W Code - Pattern-Based DSA Learning Platform

Bhanu Bisht

Dashboard RoadmapsCybersecurity Engineer

🛡️

Cybersecurity Engineer

Protect systems from threats — from SOC monitoring and pentesting to incident response and forensics.

Demand

High

India Salary

₹3.5L – ₹25L

Global Salary

$65K – $150K

Math

Low

Coding

Medium

Remote

★★★☆☆

What You Actually Do Daily

SOC Analyst: Monitor security alerts, triage incidents, investigate threats in real-time

Penetration Tester: Simulate attacks on systems to identify and report vulnerabilities

Blue Team: Implement defensive controls, harden systems, respond to incidents

Threat Hunter: Proactively search for undetected threats in logs and network traffic

Vulnerability management: scan, prioritize, track, and remediate CVEs across infrastructure

Write incident reports, compliance documentation, and security runbooks

Build and tune detection rules in SIEM tools (Splunk, Elastic SIEM, Sentinel)

Skills You Need

Networking: TCP/IP, DNS, HTTP/S, TLS — deep understanding is non-negotiable

Linux + Windows administration: file systems, registry, processes, event logs

SIEM: Splunk, Elastic SIEM, or Microsoft Sentinel — query languages (SPL, KQL)

Offensive tools: Metasploit, Burp Suite, Nmap, Nessus, SQLmap

Scripting: Python for automation; Bash for Linux-based tasks

OWASP Top 10: all 10 web vulnerabilities in depth

Malware analysis basics: static analysis and dynamic analysis

Tools & Technologies

Kali Linux

Penetration testing OS

Metasploit

Exploitation framework

Burp Suite Pro

Web application security testing

Splunk / Elastic SIEM

Log analysis and threat detection

Nmap + Nessus

Network and vulnerability scanning

Wireshark

Network packet analysis

Volatility

Memory forensics

CyberChef

Data encoding/decoding/analysis

Fundamentals (Non-Negotiable)

CIA Triad: Confidentiality, Integrity, Availability — must appear in every security explanation

MITRE ATT&CK framework: essential vocabulary for all SOC and blue team roles

PKI: certificates, certificate authorities, chain of trust, TLS handshake mechanics

OWASP vulnerabilities: SQLi, XSS, CSRF, SSRF, path traversal, IDOR, broken auth

Incident response phases: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned

Learning Roadmap

0–3 Months— Foundations

▸

Set up Kali Linux in VirtualBox; complete TryHackMe Pre-Security Path (free)

▸

Networking deep-dive: CCNA or Professor Messer N+ video series

▸

OWASP Juice Shop in Docker: solve all 10 vulnerability categories hands-on

▸

CompTIA Security+ study: broad security fundamentals coverage

3–6 Months— Offensive + Defensive

▸

TryHackMe: complete SOC Level 1 Path + Junior Pentester Path

▸

Hack The Box: solve 10 Easy-rated machines; document solutions as write-ups

▸

Splunk Free: ingest logs from your home lab, build 5 working detection rules

▸

Python: write a port scanner, log parser, and file hash checker from scratch

6–12 Months— Real Practice

▸

Bug Bounty: register on HackerOne and Bugcrowd; attempt real programs (fully legal)

▸

CEH exam preparation OR start OSCP study (OSCP = gold standard for pentest)

▸

Build a detection lab: Active Directory + Windows Event Logs + Splunk SIEM

▸

Apply for SOC Tier 1 or Junior Pentester roles at MSSP companies

1–2 Years— Specialization

▸

OSCP: obtain this certification — most respected offensive security credential globally

▸

Specialize: Cloud Security, Red Team, DFIR, or Application Security

▸

CTF competitions: top rankings on HTB or CTFtime.org are direct portfolio proof

▸

Government track: CERT-In, NIC, Indian defense sector value certifications

Salary Breakdown

Level	India	Global	Note
Entry SOC / 0–1 yr	₹3.5L – ₹7L	$40K – $65K	SOC Tier 1 or junior pentester
Mid-level / 2–4 yr	₹7L – ₹18L	$65K – $110K	CEH/OSCP certified + experience
Senior / OSCP+	₹18L – ₹25L	$110K – $150K	Red team lead or security architect

Portfolio Projects

AD Attack Lab

Advanced

Full attack chain + SIEM detection

Active DirectoryBloodHoundSplunk

Web App Pentest Report

Intermediate

Professional vulnerability write-up

Burp SuiteOWASPMarkdown

SIEM Detection Rules

Intermediate

20 MITRE ATT&CK technique detections

SplunkElasticSigma

Malware Analysis Report

Advanced

Static + dynamic analysis of a sample

Any.runGhidraVolatility

Certifications

CompTIA Security+

CompTIA · Paid (~$380)

Globally recognized baseline credential

CEH

EC-Council · Paid (~$1,199)

Good recognition in India market

OSCP

OffSec · Paid (~₹85,000)

Gold standard for pentesting globally

Splunk Core Certified User

Splunk · Free study

Industry-valued SIEM skill proof

Remote Work Viability

★★★☆☆3/5 Remote Friendliness

Moderate-High remote potential. SOC roles often hybrid; red team and application security can be fully remote. Bug bounty programs are entirely remote and location-independent.

LinkedInWellfoundHackerOne (Bug Bounty)

Freelancing Potential

$5K – $50K/yr (bug bounty)

High if certified. Bug bounty is the best freelance path. Top Indian bug hunters earn significantly from public programs. Freelance pentesting requires proper legal agreements.

HackerOneBugcrowd

Common Mistakes to Avoid

Skipping networking and jumping straight to exploitation tools — script kiddie with no depth

Attempting OSCP without solid Linux and networking preparation (expensive failure)

No public portfolio — cybersecurity is trust-based; proof of skills must be visible

5-Year Outlook

Chronic global shortage of security professionals. India has growing CERT-In compliance mandates driving demand. AI-powered attacks exponentially increasing the threat surface. 5-year outlook: excellent.