ITCareerFinder analyzes salaries & hiring trends to uncover this year's best paying cyber security roles.
This post will be updated annually with the top paying cyber-sec jobs and wages. Current year: 2022.
Data breaches are becoming so ubiquitous that it’s easy to gloss over the headlines, but the fallout is much harder for companies to ignore -- hacks are not just embarrassing, but can lead to serious financial and reputational damage. So, it’s not surprising that there’s high demand for IT security specialists, and that those who are up to the task are generously compensated. In fact, cyber security was the most highly sought-after skill set in 2021, and many companies report info-sec vacancies due to their inability to find qualified candidates.
Not only are these skills in peak demand, but cyber security is one of the highest-paying IT specialties, bringing in an average salary of $102,600 (more than double the $45,760 average for all occupations) according to the US Bureau of Labor Statistics. But not all cyber-sec jobs pay the same. A handful of positions stand above the rest, at least in terms of compensation.
Here are some of the highest paying cyber security careers for 2022:
Chief Information Security Officer | $161,000 - $236,750
Senior-level executives are typically well-paid, and CISOs are no exception. Chief information security officers, also known as chief security officers (CSOs), are extremely valuable to the organization because they offer the best of both worlds: business savvy and technical skills. CISOs also need to have management chops: they’ll be overseeing security engineers and managing the company’s incident response team. But this isn’t a hands-off management role: not only are CISOs responsible for an entire company’s data privacy, regulatory compliance, threat prevention, adherence to security practices (the list goes on and on), they’ll also roll up their sleeves and assist with incident response alongside their team. CISOs often work alongside chief information officers, too, since part of the job is to protect the company’s revenue. In many large organizations, CSOs/CISOs report to the CTO or CIO. Because of the amount of data analyzed or the sensitivity of it, CISOs at financial services or insurance companies may report directly to the CEO.
According to PayScale.com, a chief information security officer earns an average salary of $170,975, with the possibility of another $100,000+ in profit sharing and bonuses. Robert Half Technology's 2022 salary guide lists the midpoint wage for CISOs at $193,750.
Information Systems Security Manager | $129,750 - $187,750
Alternately called information systems security officers (ISSO), these highly paid security specialists combine hands-on cyber security skills with extensive leadership and communication prowess to bridge the gap between high-level security directives and their execution. Core technical competencies for this role are many, and include network defense and security, enterprise architecture, business continuity, encryption, digital threat assessment, cyber law and governance, and risk management.
According to the 2022 Robert Half Technology Salary Guide, information systems security managers earn between $129,750 (at the 25 percentile) and $187,750 (at the 75th percentile). Bonuses and profit-sharing can net info-sys security managers an additional $5,000 to $42,000 per year, according to Payscale.com.
Senior Security Consultant | $77,000 - $159,000
Senior security consultants help minimize an organization’s risk profile by analyzing current security settings and providing recommendations on better practices, procedures, software, and tools. They analyze and modify firewalls and other software packages as well as network hardware like switches and routers. Senior security consultants wear many hats. They can be found leading security training sessions for employees, participating in meetings to craft cyber security policy, implementing security standards across devices, and creating risk analysis reports and recommendations for management.
According to PayScale, the average salary for senior security consultants is $109,693. Salaries range from $77k to $149k, with the possibility of additional compensation in the form of commissions, profit sharing and bonuses bumping up the high-end of pay to $159,000. Robert Half’s 2022 salary guide lists the median salary for senior consultants of all stripes (not just cybersecurity) at $103,000.
Find cyber security programs that align with your goals.
Network Security Engineer | $109,750 - $153,500
Some technologists want to stay as far away from management jobs as possible, so they stick to engineering roles. Network security engineers work to prevent breaches—or minimize their impact, should they occur—by securing and monitoring systems and networks, installing firewalls and encryption programs, hunting down vulnerabilities within their own company’s systems, and responding to security incidents. This cyber-sec job often has an education component as well; security engineers help people within an organization improve awareness through security training programs and other strategies.
According to PayScale.com, cyber security engineers earn an average salary of $96,745, with the possibility of additional compensation ranging from $2,000 to $60,000 in the form of bonuses and profit-sharing. Network security engineers can further boost earnings with cybersecurity skills in marketable areas like cloud computing, applications security, and DevSecOps.
Data Security Analyst | $60,000 - $166,750
Data security analysts work to protect the troves of sensitive data that companies store, such as credit card details, billing information, customer data and more. A big focus is typically on the servers (both physical and cloud-based) on which stored data is housed. This role entails determining what data can and should be stored in these vulnerable locations, and to create protocols to secure information. Data security analysts report potential vulnerabilities and corrections for the IT security team to follow up on, analyze accessed data to determine who accessed it, when, where, and how often.
PayScale lists the average wage for data security analysts as $74,059, but according to the Robert Half's 2022 technology salary survey, data security analysts can earn up to $166,750 and more.
New & Emerging Cyber Security Positions | $ Varied
As the cyber security landscape continues to evolve, a slew of specialized roles are cropping up, including:
application security architect
business process reengineering security consultant
cloud security architect
cyber security data scientist
information security auditor
IT security liaison
security awareness trainer
security operations manager
software security specialist
vendor risk management director
Salaries for these emerging cyber security positions can easily crack the six-figure range. Certified information security auditors can earn as much as $200,000 at the director level, and cloud security architect salaries can top $210,000. Application security architects and infrastructure security architects can make as much as $200,000 and $190,000 respectively. Wages for security awareness training personnel are on the lower end (currently around $65,000), but vendor risk management professionals can earn upwards of $150,000.
Astute Solutions director of information security Chris Conner is seeing a growing list of security roles and specialties as well, such as:
cloud security specialist
director of privacy (or chief privacy officer)
software security specialist
vice president (or director) of compliance
According to Conner, privacy and compliance directors’ salaries are in the mid-$100,000s, while cloud security specialists and software security specialists earn anywhere from $140,000+ per year. The cyber security ecosystem continues to shift, with responsibilities shifting and new roles and specialties emerging. These are just a few we will keep an eye on.