Highest Paying Cyber Security Jobs

Data breaches happen so often that it’s easy to gloss over the headlines, but the fallout is much harder for companies to ignore: hacks are not just embarrassing, but can lead to serious financial and reputational damage. So, it’s not surprising that there’s high demand for cyber security professionals, and that those who are up to the task are generously compensated. In fact, Computerworld reported that cyber security was the third most highly sought-after skill (right behind app development and tech support), according to managers who planned to expand their IT staff in 2017. In the same report, John Reed, the senior executive director of IT staffing firm Robert Half Technology, pointed out that many companies regularly have vacancies due to their inability to find suitable candidates.

Not only are cyber security skills in peak demand, but according to Computerworld’s 2017 IT Salary Survey Results, security is the third highest-paying IT specialty (after cloud computing and ERP) . But not all cyber-sec jobs pay the same. A handful of positions stand above the rest, at least in terms of compensation.

Here are some of the highest paying cyber security jobs:

• Chief Information Security Officers | $102,000 - $500,000

  Senior-level executives are typically well-paid, and CISOs are no exception. Chief Information Security Officers, also known as Chief Security Officers (CSOs), are extremely valuable to the companies in which they work because they offer the best of both worlds: business savvy and technical skills. CISOs also need to have management chops: they’ll be overseeing security engineers and managing the company’s incident response team. But this isn’t a hands-off management role: not only are CISOs responsible for an entire company’s data privacy, regulatory compliance, threat prevention, adherence to security practices (the list goes on and on), they’ll also roll up their sleeves and assist with incident response alongside their team. CISOs often work alongside chief information officers, too, since part of the job is to protect the company’s revenue. In most large companies, CSOs/CISOs report to the CTO or CIO. Because of the amount of data analyzed or the sensitivity of it, CISOs at financial services or insurance companies may report directly to the company’s CEO.

  According to the compensation information website PayScale.com, a chief security officer earns a median salary of $135,768, with the possibility of another ~$100,000 in profit sharing and bonuses. But Paul Wallenberg, unit manager of technology services at recruiting firm LaSalle Network, told Computerworld that CISOs earn $200,000 to $500,000 in total compensation. Robert Half’s 2018 salary guide lists the midpoint for CISOs at $170,000, with a range between $143,250 and $241,000. Computerworld itself listed the average as $150,929, with an average $22,379 bonus.

• Senior Security Consultant | $76,000 - $162,000

  Senior security consultants help minimize an organization’s security risks by analyzing current security settings and providing recommendations on better practices, procedures, software, and tools. They analyze and modify firewalls and other software packages as well as hardware devices like switches and routers. Senior security consultants wear many hats. They can be found leading security training sessions for employees, participating in meetings to craft cyber security policy, implementing security standards across devices, and creating risk analysis reports and recommendations for management.

  According to PayScale, the median salary for senior security consultants is $105,840. Salaries range from $76,296 to $142,474, with the possibility of additional compensation in the form of commissions, profit sharing, and bonuses bumping up the high end of pay to $156,355. Robert Half’s 2018 salary guide lists the range for senior consultants/project managers of all stripes (not just security) as $96,000 to $162,000.

• Security Engineers / Security Team Leads | $59,000 - $180,000

  Some technologists want to stay as far away from management positions as possible, so they stick to security engineering roles. Security engineers work to prevent breaches—or minimize their impact, should they occur—by securing and monitoring systems and networks, installing firewalls and encryption programs, hunting down vulnerabilities within their own company’s network and systems, and responding to security incidents.

  The role often has an education component as well: security engineers help people within an organization improve awareness through security training programs and other strategies. Security team leads do everything security engineers do, and then some: they provide leadership from within their own team, but don’t have a traditional management role. This typically entails overseeing and delegating to a small development team, mentoring newer developers, overseeing any work done on the project, and communicating closely with management—but from within their position as part of the company’s technical staff.

  Security engineers typically report to a team lead, or a software manager or director, who in turn reports to the CISO. Security engineers typically earn around $130,000, according to Wallenberg, but security team leads earn $170 to $180k. According to PayScale.com, a cyber security engineer earns an average salary of $96,359 per year, with the possibility of additional compensation ranging from $2000 to $40,000 in the form of bonuses and profit sharing.

• Data Security Analyst | $46,243 - $171,500

  Data security analysts work to protect the troves of sensitive data that companies store, such as credit card details, billing information, customer data, and more. A big focus is typically on the cloud servers on which stored data is housed. This role entails determining what data can and should be stored in these vulnerable locations, and to create protocols to secure information. Data security analysts report potential vulnerabilities and corrections for the IT security team to follow up on, analyze accessed data to determine who accessed it, when, where, and how often.

  PayScale lists the average salary for data security analysts as $62,653, with a salary range between $46,243 and $89,003. But according to the Robert Half Technology guide, data security analysts earn anywhere from $102,000 to $171,500, with a median salary hovering around $121,000.

• Penetration Testers | $47,000 - $130,000

  Pen testers look for vulnerabilities within a company’s system to find areas of weakness before hackers do. While part of the job is about ameliorating passive threats, such as poor passwords, penetration testers also work within an IT team or cyber security team to not only find areas of weakness but to relay that information to the rest of the team, so they can take appropriate mitigation steps.

  According to PayScale, penetration testers salaries vary widely based on experience level, company and locale, ranging from $47,000 to $130,000.

• New & Emerging Cyber Security Positions | $ Varied

  As cyber security continues to evolve, specialized roles have been cropping up, senior security architect Leon DuPree told Computerworld. Many new titles are beginning to emerge, he said. These include:
  • application security architect
  • business process reengineering security consultant
  • cloud security architect
  • cloud security specialist
  • cyber security data scientist
  • IT security auditor
  • IT security liaison
  • security awareness trainer
  • security operations manager
  • software security specialist
  • vendor risk management director

  According to Dupree, salary ranges for these positions can be $100,000 and up. Certified IT security auditors can earn as much as $170,000 at the director level, and cloud security architect salaries top out at $181,000. Application security architects earn as much as $180,000, and infrastructure security architects can make as much as $160,000. Wages for security awareness training personnel are on the lower end (around $52,000), but vendor risk management professionals can earn as much as $126,000.

  Astute Solutions director of information security Chris Conner is seeing a growing list of security roles and specialties as well, such as:

  • cloud security specialist
  • director of privacy (or chief privacy officer)
  • software security specialist
  • vice president (or director) of compliance

  According to Conner, privacy and compliance directors’ salaries are in the mid-$100,000s, while cloud security specialists and software security specialists earn anywhere from $120,000 to $150,000 a year. The cyber security ecosystem continues to shift, with responsibilities shifting and new roles and specialties emerging. These are just a few to keep an eye on.

Sources:

• Robert Half 2018 Technology & IT Salary Guide
• Computerworld IT Salary Survey 2017 Report
• PayScale.com