8 hot IT security jobs and what they pay

IT security is of major concern to all organizations, and they're willing to pay to get top talent. Are you being paid what you are worth? Take a minute to check.

Research firms are projecting a shortage of between 1 and 3 million qualified cybersecurity professionals over the next few years. For cybersecurity professionals looking for a new job, then, it’s a seller’s market. “At the very highest levels, the right person can command over $400,000,” says Paul Smith, vice president of business development at PEAK Technical Staffing. “The law of supply and demand is completely in evidence. The commercial industries are stealing people out of the NSA and CIA like crazy because corporations are having such a problem with foreign espionage. The demand for people who understand these threats has skyrocketed.”

“In high demand markets, like the Bay Area, New York or LA, the salaries for these positions range from $160k to $198k,” agrees Scott Davidson, senior vice president at Modis. Even with these salaries, companies are having a hard time filling these roles. “Information Security is one of the most challenging skill sets to recruit,” says Davidson. “Demand is high and the skills are so specialized that finding them poses a major challenge for talent acquisition professionals.”

Whether you are looking for work, a raise, or a bigger challenge, the cybersecurity roles described below will help you decide where you want to go next with your career. Note: Titles for similar jobs vary from company to company, so use the descriptions to match up with the role that interests you.

*Salary data for this article provided by PayScale.

Information security analyst

Median salary: $71,067
Salary range:
$65,400 - $99,600

Security analysts typically deal with information protection (data loss protection [DLP] and data classification) and threat protection, which includes security information and event management (SIEM), user and entity behavior analytics [UEBA], intrusion detection system/intrusion prevention system (IDS/IPS), and penetration testing. Key duties include managing security measures and controls, monitoring security access, doing internal and external security audits, analyzing security breaches, recommending tools and processes, installing software, teaching security awareness, and coordinating security with outside vendors.

You will probably need a bachelor’s degree in computer science or engineering to be considered for this position. Many people in this role have a master’s degree. Getting certified in Information Security Management, Cybersecurity Forensic Analysis, as a Certified Confidentiality Officer, or as a Certified Computer Crime Investigator will help.

Information security specialist

Median salary: $75,263
Salary range:
$63,500 - $97,300 

Also referred to as a computer security specialist, the Information security specialist role is much like that of a security analyst, but typically more limited in scope. You will spend your days monitoring, testing, and troubleshooting the security systems. Responsibilities unique to this role might include analyzing and defining security requirements for an organization’s systems, identifying which abnormal events should be reported as threats, designing security audits, and providing technical support to colleagues.  

You’ll need up-to-date programming and computer science knowledge. A BA would be helpful in proving you have that. Certifications are a great idea if you are trying to land this role. Consider a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Systems Administration and Network Security (SANS) certifications. Getting a Master’s of Science in Cybersecurity would do you no harm.

Security consultant

Median salary: $84,778
Salary range:
$73,700 - $124,000

A security consultant is an experienced professional who works on a contract basis, typically specializing in one or more areas of cyber security. Some work independently, and many work as employees for consulting firms. A successful consultant needs top-notch skills, including general IT knowledge, but more importantly they must have the right mindset for the role. Consultants must be able to thrive in an environment where they move from project to project, and they need to be good communicators with their clients. The upper ceiling of a security consultant’s earnings can be quite high depending on reputation, skillset, and business acumen.

You will likely need a bachelor’s degree in computer science, but other degrees are applicable. Certifications – in skills that are of interest to you -- are a great idea. You can get a general certification for security analysts through the International Association of Professional Security Consultants.

Information security engineer

Median salary: $95,021
Salary range:
$80,700 - $120,000

Think of the information security engineer, also known as an cyber security or computer security engineer, as the builder and designer of security infrastructure. Key cyber security engineer responsibilities include developing information security plans and policies, devising incident response and recovery strategies, developing open source or third-party tools, conducting periodic network scans, penetration testing, and leading incident response.

Many employers insist you have a bachelor’s degree in engineering, computer engineering, or computer science for this position. Some might prefer a master’s degree. There are many certifications that will serve you here, including Certified Ethical Hacker, Certified Information Systems Security Professional (CISSP), and security related CIAC certifications. In some cases, work experience might serve as a replacement for any of these.

Information security manager

Median salary: $112,627
Salary range:
$93,000 - $126,000

Information security managers lead policy, training, and audit efforts across an organization. They might also review security implementations and software configurations to help ensure that data is safe. In the event of a breach they would lead forensic investigations and mitigation efforts. Security managers need good people and process management skills, as they work with other departments within the organization, particularly IT.

You’ll need a bachelor’s degree relevant to information technology and significant work experience. Getting a CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional) will help pave the way but there are many certifications that will be welcomed here.

IT security architect

Median salary: $122,272
Salary range:
$97,100 - $139,000

Why is an IT security architect so valued? They have elite security skills and they understand the business and the IT infrastructure. This allows them to effectively plan, analyze, design, configure, test, implement, maintain and support an organization’s computer and network security infrastructure so that is responsive to changes in regulations and risk. The role requires good communications skills, too, as security architects must work with stakeholders across a wide range of groups within an organization.

A bachelor’s degree in computer security or computer science is usually a requirement here, as is a minimum of five years relevant work experience. CISSP and CSSA certifications will help your chances.

Information security director

Median salary: $142,088
$93,000 - $197,000

Security director roles exist in larger organizations and typically manage teams of security professionals. In smaller organizations, the director role might be the top security job. Directors need strong security skills, the ability to manage and mentor security staff, and a good understanding of the organizations in which they work. They need to know how the organization assesses risk so that they can allocate effort and resources accordingly.

You’ll need a bachelor’s degree in a relevant discipline and plenty of IT experience.


Median salary: $158,939
Salary range:
$140,000 - $~300,000

In this this head-honcho role, the information and data security buck stops with you. In many organizations, the CISO and CSO titles are used interchangeably, and the CISO role is quite expansive. You'll be responsible for setting security strategy and leading the team that protects your organization from cyber threats. The CISO role is more a business role than a technical role, and you'll need to be able to communicate cyber risk to the C-suite and the board.   

A bachelor's degree in computer science or a related field is typical for this role, at least 5 years in a management role, and familiarity with a host of security technology and practices, and knowledge of regulations that affect your industry and business.


Copyright © 2019 IDG Communications, Inc.

21 best free security tools to make your job easier