IT security is of major concern to all organizations, and they're willing to pay to get top talent. Are you being paid what you are worth? Take a minute to check. Credit: Hans Braxmeier / MicrostockHub / Getty Images As organizations emerge from the COVID-19 pandemic, hiring is on the rebound—and that is especially true in the information security ranks where demand has outstripped supply for years. Despite the work-from-home push opening opportunities to hire beyond the usual geographical boundaries, many organizations continue to struggle to find these needed workers, which is putting pressure on salary and benefit offerings.“That [desire of employees to continue working from home] is doing some interesting things to salary and benefit offerings,” explains Peter Tsai, head of technology insights at Spiceworks, a professional network for IT pros based in Austin, TX. “You might now have a candidate coming from a very low-paying region suddenly competing against somebody in the local market, who is willing to take a much lower salary to do that job.”Whether you are looking for work, a raise, or a bigger challenge, the cybersecurity roles described below will help you decide where you want to go next with your career. Note: Titles for similar jobs vary from company to company, so use the descriptions to match up with the role that interests you.*Salary data for this article provided by GlassDoor. Information security analystAverage salary: $99,101 Salary range: $61k – $160kSecurity analysts typically deal with information protection (data loss protection [DLP] and data classification) and threat protection, which includes security information and event management (SIEM), user and entity behavior analytics [UEBA], intrusion detection system/intrusion prevention system (IDS/IPS), and penetration testing. Key duties include managing security measures and controls, monitoring security access, doing internal and external security audits, analyzing security breaches, recommending tools and processes, installing software, teaching security awareness, and coordinating security with outside vendors. You will probably need a bachelor’s degree in computer science or engineering to be considered for this position. Many people in this role have a master’s degree. Getting certified in Information Security Management, Cybersecurity Forensic Analysis, as a Certified Confidentiality Officer, or as a Certified Computer Crime Investigator will help.For more on the security analyst role, see:SOC analyst job description, salary, and certificationHow to write an information security analyst job descriptionWhat are the traits to become an excellent security analystTop 5 skills a SOC analyst needsInformation security specialistAverage salary: $96,586 Salary range: $59k – $157kAlso referred to as a computer security specialist, or cybersecurity specialist, the information security specialist role is much like that of a security analyst, but typically more limited in scope. You will spend your days monitoring, testing, and troubleshooting the security systems. Responsibilities unique to this role might include analyzing and defining security requirements for an organization’s systems, identifying which abnormal events should be reported as threats, designing security audits, and providing technical support to colleagues. You’ll need up-to-date programming and computer science knowledge. A BA would be helpful in proving you have that. Certifications are a great idea if you are trying to land this role. Consider a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Systems Administration and Network Security (SANS) certifications. Getting a Masters of Science in Cybersecurity would do you no harm.Security consultantAverage salary: $97,488 Salary range: $60k – $158k A security consultant is an experienced professional who works on a contract basis, typically specializing in one or more areas of cyber security. Some work independently, and many work as employees for consulting firms. A successful consultant needs top-notch skills, including general IT knowledge, but more importantly they must have the right mindset for the role. Consultants must be able to thrive in an environment where they move from project to project, and they need to be good communicators with their clients. The upper ceiling of a security consultant’s earnings can be quite high depending on reputation, skillset, and business acumen.You will likely need a bachelor’s degree in computer science, but other degrees are applicable. Certifications in skills that are of interest to you are a great idea. You can get a general certification for security analysts through the International Association of Professional Security Consultants.For more on the security consultant role, see:What it takes to be a security consultantInformation security engineerAverage salary: $105,927 Salary range: $74K – $152K Think of the information security engineer, also known as cybersecurity engineer or computer security engineer, as the builder and designer of security infrastructure. Key cybersecurity engineer responsibilities include developing information security plans and policies, devising incident response and recovery strategies, developing security tools, conducting periodic network scans, penetration testing, and leading incident response.Many employers insist you have a bachelor’s degree in engineering, computer engineering, or computer science for this position. Some might prefer a master’s degree. There are many certifications that will serve you here, including Certified Ethical Hacker, Certified Information Systems Security Professional (CISSP), and security related CIAC certifications. In some cases, work experience might serve as a replacement for any of these.For more on the security engineer role, see:How to write an IT security engineer job descriptionWhat it takes to become an IT security engineerInformation security managerAverage salary: $131,725 Salary range: $88K – $196KInformation security managers lead policy, training, and audit efforts across an organization. They might also review security implementations and software configurations to help ensure that data is safe. In the event of a breach they would lead forensic investigations and mitigation efforts. Security managers need good people and process management skills, as they work with other departments within the organization, particularly IT.You’ll need a bachelor’s degree relevant to information technology and significant work experience. Getting a CISM (Certified Information Security Manager) and CISSP (Certified Information Systems Security Professional) will help pave the way but there are many certifications that will be welcomed here.IT security architectAverage salary: $106,078 Salary range: $70K – $160KWhy is an IT security architect or information security architect so valued? They have elite security skills and they understand the business and the IT infrastructure. This allows them to effectively plan, analyze, design, configure, test, implement, maintain, and support an organization’s computer and network security infrastructure so that is responsive to changes in regulations and risk. The role requires good communications skills, too, as security architects must work with stakeholders across a wide range of groups within an organization.A bachelor’s degree in computer security or computer science is usually a requirement here, as is a minimum of five years relevant work experience. CISSP-ISSAP (Information Systems Security Architecture Professional) certification will help your chances.For more on the security architect role see:How to write an information security architect job descriptionWhat it takes to be a security architectInformation security directorAverage salary: $170,981 Range: $123K – $237KSecurity director roles exist in larger organizations and typically manage teams of security professionals. In smaller organizations, the director role might be the top security job. Directors need strong security skills, the ability to manage and mentor security staff, and a good understanding of the organizations in which they work. They need to know how the organization assesses risk so that they can allocate effort and resources accordingly.You’ll need a bachelor’s degree in a relevant discipline and plenty of IT experience.CISOAverage salary: $188,260 Salary range: $105K – $264KIn this this head-honcho role, the information and data security buck stops with you. In many organizations, the CISO and CSO titles are used interchangeably, and the CISO role is quite expansive. You’ll be responsible for setting security strategy and leading the team that protects your organization from cyber threats. The CISO role is more a business role than a technical role, and you’ll need to be able to communicate cyber risk to the C-suite and the board. A bachelor’s degree in computer science or a related field is typical for this role, at least 5 years in a management role, and familiarity with a host of security technology and practices, and knowledge of regulations that affect your industry and business.For more on the CISO role, see:How the CISO role is evolving5 key qualities of successful CISOs, and how to develop themCISO job search: What to look (and look out) for Related content news Multibillion-dollar cybersecurity training market fails to fix the supply-demand imbalance Despite money pouring into programs around the world, training organizations have not managed to ensure employment for professionals, while entry-level professionals are finding it hard to land a job By Samira Sarraf Oct 02, 2023 6 mins CSO and CISO CSO and CISO CSO and CISO news Royal family’s website suffers Russia-linked cyberattack Pro-Russian hacker group KillNet took responsibility for the attack days after King Charles condemned the invasion of Ukraine. By Michael Hill Oct 02, 2023 2 mins DDoS Cyberattacks feature 10 things you should know about navigating the dark web A lot can be found in the shadows of the internet from sensitive stolen data to attack tools for sale, the dark web is a trove of risks for enterprises. Here are a few things to know and navigate safely. By Rosalyn Page Oct 02, 2023 13 mins Cybercrime Security news ShadowSyndicate Cybercrime gang has used 7 ransomware families over the past year Researchers from Group-IB believe it's likely the group is an independent affiliate working for multiple ransomware-as-a-service operations By Lucian Constantin Oct 02, 2023 4 mins Hacker Groups Ransomware Cybercrime Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe