What is the Salary for Cybersecurity Jobs?

They say that money makes the world go around and while not everybody agrees that it can buy happiness, there’s one thing we all know is true—people wouldn’t work in jobs without being paid for their time.

The Highest Paying Cyber Security Jobs

Let’s jump right into what you want to know.

While these may vary from place-to-place, the figures provided are averages taken from various professionals working in various organizations.

Here are the 5 highest paid jobs in cybersecurity right now for entry-level and intermediate positions. Expect double, triple, or more for senior-level positions which you can reach in 5+ years.

1. Cyber Security Analyst

Among one of the highest paid cybersecurity jobs, cybersecurity analysts focus on preventing and protecting against malicious cyber attacks such as DDoS, viruses, hacks, and malware injections, an invaluable skill for any modern company that has valuable assets or datasets.

Image and data provided by Payscale.com

The average salaries for cybersecurity analysts can be anywhere between $80,000 and $185,000. Of course, $185,000 represents the salary of more senior analysts and professionals with several years’ demonstrable and hands-on experience in addition to high-level certifications.

2. Penetration Testers

Often viewed as one of the “sexier” cybersecurity jobs is penetration testing. It is a line of work that has been around for years, traditionally carried out in-house by a small team, long since before cyberattacks became as big of a problem and commonplace as they are now.

Penetration testing involves carrying out simulated attacks in a controlled environment on a company’s assets—e.g. website interfaces, databases, and internal IT systems—to uncover vulnerabilities. When these vulnerabilities are found, they can then be protected against.

Penetration testers are also called “ethical hackers” because they simulate a real-life attack using the same tools, methods, and skills as a malicious hacker would, except the ethical hacker turns all the information over to the company so that any vulnerabilities and security flaws can be fixed.

It is becoming more common to outsource penetration testing to external companies, particularly ongoing crowd-sourced penetration testing, rather than keep them in-house. Hiring an external party to conduct an audit provides a fresh set of eyes that can look at everything.

Image and data provided by Ziprecruiter.com

In terms of salary, penetration testers can expect to earn anywhere between $60,000 at a junior level and $130,000+ at more senior experienced levels.

3. Network Security Analysts

The core role of a network security analyst is to manage the overall security of a company’s entire IT infrastructure and computer network. Obviously, therefore, this role can net a pretty penny and it is one that attracts some of the industry’s best and brightest.

Image and data provided by Indeed.com

No company is going to spare expense when trying to guarantee the security of their computer network and IT infrastructure, the very thing that enables them to operate and continue running.

As cyber attacks constantly evolve and grow with each passing day, it is network security analysts that act as gatekeepers and prevent serious breaches from taking place.

It is no surprise then that the median salary is close to $100,000, with those on the junior end of the spectrum netting around $70-90,000 and those on the higher end with experience and seniority taking home anywhere between $150-$200,000.

4. Application Security Engineer

As more and more companies start using third-party SaaS products such as Amazon Web Services or Microsoft Azure, they need to ensure that these tools are safe and fit for purpose.

While Amazon Web Services and Microsoft Azure are unlikely to cause any serious problems when implemented correctly, there are thousands of third-party SaaS providers and it is the job of an application security engineer to ensure that they aren’t vulnerable to attackers.

The role of an application security engineer mostly involves securing all software applications that a business uses and that they are meeting policy and compliance requirements in their deployment.

As business use of third-party SaaS tools and other software grows, it is likely that application security engineers are going to become further in-demand and the earning potential will grow.

Image and data provided by Ziprecruiter.com

At present, an application security engineer can expect to earn anywhere between $100,000 to over $200,000 and this number is constantly growing. Even at the most junior level, qualified candidates can expect to make three figures in a serious organization.

5. Information Systems Security Engineer

Information systems security engineers are usually tasked with maintaining the network itself and ensuring that it is free from vulnerabilities, viruses, malware and that employees within an organization are being compliant with internal policies.

Image and data provided by Indeed.com

In addition to this, security engineers will perform regular testing of the network and overall IT infrastructure to ensure that it is both robust and secure. Depending on the organization, though, the specifics of this role can vary—it is one with a wider scope of responsibilities.

Like the other roles covered, the starting salary for this one starts anywhere between the $70-$90,000 and can top out at $150,000 and above for senior information systems security engineers with sought-after skills and experience.

Certifications That Can Increase Salary

Of course, the only way you are going to be bringing home a salary around the $150,000-$200,00 mark is if you are highly qualified and experienced and, to get to this stage, you will need to have certifications behind you.

While it is hard to quantify just how much X certification can increase Y salary, particularly because companies are only just waking up to cybersecurity considerations and because there is a huge skill gap.

EC-Council is one of the rising choices for certifications but still is not recommended.

Certified Ethical Hackers, for example, can expect to earn a median salary of around $100,000 which is a lot more money than penetration testers doing the job without any certification.

Most senior-level roles will require some of the certifications below. Every role, though, is different and it depends on not only the role but the organization doing the hiring, too—they are free to set their own requirements.

In a nutshell, here are some of the most sought-after advanced certifications that senior cybersecurity professionals tend to possess. They demonstrate expertise and those who have them are able to demand higher remuneration.

The most respect and popular certification undertaken by professionals wanting to advance to mid/senior-level roles is probably CISSP.

Certified Information Systems Security Professional (CISSP)


A popular choice among security analysts and architects wanting to advance from entry-level roles, the CISSP certification provides supplementary training and education to experienced security practitioners who want to demonstrate their knowledge across a broader range of security practices and principles. It also meets the U.S. DoD Directive 8750.1 and many cybersecurity professionals working in the public sector undertaking the CISSP certification as a result.

CEH Ethical Hacker

“The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.”

Although this is by no means a required certification in order to become a practicing ethical hacker, EC-Council seems to push this narrative that it is something that needs to be completed to advance beyond entry-level penetration testing roles. This certification supposedly confirms that the candidate can perform the role of an ethical hacker to currently accepted standards, establish and maintain minimum standards, and meet basic compliance.

We don’t think so. There are serious negative feedback from students if you search for them.

EC-Council Certified Security Analyst (EC-CSA)

EC-Council amassed a ton of certifications to sell off; this one is posed as an advanced-level certification. The EC-Council CSA certification is the natural successor to the Certified Ethical Hacker certification above and picks up from where it left off. They keep you on the ropes so you’ll have to sign up to all their courses.

The EC-CSA presents candidates with a distinguishable set of comprehensive methodologies that broadly cover different penetration testing requirements across different industries and verticals.

This is a security credential like no other. The EC-CSA is never required by companies for mid-level penetration testing roles either. No information on how much people will earn with this certification since they refuse to give this out.

There’s Serious Money in Cyber Security

Cybersecurity as a profession is in demand like never before and the salaries on offer to even entry-level talent are huge.

With more and more cyber attacks hitting companies from every which way and new threats coming through the pipeline with each passing day, companies are paying more money than ever to qualified cybersecurity specialists and professionals to secure their assets and data and prevent huge financial losses.

Unfortunately, there is a massive skills gap in the cyber security industry and vacancies can be very difficult to fill. As a result, then, it is no surprise that when the right candidates are found, companies are willing to pay eye-watering sums of money to secure them.

The huge skills gap, demand for cybersecurity specialists, and the increasing threat from hackers and other risks means that the general cybersecurity salary is nothing to be sniffed at. Even entry-level roles with non-specialist tasks can pay as much as $50,000 and once you are in, the only way is up.

It is likely that the money on offer to cybersecurity professionals will continue to increase as organizations begin to wake up to the serious threats posed by cybercrime. If you’re curious as to how to get started in cybersecurity, the answer is simple: just start practicing cybersecurity and integrate it into your daily life.

Table of Contents