Top 10 highest-paying jobs in information security
It's a good time to be in the information security field. Not only are the jobs plentiful, but the shortage of talent to fill those jobs motivates employers to offer top salaries to candidates.
The pay varies widely based on variables like geographic location and sector. However, Infosecurity Magazine estimates that infosec salaries will grow 7 percent overall this year, which is more than double the increase across all sectors in the United States.
Below are some of the highest-paying jobs in information security.
Please note: Median or average salary estimates were calculated as the average of different salaries found from multiple sources.
What should you learn next?
Penetration tester ($71,660 median)
Also known as an ethical hacker, a penetration tester probes information systems and networks to find and exploit security vulnerabilities. Although some of the other security practitioners (like engineers) may also perform this as part of their job, organizations are increasingly hiring penetration testers whose job is to do nothing else but assess weaknesses and holes that the not-so-ethical hackers could exploit.
TechRepublic identified penetration testing as one of the top three most-in-demand cybersecurity jobs in 2017. Not surprising, considering that ransomware has become such a big problem across all industries.
Security consultant ($84,000 median)
Consultants are outside experts who may be hired for a broad range of needs by organizations of all sizes. Smaller organizations that don't need or don't have resources for a full-time, in-house security expert may hire an independent consultant to fill that role. Larger companies also hire consultants to provide specialized outside expertise and augment the work of their in-house security team.
Managed security services providers (MSSPs) also have experts on staff who can serve as consultants to their clients — and companies that can't fill in-house jobs because of the severe shortage of cybersecurity talent often turn to MSSPs as a solution.
Because the job may entail broad responsibilities, security consultants need to have wide knowledge of security best practices, systems, protocols and so on, as well as the ability to implement these based on each customer's unique needs.
Information security analyst ($95,510 median)
An information security analyst is responsible for planning and implementing measures that protect the security of an organization's computer systems and networks. More specifically, analysts typically analyze the vulnerabilities in a system and recommend countermeasures.
The U.S. News & World Report ranks infosec analyst as No. 2 in best technology jobs based on criteria such as salary, job growth and employment rate. It's also one of the 20 fastest-growing occupations across all industries, ranking No. 16 among all types of jobs, according to the U.S. Bureau of Labor Statistics (BLS).
As organizations adopt new solutions to stay ahead of hackers and data breaches, they're driving a high demand for information security analysts. The BLS projects that demand for this role will grow 28 percent between 2016 and 2026, much faster than the average 7-percent growth for all occupations.
Network security engineer ($114,000 average)
The network security engineer's main job is to keep unauthorized intruders out of the network infrastructure. Essentially, this is the person at the front line of defense. The job is multifaceted and can include everything from deploying hardware and maintaining the WAN/LAN architecture to strategizing how to respond to threats.
With all the threats that organizations face, from malware and phishing to ransomware and botnets, a network security engineer's job is never done. But it's not just malicious actors they worry about — they also need to protect the IT network against natural calamities and other things that may impact it.
Information security engineer ($120,570 median)
Some employers use the term engineer and analyst interchangeably, and there may be some overlap between the two. But while an analyst usually works to identify risks and gaps in information systems, the engineer's job is to design and maintain IT solutions that provide security — such as firewalls, encryption and other technology.
An information security engineer may also develop policies and plans for information security, create incident response strategies, monitor security systems and perform penetration testing. The title of engineer usually commands higher pay compared to an analyst, even when employers extend an analyst's duties into the engineering role.
Application security engineer ($120,700 average)
The application-security engineer's job is to review and test security code, perform penetration testing and identify exploits for applications including desktop, cloud and mobile.
One of the buzzwords tossed around by enterprises currently is DevOps — integrated cross-teams whose purpose is to unify software development (i.e. "dev") and software operations ("ops) rather than working in silos. It's becoming a mainstream practice for companies that build their own applications and hence need agile and rapid deployment.
With increased awareness about IT security, there's a growing trend to integrate security into DevOps, which further contributes to the demand for this job.
Information security director ($137,000 median)
Think of a security director like a deputy chief information security officer (CISO) — this person has strategic oversight of various aspects related to IT security, ranging from budgets and staffing to policies. In smaller organizations, the director may actually take on the CISO's role.
Like other senior levels, a security director will need to not only have extensive experience in the field, but also a variety of security certifications, along with soft skills like communication and people management.
Chief information security officer ($140,000+)
A CISO, or sometimes a CSO (chief security officer) may be the pinnacle of an information security career to some, although the pay doesn't always come with it. While a few elite CISO may earn close to $500,000, many make just a little over $100,000.
A member of the executive team, the CISO not only oversees the organization's information security, privacy and compliance but also often interacts with the board of directors, C-suite executives and other top stakeholders. Depending on the size of the organization, the CISO may report to a chief technology officer or directly to the CEO.
A CISO needs equal technical and business acumen, especially since the paradigm shift that information security is a business problem, not an IT problem. Expect to see demand grow for this job, as regulators in various industries turn up the heat on cybersecurity and start to require companies to designate a CISO.
Information security architect ($140,820 average)
An information security architect is a senior role in charge of designing organization-wide network and computer security architecture. An architect may also lead a team designing and building a new system.
As more of a "big-picture" job, the architect may also oversee infosec awareness programs, create and manage policies, respond to and analyze security incidents and conduct risk assessments.
Information security manager ($152,500 average)
As the name implies, this job is about managing the security program, including policies, hardware maintenance, identity-theft prevention and other aspects. An information security manager may also oversee employee schedules and security budgets, as well as create and implement information security strategies.
The security manager is more likely to interact with the C-suite and other senior roles, so it's a job where strong communication and interpersonal skills are as valuable as technical skills.
FREE role-guided training plans
Conclusion
If you're considering a career in the IT industry and think you may want to climb the ladder someday, do some research on what track you should take. Some of the lower-level jobs are better suited than others for working your way up to the leadership level.
Sources
- Cybersecurity Salaries to Increase 7% in 2018, Infosecurity Group
- Best Jobs Rankings, U.S. News & World Report
- Fastest Growing Occupations, Bureau of Labor Statistics
- The 3 most in-demand cybersecurity jobs of 2017, TechRepublic
- Occupational Outlook Handbook, Bureau of Labor Statistics
- 7 highest-paying IT security jobs, CSO Online
- 4 high-growth tech fields with top pay, Computerworld
In this Series
- Top 10 highest-paying jobs in information security
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity