Inside the Trenches: Why Security Engineers are Fighting an Uphill Battle

I've been trying to see how it's going for security engineers out there and have found some interesting insights to share

Recently, I set out to understand what a day in the life of a security engineer really looks like, and the findings were pretty eye-opening. It’s a tough role: over 90% of security engineers report feeling burnt out, and 74% are dealing with some form of mental health issue.

Security engineers are at the frontline, protecting organizations from an ever-evolving wave of cyber threats. Their daily grind includes assessing risks, monitoring traffic, patching vulnerabilities, and staying ahead of attackers. It’s a role that requires constant vigilance, technical skill, and the ability to think on their feet—all of which make it both rewarding and incredibly exhausting.

Looking at numerous job postings, it’s clear these engineers are expected to wear many hats, often for less pay than comparable software engineering roles. Here’s a snapshot of the responsibilities often asked of security engineers:

• Policy Development: Crafting and enforcing security policies and protocols to meet compliance standards.

• Security Implementation: Designing and monitoring security measures for systems, networks, and data.

• Incident Response: Handling breaches, performing forensics, and taking steps to prevent future issues.

• System Monitoring: Keeping constant watch over networks for signs of intrusions.

• Vulnerability Assessment: Running assessments and penetration tests to identify security gaps.

• Collaboration: Working closely with IT and other departments to build security into every layer of operations.

• Training: Educating staff on security best practices to build a culture of awareness.

It’s no wonder burnout is rampant. Long hours, off-hours calls, and continuous high-stakes work are leading to widespread exhaustion and attrition, which only increases the load on those who remain.

Having built security products for over a decade, I think it’s clear that as an industry, we need to prioritize the day-to-day realities of security engineers in product design. They need tools that genuinely help, and it’s on us to make sure we’re doing all we can to support them where it counts.