI/CD安全网关、SBOM或工件签名 →
```
devsecops
```
设计租户隔离及产品数据平面边界 →
```
product-infrastructure-security-engineer
```
云组织防护规则、CSPM、多账户IAM/网络安全 →
```
cloud-security-engineer
```
IAM项目设计、访问评审、联邦认证、PAM、SoD（无工具部署） →
```
iam-specialist
```

Related skills

相关技能

Need	Skill
CISO program, board KRIs, appetite, budget	`chief-information-security-officer`
AWS/GCP/Azure guardrails, CSPM, cloud IAM/network	`cloud-security-engineer`
GRC program, gap plans, audit coordination	`compliance-specialist`
Security strategy, policies	`cybersecurity`
Audit evidence automation	`compliance-engineer`
CI/CD scans, SBOM, pipeline OIDC	`devsecops`
VPC, K8s, Terraform platform (general)	`infrastructure-engineer`
SOC triage and SOAR playbooks	`soc-analyst`
Red team gaps → detection content	`red-team-specialist`
Declared security incident response (CSIRT)	`incident-responder`
STIX/TAXII feed requirements, intel-driven blocklists	`cti-analyst`
Threat hunts and detection engineering	`defensive-security-analyst`
Pentest findings to reproduce	`penetration-tester` , `network-pentester` , `web-pentester`
Control documentation	`tech-writer-researcher`
Product tenancy, customer data plane	`product-infrastructure-security-engineer`
CVD program, bounty, disclosure calendar	`technical-program-manager-security-cvd`
Post-incident artifact analysis and chain of custody	`digital-forensics-analyst`
Risk registers, residual scoring, treatment decisions	`security-risk-analyst`
IAM lifecycle, entitlements, reviews, federation, PAM	`iam-specialist`
BCM/DRP for security tooling, immutability, restore tests	`bcm-disaster-recovery-specialist`

需求	技能
CISO项目、董事会KRI、风险偏好、预算	`chief-information-security-officer`
AWS/GCP/Azure防护规则、CSPM、云IAM/网络	`cloud-security-engineer`
GRC项目、缺口计划、审计协调	`compliance-specialist`
安全战略、政策制定	`cybersecurity`
审计证据自动化	`compliance-engineer`
CI/CD扫描、SBOM、流水线OIDC	`devsecops`
VPC、K8s、Terraform平台（通用）	`infrastructure-engineer`
SOC分诊及SOAR剧本	`soc-analyst`
红队缺口检测规则编写	`red-team-specialist`
已申报安全事件响应（CSIRT）	`incident-responder`
STIX/TAXII feed需求、情报驱动型黑名单	`cti-analyst`
威胁狩猎及检测工程	`defensive-security-analyst`
渗透测试结果复现	`penetration-tester` , `network-pentester` , `web-pentester`
控制措施文档编写	`tech-writer-researcher`
产品租户隔离、客户数据平面	`product-infrastructure-security-engineer`
CVD项目、漏洞赏金、披露日历	`technical-program-manager-security-cvd`
事件后工件分析及链状证据管理	`digital-forensics-analyst`
风险登记、残余风险评分、处置决策	`security-risk-analyst`
IAM生命周期、权限管理、访问评审、联邦认证、PAM	`iam-specialist`
安全工具业务连续性/灾难恢复计划、不可变性、恢复测试	`bcm-disaster-recovery-specialist`

Core Workflows

核心工作流

1. Control implementation

1. 控制措施实施

Translate architecture or policy into deployable controls:

Confirm requirement source (policy, threat model, audit finding)
Choose control type: preventive, detective, corrective
Implement in IaC or managed config (versioned, reviewed)
Define validation test (automated where possible)
Document owner, exception process, and review cadence

See
references/control_hardening.md
for baselines and guardrail patterns.

将架构或政策转化为可部署的控制措施：

确认需求来源（政策、威胁模型、审计发现）
选择控制类型：预防性、检测性、纠正性
以IaC或托管配置方式实施（版本化、经评审）
定义验证测试（尽可能自动化）
记录负责人、例外流程及评审周期

基线及防护规则模式请参考
references/control_hardening.md
。

2. Identity and access engineering

2. 身份与访问工程

human identity (SSO/MFA) → RBAC/ABAC → service identities → privileged access (PAM) → periodic review

Federate apps to IdP; enforce MFA and conditional access
Least-privilege IAM roles; no long-lived access keys on humans
Break-glass accounts monitored and rare
Quarterly access reviews with evidence export

See
references/identity_access_engineering.md
for patterns and anti-patterns.

human identity (SSO/MFA) → RBAC/ABAC → service identities → privileged access (PAM) → periodic review

将应用联邦至IdP；强制启用MFA及条件访问
遵循最小权限原则配置IAM角色；禁止为人类分配长期访问密钥
应急账户需受监控且极少使用
每季度开展访问评审并导出证据

模式及反模式请参考
references/identity_access_engineering.md
。

3. Encryption and secrets

3. 加密与密钥管理

Layer	Typical implementation
Data at rest	KMS, volume encryption, TDE
Data in transit	TLS 1.2+, cert automation (ACME/internal CA)
Application secrets	Vault, cloud secret manager, rotation
Keys	CMK policies, separation of duties, audit logs

Never commit secrets; scan repos; rotate on incident.

See
references/encryption_secrets.md
for key lifecycle and TLS checklist.

层级	典型实现方式
静态数据	KMS、卷加密、TDE
传输中数据	TLS 1.2+、证书自动化（ACME/内部CA）
应用密钥	Vault、云密钥管理器、密钥轮换
密钥管理	CMK策略、职责分离、审计日志

禁止提交密钥至代码仓库；扫描代码仓库；发生事件时轮换密钥。

密钥生命周期及TLS检查清单请参考
references/encryption_secrets.md
。

4. Security tooling integration

4. 安全工具集成

Integration checklist:

Log/agent deployment coverage target (e.g., 95% endpoints)
Parser/normalization and field mapping
Correlation rules owned by detection team
SOAR playbooks for approved auto-actions only
Health monitoring on collectors and API quotas

See
references/security_tooling.md
for SIEM/EDR/SOAR integration notes.

集成检查清单：

日志/代理部署覆盖目标（例如：95%终端）
解析/标准化及字段映射
关联规则由检测团队负责
仅对已批准的自动操作配置SOAR剧本
监控采集器及API配额的健康状态

SIEM/EDR/SOAR集成说明请参考
references/security_tooling.md
。

5. Vulnerability remediation engineering

5. 漏洞修复工程

Work with app and platform teams:

Ingest findings (scanner, pentest, bug bounty)
Prioritize: exploitability × asset criticality × exposure
Assign owner and SLA by severity
Implement or review fix (patch, config, code)
Validate with rescan or analyst sign-off
Track exceptions with expiry

See
references/vulnerability_remediation.md
for SLA table and validation steps.

与应用及平台团队协作：

导入漏洞发现结果（扫描器、渗透测试、漏洞赏金）
优先级排序：可利用性 × 资产关键性 × 暴露程度
按严重程度分配负责人及SLA
实施或评审修复方案（补丁、配置、代码）
通过重扫或分析师签字确认验证修复效果
跟踪带过期时间的例外情况

SLA表格及验证步骤请参考
references/vulnerability_remediation.md
。

6. Change and release for security systems

6. 安全系统变更与发布

Security changes are production changes:

Peer review on IaC and policy PRs
Staged rollout (dev → stage → prod)
Rollback plan for IdP, WAF, or SIEM parser changes
Post-change validation within 24h

安全变更属于生产环境变更：

IaC及政策PR需经同行评审
分阶段发布（开发 → 预发布 → 生产）
针对IdP、WAF或SIEM解析器变更制定回滚计划
变更后24小时内完成验证

When to load references

何时参考文档

Baselines and guardrails →
```
references/control_hardening.md
```

SSO, IAM, PAM →

references/identity_access_engineering.md

KMS, TLS, secrets →
```
references/encryption_secrets.md
```
SIEM, EDR, SOAR →
```
references/security_tooling.md
```
Fix tracking and validation →
```
references/vulnerability_remediation.md
```

基线及防护规则 →
```
references/control_hardening.md
```

SSO、IAM、PAM →

references/identity_access_engineering.md

KMS、TLS、密钥 →
```
references/encryption_secrets.md
```
SIEM、EDR、SOAR →
```
references/security_tooling.md
```
修复跟踪及验证 →
```
references/vulnerability_remediation.md
```