Cybersecurity salaries: What 8 top security jobs pay

IT security is of major concern to all organizations, and they're willing to pay to get top talent. Are you being paid what you are worth? Take a minute to check.

As organizations emerge from the COVID-19 pandemic, hiring is on the rebound—and that is especially true in the information security ranks where demand has outstripped supply for years.  Despite the work-from-home push opening opportunities to hire beyond the usual geographical boundaries, many organizations continue to struggle to find these needed workers, which is putting pressure on salary and benefit offerings.

“That [desire of employees to continue working from home] is doing some interesting things to salary and benefit offerings,” explains Peter Tsai, head of technology insights at Spiceworks, a professional network for IT pros based in Austin, TX. “You might now have a candidate coming from a very low-paying region suddenly competing against somebody in the local market, who is willing to take a much lower salary to do that job.”

Whether you are looking for work, a raise, or a bigger challenge, the cybersecurity roles described below will help you decide where you want to go next with your career. Note: Titles for similar jobs vary from company to company, so use the descriptions to match up with the role that interests you.

*Salary data for this article provided by GlassDoor.

Information security analyst

Average salary: $99,101
Salary range: $61k - $160k

Security analysts typically deal with information protection (data loss protection [DLP] and data classification) and threat protection, which includes security information and event management (SIEM), user and entity behavior analytics [UEBA], intrusion detection system/intrusion prevention system (IDS/IPS), and penetration testing. Key duties include managing security measures and controls, monitoring security access, doing internal and external security audits, analyzing security breaches, recommending tools and processes, installing software, teaching security awareness, and coordinating security with outside vendors.

You will probably need a bachelor’s degree in computer science or engineering to be considered for this position. Many people in this role have a master’s degree. Getting certified in Information Security Management, Cybersecurity Forensic Analysis, as a Certified Confidentiality Officer, or as a Certified Computer Crime Investigator will help.

For more on the security analyst role, see:

Information security specialist

Average salary: $96,586
Salary range: $59k - $157k

Also referred to as a computer security specialist, or cybersecurity specialist, the information security specialist role is much like that of a security analyst, but typically more limited in scope. You will spend your days monitoring, testing, and troubleshooting the security systems. Responsibilities unique to this role might include analyzing and defining security requirements for an organization’s systems, identifying which abnormal events should be reported as threats, designing security audits, and providing technical support to colleagues.  

You’ll need up-to-date programming and computer science knowledge. A BA would be helpful in proving you have that. Certifications are a great idea if you are trying to land this role. Consider a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Systems Administration and Network Security (SANS) certifications. Getting a Masters of Science in Cybersecurity would do you no harm.

Security consultant

Average salary: $97,488
Salary range: $60k - $158k

A security consultant is an experienced professional who works on a contract basis, typically specializing in one or more areas of cyber security. Some work independently, and many work as employees for consulting firms. A successful consultant needs top-notch skills, including general IT knowledge, but more importantly they must have the right mindset for the role. Consultants must be able to thrive in an environment where they move from project to project, and they need to be good communicators with their clients. The upper ceiling of a security consultant’s earnings can be quite high depending on reputation, skillset, and business acumen.

You will likely need a bachelor’s degree in computer science, but other degrees are applicable. Certifications in skills that are of interest to you are a great idea. You can get a general certification for security analysts through the International Association of Professional Security Consultants.

For more on the security consultant role, see:

Information security engineer

Average salary: $105,927
Salary range: $74K - $152K

Think of the information security engineer, also known as cybersecurity engineer or computer security engineer, as the builder and designer of security infrastructure. Key cybersecurity engineer responsibilities include developing information security plans and policies, devising incident response and recovery strategies, developing security tools, conducting periodic network scans, penetration testing, and leading incident response.

Many employers insist you have a bachelor’s degree in engineering, computer engineering, or computer science for this position. Some might prefer a master’s degree. There are many certifications that will serve you here, including Certified Ethical Hacker, Certified Information Systems Security Professional (CISSP), and security related CIAC certifications. In some cases, work experience might serve as a replacement for any of these.

For more on the security engineer role, see:

Information security manager

Average salary: $131,725
Salary range: $88K - $196K

Information security managers lead policy, training, and audit efforts across an organization. They might also review security implementations and software configurations to help ensure that data is safe. In the event of a breach they would lead forensic investigations and mitigation efforts. Security managers need good people and process management skills, as they work with other departments within the organization, particularly IT.

You’ll need a bachelor’s degree relevant to information technology and significant work experience. Getting a CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional) will help pave the way but there are many certifications that will be welcomed here.

IT security architect

Average salary: $106,078
Salary range: $70K - $160K

Why is an IT security architect or information security architect so valued? They have elite security skills and they understand the business and the IT infrastructure. This allows them to effectively plan, analyze, design, configure, test, implement, maintain, and support an organization’s computer and network security infrastructure so that is responsive to changes in regulations and risk. The role requires good communications skills, too, as security architects must work with stakeholders across a wide range of groups within an organization.

A bachelor’s degree in computer security or computer science is usually a requirement here, as is a minimum of five years relevant work experience. CISSP-ISSAP (Information Systems Security Architecture Professional) certification will help your chances.

For more on the security architect role see:

Information security director

Average salary: $170,981
Range: $123K - $237K

Security director roles exist in larger organizations and typically manage teams of security professionals. In smaller organizations, the director role might be the top security job. Directors need strong security skills, the ability to manage and mentor security staff, and a good understanding of the organizations in which they work. They need to know how the organization assesses risk so that they can allocate effort and resources accordingly.

You’ll need a bachelor’s degree in a relevant discipline and plenty of IT experience.

CISO

Average salary: $188,260
Salary range: $105K - $264K

In this this head-honcho role, the information and data security buck stops with you. In many organizations, the CISO and CSO titles are used interchangeably, and the CISO role is quite expansive. You'll be responsible for setting security strategy and leading the team that protects your organization from cyber threats. The CISO role is more a business role than a technical role, and you'll need to be able to communicate cyber risk to the C-suite and the board.   

A bachelor's degree in computer science or a related field is typical for this role, at least 5 years in a management role, and familiarity with a host of security technology and practices, and knowledge of regulations that affect your industry and business.

For more on the CISO role, see:

Copyright © 2021 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline