I have been working as SRE for about 6 years.<p>Being SRE also means you have to be mindful of good security practices.
As an SRE, I’ve built a number of internal tools to monitor resources and permissions on cloud.
Also I have been involved with security incident response as part of my role.<p>I have always been fascinated with offensive security dipping my toe in CTFs in my spare time.
But I would consider myself as very average developer and absolute beginner when it comes to offensive security.<p>The security team at my company is relatively new and they are desperately looking for a security engineer with SRE experience as we are looking to integrate third party security solutions into our environment.<p>I've heard good prospect for security engineers in general.
Would this be a good career move?
Are security engineers valued as much as SRE?<p>I’ve heard a counter argument that security team is a cost center and does not add value to the business.
From that aspect, SRE also acts as a foundation for other product teams to build their solution on.<p>Any advice would be greatly appreciated.
The skills you have don’t evaporate if you switch focus. It’s all code. Try security if you have the opportunity. Don’t over analyze. Programming is an even bigger cost center for most companies.<p>Anecdotally the security experts I know make more than programmers and seem to have their pick of jobs.