Security Engineer Resume Example & Template (2026)

The U.S. Bureau of Labor Statistics projects information security analyst employment will grow 29% from 2024 to 2034 — roughly seven times faster than the average for all occupations — generating about 16,000 new openings every year. The median annual wage for the role sits at $124,910 according to BLS data. That combination of explosive demand and strong pay means Security Engineer postings draw large applicant pools, and most employers use ATS filters that screen out resumes before any human sees them.

Passing those filters — and then convincing a hiring manager you can own real security outcomes — requires more than listing certifications. This page gives you a fully written sample resume, a section-by-section breakdown of every decision, concrete ATS keyword guidance, and the five mistakes that eliminate otherwise strong candidates.

Full Sample Resume

Marcus Rivera Austin, TX · m.rivera@email.com · linkedin.com/in/marcusrivera-sec · github.com/mrivera-sec

Summary

Security Engineer with 6 years designing, deploying, and running enterprise security programs across fintech and SaaS environments. Reduced mean time to detect (MTTD) from 4.2 hours to 38 minutes at Vantage Financial by rebuilding the SIEM detection layer in Splunk and integrating a CrowdStrike Falcon EDR pipeline. Holds CISSP and AWS Security Specialty certifications. Experienced across cloud security (AWS, Azure), vulnerability management, incident response, and SOAR automation. Looking for a senior Security Engineer role where reducing attacker dwell time and building durable detection infrastructure are the primary measures of success.

Experience

Senior Security Engineer — Vantage Financial, Austin, TX January 2022 – Present

• Rebuilt the Splunk SIEM detection layer from 14 legacy correlation rules to 87 tuned, MITRE ATT&CK-mapped detections; reduced false-positive alert volume by 62% while cutting mean time to detect (MTTD) from 4.2 hours to 38 minutes across all Tier 1–2 incidents.
• Led deployment of CrowdStrike Falcon EDR across 3,400 endpoints on a 90-day timeline; integrated telemetry into Splunk via the Falcon Data Replicator and wrote 12 SOAR playbooks in Palo Alto XSOAR that automated initial triage for 70% of phishing and malware alerts, saving the SOC approximately 14 analyst-hours per week.
• Designed and executed a quarterly internal penetration testing program using Burp Suite Professional and Metasploit; identified and remediated 9 critical application-layer vulnerabilities in a payments API before they could be reached by external threat actors.
• Partnered with the cloud infrastructure team to implement AWS Security Hub with CIS Benchmark controls across 4 production accounts; resolved 340 high/critical findings in the first 60 days and established a continuous compliance posture tracked via a custom CloudWatch dashboard.

Security Engineer — Cortex Systems, Denver, CO August 2019 – December 2021

• Managed enterprise vulnerability management program using Tenable Nessus across 1,200 servers and 600 workstations; reduced critical-severity open vulnerabilities by 78% over 12 months by implementing risk-tiered SLAs and automated ticketing through Jira.
• Designed a Zero Trust network segmentation model for a multi-tenant SaaS platform; configured Palo Alto NGFW micro-segmentation policies that limited lateral movement paths between 22 application tiers, reducing the blast radius of a simulated breach in a tabletop exercise by 91%.
• Automated cloud misconfiguration detection across AWS and Azure using custom Python scripts and native APIs; script set ran nightly and generated remediation tickets for 18 recurring misconfiguration patterns, reducing manual audit time by 8 hours per week.

Information Security Analyst — Greenfield Data Corp, Dallas, TX June 2018 – July 2019

• Monitored and triaged security alerts in IBM QRadar SIEM for a 500-seat organization; documented and closed 400+ low-severity incidents while escalating 11 confirmed intrusion attempts to senior staff and external IR retainer.
• Supported annual SOC 2 Type II audit by collecting evidence for 60+ controls across access management, encryption, and change control domains, contributing to a successful audit with zero exceptions on access-control criteria.

Skills

SIEM & Detection: Splunk (SPL, dashboards, ES), Microsoft Sentinel (KQL), IBM QRadar EDR / XDR: CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint SOAR: Palo Alto XSOAR, Splunk SOAR (Phantom) Vulnerability Management: Tenable Nessus, Qualys VMDR, Rapid7 InsightVM Cloud Security: AWS Security Hub, AWS IAM, Azure Defender, GCP Security Command Center Penetration Testing: Burp Suite Professional, Metasploit Framework, Nmap, Wireshark Frameworks & Standards: MITRE ATT&CK, NIST CSF, CIS Benchmarks, ISO 27001, SOC 2 Network Security: Palo Alto NGFW, Cisco ASA, IDS/IPS, VPN, Zero Trust Architecture IAM: Active Directory, Azure AD / Entra ID, Okta, RBAC, MFA Scripting & Automation: Python (requests, boto3, paramiko), Bash, PowerShell

Certifications

• CISSP — (ISC)², issued 2022
• AWS Certified Security – Specialty, issued 2023
• CompTIA Security+, issued 2018

Education

B.S. Computer Science — University of Texas at Austin Graduated May 2018 · GPA 3.6

Why This Resume Works: Section-by-Section Breakdown

Summary

The summary leads with a specific outcome — MTTD reduced from 4.2 hours to 38 minutes — before stating the tools or job title. This immediately signals to a hiring manager that the candidate thinks in defender metrics, not just in tool names. It also names two certifications (CISSP and AWS Security Specialty) because those are credential requirements in a large share of mid-to-senior security postings and ATS systems filter on them explicitly.

One important structural note: the summary does not use the word “experienced” as a standalone claim. Every adjective is paired with evidence. “Experienced across cloud security” is followed immediately by the specific platforms. Security hiring managers are trained to recognize credential-washing in summaries; grounding every claim in a tangible reduces that skepticism fast.

Experience Bullets

Each bullet follows the same architecture: action → method → quantified outcome. This structure is deliberate. A bullet that reads “Managed vulnerability management program using Nessus” tells a reader nothing about impact. Adding “reduced critical-severity open vulnerabilities by 78% over 12 months” transforms it into evidence of program ownership.

Notice that the most senior role (Vantage Financial) carries four bullets while the most junior role (Greenfield) carries only two. This weighting reflects how reviewers read a resume — they spend the most time on current and recent experience. Older roles exist to show trajectory, not to compete with recent work for space.

The bullets deliberately name both the product and the category: “Splunk SIEM,” “CrowdStrike Falcon EDR,” “Palo Alto XSOAR (SOAR).” This doubles ATS surface area and also teaches a non-technical recruiter what each tool actually does, which matters when the first screener is not a security practitioner.

Skills Section

The Skills section is organized by functional category, not alphabetically. This serves two audiences. For ATS parsers, every major keyword cluster appears in a dense, predictable block. For human reviewers doing a 10-second scan, they can immediately locate “what tools does this person know for cloud security” without reading every line.

Product names appear alongside category labels throughout — “Tenable Nessus, Qualys VMDR, Rapid7 InsightVM” sit under “Vulnerability Management” rather than floating as isolated product names. This approach covers both the recruiter who searches for “Nessus” and the one who searches for “vulnerability management.”

Certifications and Education

CISSP appears first because it functions as a hard requirement filter in a large portion of senior security postings. Certifications are listed with issuing body and year — not just the initialism — because ATS systems and manual reviewers both need the full credential name to match.

Education is brief and clean. For a 6-year security professional, a bachelor’s degree is table stakes; the certifications and the experience carry far more weight. GPA is included here only because it was strong (3.6+) and recent enough to matter in context. For a candidate 5+ years out, dropping GPA entirely is fine.

ATS Keyword Guidance for Security Engineer Roles

Security Engineer job descriptions tend to cluster keywords into four groups. Your resume needs representation in all four to pass broad-spectrum ATS filters.

Detection and response tools: SIEM is the single most-screened term. Write both the category (“SIEM”) and the specific product (“Splunk,” “Microsoft Sentinel”) in your Skills section and at least once each in experience bullets. The same logic applies to EDR — list both “EDR/XDR” and the specific tool (CrowdStrike Falcon, SentinelOne).

Frameworks and standards: MITRE ATT&CK, NIST CSF, and CIS Benchmarks appear in the majority of mid-to-senior security JDs. ISO 27001 is dominant in enterprise and fintech. SOC 2 appears heavily in SaaS company postings. Match the frameworks to the company’s industry vertical when tailoring.

Cloud security specifics: Generic “cloud security” is no longer sufficient. Name the actual cloud platform controls: AWS Security Hub, Azure Defender (now Microsoft Defender for Cloud), GCP Security Command Center. Cloud security roles specifically filter on the certification too — AWS Security Specialty or Google Professional Cloud Security Engineer carry significant weight.

Incident response vocabulary: “Incident response,” “threat hunting,” “mean time to detect (MTTD),” “mean time to respond (MTTR),” and “tabletop exercise” are all screened terms. Write out “mean time to detect (MTTD)” at least once in full — ATS systems match on the phrase, not just the acronym.

Certifications as keywords: CISSP, CEH, OSCP, CompTIA Security+, and CISM are indexed as keywords by most enterprise ATS systems. List them both as their full names and initialisms in the Certifications section: “Certified Information Systems Security Professional (CISSP).“

5 Common Security Engineer Resume Mistakes

1. Listing tools without outcomes

“Managed Splunk SIEM” means nothing to a hiring manager who has seen 200 resumes that say the same thing. The question every bullet must answer is: what changed because you ran that tool? Detection coverage went up? False positives went down? Dwell time shrank? Quantify the movement, not just the activity.

2. Burying certifications

CISSP and AWS Security Specialty are hard filters in a large fraction of senior security postings. If you hold them, they belong in the summary (where ATS parsers read first) and in a dedicated Certifications section. A candidate who lists CISSP only in a dense experience paragraph risks having the ATS miss it entirely.

3. Using generic security language instead of specific framework names

Writing “followed industry best practices” instead of “NIST CSF” or “MITRE ATT&CK” is a missed keyword and a missed credibility signal. Recruiters and ATS systems both expect the framework name. If you mapped detections to ATT&CK, say so explicitly; if you built a compliance program against CIS Benchmarks, name the benchmark.

4. Ignoring cloud security entirely

As of 2026, fewer than 20% of open Security Engineer roles are purely on-premises. A resume with no mention of AWS, Azure, or GCP security controls will screen out of cloud-heavy postings automatically. If your experience includes any cloud work — even IAM configuration or S3 bucket policy reviews — surface it explicitly with the platform name.

5. Writing a summary that describes what you want instead of what you deliver

“Seeking a challenging security role where I can grow my skills” is about the candidate’s needs, not the employer’s. A recruiter reading that summary learns nothing about your impact. Replace it with a three-sentence model: your years of experience and the environment type, one concrete metric, and the specific role type you’re targeting. Every word should be evidence or signal, not aspiration.

Security Engineer roles are among the most competitive in the tech labor market precisely because the BLS-projected 29% growth rate is attracting a flood of career-changers alongside experienced practitioners. The resumes that advance are the ones that treat security as a measurable discipline — MTTD improved, attack surface reduced, compliance posture scored — rather than a list of acronyms. Build your bullets around defender metrics, surface every relevant tool and framework with its full name, and let the certifications do their job as keyword anchors.