7 highest-paying IT security jobs, 2018

IT security is of major concern to all organizations, and they're willing to pay to get top talent. Are you being paid what you are worth? Take a minute to check.

1 intro security salaries
Getty Images

Highest-paying IT security jobs

Research firms are projecting a shortage of between 1 and 3 million qualified cybersecurity professionals over the next few years. For cybersecurity professionals looking for a new job, then, it’s a seller’s market. “At the very highest levels, the right person can command over $400,000,” says Paul Smith, vice president of business development at PEAK Technical Staffing. “The law of supply and demand is completely in evidence. The commercial industries are stealing people out of the NSA and CIA like crazy because corporations are having such a problem with foreign espionage. The demand for people who understand these threats has skyrocketed.”

“In high demand markets, like the Bay Area, New York or LA, the salaries for these positions range from $160k to $198k,” agrees Scott Davidson, senior vice president at Modis. Even with these salaries, companies are having a hard time filling these roles. “Information Security is one of the most challenging skill sets to recruit,” says Davidson. “Demand is high and the skills are so specialized that finding them poses a major challenge for talent acquisition professionals.”

Whether you are looking for work, a raise, or a bigger challenge, the cybersecurity roles described in the following slides will help you decide where you want to go next with your career. Note: Titles for similar jobs vary from company to company, so use the descriptions to match up with the role that interests you.

1 information security specialist
Getty Images/IDG

1. Information security specialist

Median salary: $70,043
Salary range: $47,860 - $110,738 

Also referred to as an computer security specialist, this role is similar to that of a security analyst, but often more limited in scope. Responsibilities unique to this role might include analyzing and defining security requirements for an organization’s systems, identifying which abnormal should be reported as threats, designing security audits, and providing technical support to colleagues.

2 information security analyst
Getty Images/IDG

2. Information security analyst

Median salary: $70, 741
Salary range: $49,883 - $103,896 

Security analysts typically deal with information protection (data loss protection [DLP] and data classification) and threat protection, which includes security information and event management (SIEM), user and entity behavior analytics [UEBA], intrusion detection system/intrusion prevention system (IDS/IPS), and penetration testing. Key duties include managing security measures and controls, monitor security access, internal and external security audits, analyzing security breaches, recommending tools and processes, security awareness training, and coordinating security with outside vendors.

3 information security director
Getty Images/IDG

3. Information security director

Median salary: $77,333
Range: $44,276 - $145,576 

Security director roles exist in larger organizations and typically manage teams of security professionals. In smaller organizations, the director role might be the top security job. Directors need strong security skills, the ability to manage and mentor security staff, and a good understanding of the organizations in which they work. They need to know how the organization assesses risk so that they can allocate effort and resources accordingly.

4 security consultant
Getty Images/IDG

4. Security consultant

Median salary: $83,712
Salary range: $53,810 - $131,295 

A security consultant is an experienced professional who works on a contract basis, typically specializing in one or more areas of cyber security. Some work independently, and many work as employees for consulting firms. A successful consultant needs top-notch skills, including general IT knowledge, but more importantly they must have the right mindset for the role. Consultants must be able to thrive in an environment where they move from project to project, and they need to be good communicators with their clients. The upper ceiling of a security consultant’s earnings can be quite high depending on reputation, skillset, and business acumen.

5 information security engineer
Getty Images/IDG

5. Information security engineer

Median salary: $90,978
Salary range: $62,022 - $125,741

Think of the information security engineer, also known as an cyber security or computer security engineer, as the builder and designer of security infrastructure. Key cyber security engineer responsibilities include developing information security plans and policies, devising incident response and recovery strategies, developing open source or third-party tools, conducting periodic network scans, penetration testing, and leading incident response.

6 information security manager
Getty Images/IDG

6. Information security manager

Median salary: $108,375
Salary range: $73,004 - $142,555
Information security managers lead policy, training, and audit efforts across an organization. They might also review security implementations and software configurations to help ensure that data is safe. In the event of a breach they would lead forensic investigations and mitigation efforts. Security managers need good people and process management skills, as they work with other departments within the organization, particularly IT.

7 it security architect
Getty Images/IDG

7. IT security architect

Median salary: $120,529
Salary range: $84,010 - $155,113

Why is an IT security architect so valued? They have elite security skills and they understand the business and the IT infrastructure. This allows them to effectively plan, analyze, design, configure, test, implement, maintain and support an organization’s computer and network security infrastructure so that is responsive to changes in regulations and risk. The role requires good communications skills, too, as security architects must work with stakeholders across a wide range of groups within an organization.