Why a Heavily Regulated Industry Is Great for Your Software Engineering Career

The word “regulation” might scare software engineers who imagine their sleek, elegant products getting bogged down in red tape. But our expert says that image isn’t necessarily true.

Written by Reshma Khilnani
Published on May. 21, 2024
Why a Heavily Regulated Industry Is Great for Your Software Engineering Career
Image: Shutterstock / Built In
Brand Studio Logo

The old saying, Where there’s muck, there’s brass, means messy jobs often conceal golden opportunities. For software engineers, muck can refer to the technical complexity of developing software in regulated industries such as healthcare, fintech, aerospace and logistics

Engineering in a regulated space can seem undesirable due to seemingly arbitrary complexity, especially for those who entered the field for its elegance and minimalism. Those willing to navigate these complexities often find great professional opportunities, however, including leadership roles and high-impact projects.

If this interests you, here are three essential skills for engineers looking at entering regulated industries.

3 Skills Engineers Need to Work in Regulated Industries

  1. Enthusiasm for test-driven development. 
  2. Ability to work cross-functionally.
  3. Familiarity with practices common to regulated industries.

More in Software Engineering PerspectivesHow to Build Safer and More Reliable Software


1. Enthusiasm for Test-Driven Development

Regulated industries benefit disproportionately from test-driven development, as it helps demonstrate to stakeholders that the team is managing processes and changes correctly. In such industries, the frequent testing of necessary scenarios eases compliance checks. 

For example, when developing an application that acts as a health record, you’ll need to demonstrate again and again that writes, views and edits for all clinical data are logged in a tamper-resistant manner.  Having test cases and the corresponding report that demonstrates that this scenario is supported will come in handy for the many audits and attestations required to certify and comply with regulations.

Some sectors even provide test harnesses, such as Inferno for certifying electronic health records, to aid in compliance. Understanding the specifics of audits or tests within these industries is critical for engineers.

Overall, developing testable applications and embracing test-driven development will enhance your ability to deliver projects and make you an attractive candidate for opportunities as an engineer in regulated industries.


2. Ability to Work Cross-Functionally

Effective collaboration across different functional areas — such as legal, compliance, and finance — is crucial in regulated industries. Implementation projects often involve roles such as regulatory affairs, legal counsel and consultants. Engineers must be adept at explaining their methods of meeting requirements and solving problems with clear illustrations.

For example, many regulated industries require that data be classified, with different data types having different protection requirements. Being able to clearly explain to the cross-functional team how the classification works to create buy-in from every department is a requirement for tech leads on these projects. 

Though this might sound absurdly tactical, the tools of everyday engineering are often very useful to cross-functional teams in regulated spaces.  When the head of compliance asks for specific, jargon-filled workflows like “change approvals” or “requirements gathering,” look to the workflows you already do, like code review and bug triage, as a potential way to meet these requirements.

Change approvals, for example, can map directly to code reviews. In some regulated environments, a colleague who does not have the same manager as the commit author must approve a code review to satisfy change approval requirements. This is an example of a compliance workflow piggybacking on an everyday developer workflow.

Additionally, engineers don’t always have experience managing vendors, budgets and cost estimates for projects in regulated industries. Exposure here, in a lead or supporting role, can aid significantly in later career growth. Plus, obtaining regulatory clearances or certifications often enhances visibility within leadership teams.

Ability to work cross-functionally, particularly with legal, compliance and finance teams, will increase the effectiveness of an engineer in delivering projects in regulated spaces. Such projects have the added benefit of increased visibility and impact.


3. Familiarity With Practices Common to Regulated Industries

Despite varying widely from a functional perspective, regulated industries share many engineering practices with each other. For example, logging, role-based access, change management and authentication are critical components of many compliance frameworks and can be very similar, or even identical, across healthcare and fintech roles. Familiarity and experience with implementing these features and processes are reusable, marketable skills for an engineer.

As for best practices, modern techniques like infrastructure as code and using source control to track complex configurations helps ensure correct settings, which are crucial for compliance. These processes are often scrutinized during reviews and audits, and their effective use can be a superpower.

For example, role based access control is a common requirement in many regulated systems. Teams that use setup tools that provision accounts with the appropriate permissions spend less time maintaining their compliance and have an easier time during audit.

Learning to use compliance tools like Vanta or SecureFrame is illustrative, as it reveals common controls across industries. For example, the same configuration you use to preserve log files in SOC 2, Type II compliance can serve you identically for when you need to certify HIPAA. This is a clear case where an engineer can learn a skill once and then reuse it across projects and different regulated industries.

A thorough understanding of authentication and how to implement various types of authentication systems, such as using identity providers like Okta, is also highly beneficial.  Use of identity providers (IDP) is common across many regulated industries.

Be a Better EngineerUnpatched Software Is a Huge Cybersecurity Risk. Here’s How to Address It.


Don’t Let Regulation Scare You

Navigating the muck of application development in regulated industries requires building key skills and embracing new experiences. These efforts not only enhance your value to companies and visibility company-wide as an engineer, but also pave the way to significant opportunities, allowing you to find the muck under the brass.

Hiring Now
Capital One
Fintech • Machine Learning • Payments • Software • Financial Services