security-engineeringlisted

# Security Engineering Comprehensive security engineering skill covering application security, infrastructure security, compliance, and incident response. ## When to Use This Skill - Designing security architecture - Implementing authentication and authorization - Conducting threat modeling - Security code review - Implementing compliance controls (SOC2, HIPAA, PCI-DSS) - Incident response planning - Security monitoring and alerting ## Security Architecture ### Defense in Depth Layer security controls at multiple levels: | Layer | Controls | |-------|----------| | Perimeter | Firewall, WAF, DDoS protection | | Network | Segmentation, IDS/IPS, VPN | | Host | Hardening, EDR, patch management | | Application | Input validation, secure coding, SAST/DAST | | Data | Encryption, access control, DLP | | Identity | MFA, SSO, privileged access management | ### Zero Trust Architecture **Core Principles:** 1. Never trust, always verify 2. Assume breach mentality 3. Least privilege access 4. Micro-segmentation 5. Continuous verification **Implementation:** - Identity-based access (not network-based) - Device health verification - Continuous authentication - Encrypted communications everywhere - Detailed logging and monitoring ## Authentication Patterns ### OAuth 2.0 / OIDC **Grant Types:** | Grant | Use Case | |-------|----------| | Authorization Code + PKCE | Web/mobile apps | | Client Credentials | Service-to-service | | Device Code | CLI tools, IoT | **Token Best Pract