The latest cybersecurity jobs report
This guide contains everything you need to know to get up to speed on the rapidly growing cybersecurity job market. The guide is intended to provide enough “at-a-glance” information, but also give enough depth to be useful in finding the latest cybersecurity job opportunities.
IN THIS GUIDE
- Cybersecurity job demand
- Cybersecurity education
- Government jobs in cybersecurity
- Cybersecurity salary information
Cybersecurity jobs — a growth story
Cybersecurity jobs are exciting. The fast-paced field that is perfect for anyone who loves a challenge and the thrill of problem-solving. According to data collected by the Bureau of Labor Statics (BLS), the demand for cybersecurity jobs like information security analysts will grow by as much as 31 percent over the next ten years.
cybersecurityguide.org is an advertising-supported site. Clicking in this box will show you programs related to your search from schools that compensate us. This compensation does not influence our school rankings, resource guides, or other information published on this site.
Featured Cybersecurity Programs
|School Name||Program||More Info|
|UC Berkeley School of Information||Online MS in Cybersecurity | No GRE/GMAT Required||website|
|University of Pennsylvania||Penn Cybersecurity Boot Camp||website|
|Utica University||Online BS in Cybersecurity||website|
|Syracuse University||Online MS in Cybersecurity | Complete in 15 Months||website|
|Northwestern||Northwestern Cybersecurity Boot Camp||website|
|UC Berkeley||Berkeley Cybersecurity Boot Camp||website|
When you think about it, the above average growth in cybersecurity jobs makes sense. As technology becomes more and more intertwined with everyone’s day to day lives, the need for experienced cybersecurity professionals increases.
And while the future cybersecurity jobs projections forecast more openings, the truth is that even today there are not enough well-qualified experts to go around.
The cybersecurity job market has grown so rapidly over the past several years, that applicants usually have lots of options.
Due to the lack of trained professionals, those who pursue a career in cybersecurity can expect plenty of opportunities, high paying salaries, and great benefits.
The cybersecurity field includes a wide range of different jobs from entry-level up to executive management and everything in between.
An entry-level security professional may find themselves working as a security analyst in a SOC (security operations center). As their career progresses they may become a senior security analyst or work on an incident response (IR) team.
Those interested in programming and software design can pursue a career as a security software developer.
Individuals interested in pairing passions of law enforcement and technology may find a good fit in a computer forensics career. Computer forensics analysts work directly with both law enforcement and private firms to investigate cases.
The outlook for cybersecurity careers is extremely positive, making it a great option for anyone looking to enter the field. According to ISC2.org there are approximately 2.93 million cybersecurity positions open around the globe.
In the same document released by ISC2, the top identified areas of need for people with cybersecurity expertise included security awareness, risk assessment, security administration, network monitoring, incident investigation and response, intrusion detection, cloud computing security, and security engineering.
IN THIS SECTION
As with any career, education is a key element of entering the workforce. There are many different educational paths that individuals can take to learn the tools of the trade.
Pursuing a cybersecurity associate’s degree or bachelor’s degree in cybersecurity is an excellent place to start. Many universities will have specialized programs for cybersecurity, but a computer science degree will also be beneficial.
For people looking to make their way into management roles, there are newer opportunities to obtain a graduate-level certificate in cybersecurity or computer science.
While there is no substitute for a traditional degree, certifications and experience will also play a major role in landing a job within the cybersecurity field.
CHECK OUT OUR FULL CYBERSECURITY CERTIFICATION RESOURCE TO LEARN MORE.
Besides a bachelor’s or master’s degree from an accredited university, there are additional certifications which may help a job seeker to secure employment in the cybersecurity field.
According to a Burning Glass cybersecurity hiring report, approximately 60 percent of cybersecurity positions require that the applicant have at least one certification. The following are a few of the most popular certifications a cybersecurity technician can complete.
- Certified Ethical Hacker: Available only to cybersecurity technicians with two years of experience or more, the Certified Ethical Hacker certification is designed to teach a cybersecurity technician how to think like a hacker. This certification is best suited for anyone who would like to become a penetration tester.
- Certified Information Systems Security Professionals (CISSP) — A CISSP certification can be obtained by any person with five years or more of experience in the field of cybersecurity. Throughout the course students will learn how to identify and mitigate vulnerabilities in web-based systems.
- Certified Information Systems Auditor — The CISA is designed to signify expertise for those that, as a regular part of their work, audit, control, monitor, and assess their organization’s information technology and business systems
- Network+ – This is a certification designed to teach students the basics of networking as well as industry standard cybersecurity best practices. Network security, network infrastructure and network troubleshooting will all be taught.
- Security+ – Generally considered one of the most important cybersecurity certifications, the Security+ program teaches students how to manage risks, locate vulnerabilities in a computer system and understand cryptography as it relates to security. Other topics in the certification program include threat analysis and hacking mitigation techniques.
- Licensed Penetration Tester (LPT) – The LPT is one of the most advanced certifications in the cybersecurity industry. It’s only awarded to technicians who have extensive experience in the industry and who’ve proven themselves capable of operating under pressure. The idea behind the LPT certification is that any technician who holds this certificate is capable of responding quickly and efficiently to a real-time cybersecurity breach.
While these are some of the most common certifications that cybersecurity professionals may acquire, there are many other options available.
“One of the things that we teach in our certificate program and in our MOOC, is how to develop a reading program so that you stay current, how to join professional organizations to continue to network. The bottom line, it’s a field that you must love because you’re going to be studying constantly, reading constantly, growing constantly expanding your mind.”
— Barbara Endicott-Popovsky, executive director of the Center for Information Assurance and Cybersecurity at the University of Washington
Some employers may offer on the job training and certification programs. This is one way for a cybersecurity professional to gain new skills and advance within an organization.
Be sure to check out our related guides
- Cybersecurity 101: This guide provides the nuts and bolts for getting started with a cybersecurity career. Learn more
- Small business guide: All small business owners should be taking cybersecurity seriously. This guide will help get started. Learn more
- Certification guide: Getting industry-specific certifications is critical to career advancement in cybersecurity. This guide provides a good backgrounder on what the certifications are all about. Learn more
- Centers for Academic Excellence in Cybersecurity: This guide is all about the Centers for Academic Excellence in Cybersecurity, which is a program organized by the National Security Agency and the Department of Homeland Security to set standards for higher education programs. Learn more
- Cybersecurity career networking guide: This guide contains career networking tips and tricks. Learn more
Free online learning resources
Free (or inexpensive) online learning resources are a great way to begin your cybersecurity journey.
Before deciding whether or not to spend money on formal education, these online classes can introduce students to the basics of the cybersecurity field. They can also be beneficial after landing that first job in cybersecurity.
Since technology is always changing, the techniques used in the field will change as well. Online learning websites can help bridge the gap between what was learned in the classroom and what new techniques have been discovered. Some online learning websites will also provide a certificate of course completion which is good proof to potential employers about the desire to find continuing education opportunities.
Free cybersecurity jobs resources
Cybrary.it Cybrary was created as a cybersecurity workforce training platform. It currently offers dozens of training modules across a wide range of topics. Some of the courses are free, while others require a subscription to the service. The courses range from specific topic areas, such as understanding malware, to certification prep courses.
Coursera.org: Coursera is a digital platform that makes courses available to the public from over 200 of the world’s leading universities. The programs available range in size, commitment, and rigor. Everything from a single topic course to certification, degree, and micro-master’s tracks are available. There is even a course on finding a cybersecurity job and the cybersecurity job interview process from the University of Georgia.
KhanAcademy.org: Khan Academy is a global digital learning platform that offers classes in specific topic areas. The best part is that the content is high-quality and free. Khan Academy offers a number of cybersecurity classes ranging from intro-level content to more advanced concepts. Khan Academy’s cybersecurity listings can be found here.
OpenSecurityTraining.info: Like the others mentioned here, OpenSecurityTraining.info is a free resource that provides in-depth video and text-based resources in the forms of specific skills training. The goal of the project is to make cybersecurity and information technology training available to all.
Budget-friendly cybersecurity job resources
Udemy.com: Udemy is a global education platform that allows teachers and subject matter experts to easily connect with students. Udemy’s content is delivered in videos and courses range in level of detail and rigor. There are hundreds of hours of cybersecurity-related content to choose from. The courses range from basic, intro to cybersecurity to specifics like how to prepare for certification exams. While students have to pay to access the courses, there seems to be an endless supply of affordable options.
StackSkills.com: Stack Skills is a learning platform that packages courses into topic areas that track with digital media skills in specific domains such as marketing, finance, and IT security.
Lynda.com Lynda, a LinkedIn company, is a subscription-based service that provides thousands of hours of training across multiple skills that are in-demand in the labor force right now. Specific to cybersecurity, Lynda.com offers more than 1,000 course training options, ranging from beginner to expert.
edX.org Like Coursera, mentioned above, edX is an online learning platform that offers courses from leading universities from around the world. The courses are divided into a number of different programs, ranging from single course offerings in specific topics, to bachelor and master’s degree tracks, to industry certifications. Find edX’s cybersecurity course offerings here.
Finding entry-level cybersecurity jobs
While some jobs will require a graduate degree in computer science or information security, it is possible to land an entry-level position within the field of cybersecurity. Entry-level security professionals can expect to handle lower-level security matters such as log monitoring, maintaining backups, and managing updates.
There is such a high demand for workers with cybersecurity expertise, that many of the professors teaching in cybersecurity associate’s degree programs report that many of their students already have jobs waiting when they graduate.
An increasingly popular way to join the cybersecurity workforce, especially for people with a background in a related field like computer science or information technology is participate in a cybersecurity boot camp or graduate certification program.
Cybersecurity boot camps are designed as intensive training experiences broken up over several weeks or months. The boot camp training and coursework can be offered by a private boot camp company or training service. Increasingly, and in an effort to help close the cybersecurity skills gap, boot camp credentials are also being offered by some of the nation’s top universities. LEARN MORE ABOUT CYBERSECURITY BOOT CAMPS.
Top universities with well-established cybersecurity programs are also offering graduate certificate programs. These programs are designed for experienced students that are looking for a deeper dive into a specific cybersecurity topic area. Usually several courses long, the cybersecurity graduate certificate programs can help make job applicants look more competitive, or help prepare certification participants for more advanced roles within the profession. LEARN MORE ABOUT CYBERSECURITY GRADUATE CERTIFICATION PROGRAMS.
“We decided to create a graduate certificate in cybersecurity, which is a bridging program, so you don’t have to have any preparation in computing, or in cybersecurity to go into that program. We give you some foundational courses, then we teach you computer networking followed by ethical hacking and pentesting. When you finish the courses you receive a certificate and you’re ready to get into our master’s program.”
— Hossein Sarrafzadeh, professor and chair of the cybersecurity department at St. Bonaventure University.
One entry-level job option is to become an information security analyst. According to the Bureau of Labor Statistics, professionals usually have a bachelor’s degree before obtaining an entry-level job as an information security analyst. The median wage of information security analysts in 2018 was $98,350 with the lowest ten percent earning less than $56,000. Some of the duties listed by the Bureau of the Labor Statistics for an information security analyst include:
- Research the latest information technology (IT) security trends
- Prepare reports that document security breaches and the extent of the damage caused by the breaches
- Monitor their organization’s networks for security breaches and investigate a violation when one occurs
- Install and use software, such as firewalls and data encryption programs, to protect sensitive information.
For professionals more interested in offensive security rather than defensive security, a role of junior penetration tester may be more fitting. Penetration testers are hired by an organization to test out their security controls.
A penetration tester will take an offensive approach and attempt to break into an organization’s network. According to Payscale.com, the average salary for a junior penetration tester is $70,000.
LEARN MORE ABOUT A CAREER AS A PENETRATION TESTER.
Cybersecurity jobs in the federal government
For reasons of national defense, the US federal government is one of the largest employers of cybersecurity professionals. That’s why this next section is a deep-dive into how to find government cybersecurity jobs.
IN THIS SECTION
- Cybersecurity government jobs benefits
- Government hiring paths
- How to find and apply for government jobs
- Security clearance
The US Office of Personnel Management (OPM) serves as the principal human resources agency and personnel policy administrator for the Federal Government.
According to the OPM, the federal workforce comprises an estimated 2.1 million civilian workers. For perspective, this is on par with the largest US employer, Walmart. The next largest employer, Amazon, has about 1.3 million employees globally.
The reasons for choosing to work for the federal government rather than private enterprise will vary with each individual. Every job seeker must assess their needs, values, and individual circumstances to determine whether government service is right for them.
Below are some of the common motivations for seeking government employment.
Make a meaningful difference
Working for the federal government provides opportunities not available anywhere else. The government is responsible for protecting our environment, strengthening the nation’s security, ensuring the safety of our skies, helping kids get a good education, and investigating federal crime. People that want to make a significant contribution in these areas are attracted to federal jobs in agencies such as the Environmental Protection Agency (EPA), the Transportation Security Agency (TSA), the Department of Education (ED), and the Federal Bureau of Investigations (FBI).
Security and benefits
While the federal government offers a competitive pay scale (see the General Schedule section below), many people are attracted to government work because of the job security and superior benefits. Layoffs of government workers do happen, but the government is not nearly as susceptible to market forces as are private companies.
In many respects, working for the federal government is a trade-off. Government employees trade the potential for striking it rich, say like getting in on the ground floor of the latest tech sensation, for meaningful, reliable service to their country while providing a good living for their family.
In addition to a fair living wage, working for the government provides the following benefits.
- Health insurance – The various health plans under this program offer health insurance for the employee, spouse, and children under 26.
- Dental and vision insurance — Federal employees can choose from several different plans to cover themselves, their spouse, and their unmarried, dependent children up to age 22.
- Life insurance — Employees can choose coverage starting at one year’s salary up to more than six times your salary and can get coverage on the lives of their spouse and eligible children too.
- Long term care insurance — This program provides long term care insurance to help pay for costs of care when an employee can no longer perform everyday tasks such as eating or dressing and bathing themselves due to a chronic illness, injury, disability, or aging.
- Flexible spending accounts — New or current federal employees can set up healthcare and dependent care flexible spending accounts.
“So I went to a national lab expecting to just be here for a couple of years until I found out where my true passion was, and then lean more heavily into that. And it’s been almost 11 years now, and I’m not really looking anywhere else. I really love the autonomy you get at Argonne and the national lab as a whole, it’s a very interesting mix of all three of those, where I still have that impact. The pay is still very rewarding and competitive, and I still get that academic autonomy to pursue whatever I want to from a cyber perspective.”
— Nate Evans, cybersecurity program lead at Argonne National Laboratory
Wide range of work locations
Unlike private companies that often need employees only at specific locations, the federal government has job openings in every state and many foreign countries. The State Department alone has embassies or consulates in 180 countries. Most government jobs are based outside of the nations’ capital, Washington, DC. One of the most attractive aspects of working for the federal government is choosing a career that allows you to live in your desired location.
The federal government recognizes the need for a well-trained workforce. Their willingness and ability to provide top-notch training is a notable benefit for many employees. Even workers with aspirations to find their place in the private sector often spend several years working for the government to take advantage of the training.
The Federal Virtual Training Environment (FedVTE) is a no-cost online, on-demand cybersecurity training system for government personnel and veterans. FedVTE contains more than 800 hours of training on topics such as ethical hacking and surveillance, risk management, and malware analysis courses ranging from beginner to advanced levels.
Government hiring paths
In the federal hiring process, eligibility is based on inclusion in a particular group of people an agency wants to hire. These groups, called hiring paths, include classifications such as current federal employees, veterans, recent graduates, or someone from the general public.
Eligibility has nothing to do with work experience, skills, or other qualifications. A candidate may be eligible because they belong to a specific hiring path — veterans, for example — but may not be qualified for some open positions for which they are eligible to apply.
Each job announcement lists “who may apply” – that’s the hiring path – and “qualifications” to help applicants understand if they meet the job’s requirements. A candidate must be both eligible – belong to one of the groups specified in the job announcement – and be qualified with the right experience and skills.
Many individuals will qualify for more than one hiring path, but applying for jobs in a more general category will not benefit the applicant. For example, current federal employees are often given preference for some positions. If a current federal employee applies to an “open to the public” job, they will have to compete against the general public. Their status as a federal employee does not earn them a preference, and the field of applicants will likely be more extensive. Finding the right job within the most restrictive hiring path, the path for which a candidate is afforded preferred status is generally advantageous.
“By the way, our graduates from our CAE programs are given hiring preference by the federal government. That has appeal to students that wouldn’t mind relocating to DC or working for state and local government.”
— Barbara Endicott-Popovsky, executive director of the Center for Information Assurance and Cybersecurity at the University of Washington
Many positions are open to more than one hiring path. In that case, a current federal employee could apply and still benefit from their preferred status, since even though the general public is welcome to apply, the preferred status of all eligible hiring path applicants would be recognized.
Government hiring paths
Open to the public
Any US citizen or national can apply for jobs that are open to the public. Federal agencies may hire non-U.S. citizens in rare cases when the annual Appropriations Act, the Immigration Law, and the agency’s internal policies allow it.
Veterans who served on active duty in the military and received an honorable discharge may be eligible for veterans’ preference, and they can apply for other veteran-specific positions. For positions that include a veterans preference option, disabled vets are eligible to receive a 10-point preference and non-disabled 5 points. FOR RELATED INFORMATION, CHECK OUT OUR VETERAN’S CYBERSECURITY GUIDE
National Guard and Reserves
Members of the National Guard, or applicants that are willing and able to join the National Guard, may be eligible to apply for federal jobs located within a National Guard unit. The National Guard and Reserves set their own qualification requirements and are not subject to the appointment, pay, and classification rules in Title 5, United States Code. However, they are subject to the veterans’ preference discussed above.
You may be eligible for a Federal Senior Executive Service position if you meet all five of the Executive Core Qualifications (ECQs). Many departments and agencies use these ECQs in the selection, performance management, and leadership development for executive positions. The five ECQs are:
- Leading Change
- Leading People
- Results Driven
- Business Acumen
- Building Coalitions
Family of overseas employees
This hiring program is for family members of federal employees or uniformed service members working or have worked overseas. Eligibility does not entitle an applicant to a job within the Federal Government; however, agencies can hire an eligible applicant directly without the applicant having to compete with the public. They must still apply and meet qualification standards and additional requirements, such as a background investigation.
Peace Corps or AmeriCorps VISTA
Applicants that have served with the Peace Corps or AmeriCorps VISTA as a volunteer for at least one year may qualify for non-competitive eligibility. This service means that a federal agency can hire them outside of the usual competitive examining process.
The Merit Promotion program lets a current or former federal employee apply for a job without having to compete with the general public or people with Veterans’ Preference. Instead, these current employees compete with other competitive service employees.
Federal agencies are authorized to use the military spouse non-competitive hiring process when they seek to hire a member of the armed forces’ spouse. This process includes a spouse of a 100 percent disabled service member who is disabled due to a service-connected injury, or a spouse of a service member killed while on active duty.
Students and recent graduates
Current students or recent graduates may be eligible for federal internships and job opportunities through the Pathways program. There are three different paths available:
- The internship program
- The recent graduate program
- The Presidential Management Fellows (PMF) program
Individuals with disabilities
Federal programs grant special hiring authority to government agencies providing an optional and potentially quicker way to hire individuals with disabilities. Applying under these programs offers an exception to the traditional competitive hiring process. Applicants can apply for jobs using this exception if they have an intellectual disability, a severe physical disability, or a psychiatric disability.
American Indians or Alaskan Natives who are members of one of the federally recognized tribes may be eligible for Indian preference. With Indian preference, applicants may receive preference over non-Indian applicants when seeking jobs with the Indian Health Service and Indian Affairs. This rule includes the Bureau of Indian Affairs, the Bureau of Indian Education, and some positions within the Assistant Secretary – Indian Affairs.
The payscale for federal employees
The General Schedule (GS) is the primary pay scale for federal employees. While there are alternative pay schedules for federal workers, about 70 percent of the civil service positions fall under the GS system. This is especially true for employees in professional, technical, administrative, or clerical jobs. There are 15 grades in the system, ranging from GS-1 to GS-15. There are also ten steps within each of the 15 grades. The grade level and step assigned to a position determine the pay for that job.
Candidates should not expect that they will be required to start at a GS-1 and ascend from there. Many federal employees begin their careers at a GS-5 level or higher. The following provides an overview of where various jobs fall within the GS structure.
- GS-3 and GS-4: Internships or student jobs
- GS-5 to GS-7: Entry-level positions
- GS-8 to GS-12: Mid-level positions
- GS-13 to GS-15: Supervisory positions
- Positions beyond GS-15 are part of the Senior Executive Service
The table below indicates the pay scale for Federal Government General Schedule positions in 2020. Only the first and last steps are shown to indicate the pay range for each grade level.
|GS grade level||Step 1 (entry for pay grade)||Step 10 (max at pay grade)|
How to find and apply for government jobs in cybersecurity
The best way to find government jobs is through the USAJOBS website. This government website is a clearinghouse for all GS positions. It includes an online application process along with hints, tips, and guidelines for finding the best possible job for each candidate.
Before applying for a job on USAJOBS, each candidate will need to create an account and fill out an application. There are resources for uploading a resume as well. The search feature allows candidates to search thousands of open positions and is made manageable by intuitive filters. Website features include the ability to create and save searches and save jobs that are of interest.
Once the candidate has found the right job, in the right location, their application can be submitted to the hiring manager at the appropriate agency through the website. If the candidate makes the agency’s shortlist, the hiring manager will contact them for an interview. The process of getting hired by the government is often a lengthy one. Many open positions receive thousands of applications, and it takes time for the hiring manager to sort through them all.
Where to find government cybersecurity jobs
Candidates can find jobs within the federal government at any agency. The Federal Aviation Administration (FAA) and the Department of Energy are two examples of agencies that often look for cybersecurity professionals to join their ranks. However, job seekers can find many cybersecurity positions at the Cybersecurity and Infrastructure Security Agency (CISA).
CISA’s purpose is to build the national capacity to defend against cyber-attacks and work with the federal government to provide cybersecurity tools and incident response services to safeguard the ‘.gov’ networks that support government departments’ essential operations and agencies.
A search of CISA open positions will likely yield over 100 jobs. Most CISA positions are for grade levels GS-13 to GS-15. They include roles such as:
- IT Specialist
- IT Management Student Trainee
- Management and Program Analyst
- Information Technology Specialist
- Chief of Strategy, Policy, and Plans
Many of these CISA positions are needed at multiple locations, and some are telework jobs where the candidate can live anywhere in the US.
Each year CISA participates in a variety of career fairs, webinars, and hiring events. They seek to hire candidates with a background in cybersecurity, human resources, infrastructure security, and risk assessment.
The OPM and the Office of Management and Budget (OMB) have worked with private industry and academia to develop the Federal Cybersecurity Workforce Strategy. The purpose of this strategy is to help the federal government build a cybersecurity workforce pipeline; recruit, hire, develop, and retain top cybersecurity talent.
CyberCareers.gov was created as part of the Federal Cybersecurity Workforce Strategy to provide a platform for cybersecurity job seekers to have special online access to tools, resources, and a guide to the cybersecurity workforce within the Federal Government. Links to specific job opportunities will take the candidate back to the USAJOBS website for the application process.
Still, there is useful information on cybercareers.gov to help cybersecurity professionals be successful in the hiring process.
Security clearances for cybersecurity jobs
Not all government jobs require a security clearance, but many do. Everyone employed by the federal government undergoes a basic background investigation. The investigation ensures that all federal employees are “reliable, trustworthy, of good conduct and character, and of complete and unswerving loyalty to the United States.”
Additionally, federal employment positions that include access to sensitive information require a security clearance. This requirement includes individuals employed by private firms in the capacity of a contractor for the federal government. This clearance must be obtained to determine the applicant’s trustworthiness and reliability before granting them access to national security information.
ADDITIONAL INFORMATION ABOUT SECURITY CLEARANCES CAN BE FOUND IN OUR SECURITY CLEARANCE GUIDE.
Cybersecurity job requirements and salary information
IN THIS SECTION
When thinking about finding the right cybersecurity degree or certification, it is helpful to understand some specific cybersecurity job requirements. Each organization or company will have its own unique requirements when hiring information security professionals.
Whether a security professional is planning to work for the federal government or simply looking to land a job in the private sector, a criminal background check and drug test will most likely be required. If there is something on a professional’s record, it’s always best to be upfront with the potential employer rather than have it come out during the background check.
Sample job descriptions
Certain companies will require specific certifications, while others will list them as a plus. As a rule of thumb, there is no such thing as too many certifications.
Listed below are some of the requirements of several real jobs that are currently listed on Indeed.com.
IT security analyst
- The selected candidate must have knowledge of network and cloud-based security and familiarity with virtualization and VMware.
- The candidate must also possess the ability to analyze assets and identify and remediate vulnerabilities.
- This individual must have the flexibility to perform a variety of different tasks concurrently, by using self-motivation and sound planning, organization, and scheduling skills.
- They must also be able to communicate clearly orally and in writing and work well both individually and within a team environment.
- VIEW THE COMPLETE SECURITY ANALYST JOB DESCRIPTION.
Malware analyst II
- Strong knowledge of operating system internals, assembly language, and reverse engineering techniques.
- Thorough working understanding of the security industry and knowledge in identifying credible, malware analysis techniques relative to current and emerging threats.
- Strong communication (written and verbal) with the ability to brief/communicate information in a concise, effective manner to a wide range of audiences with minimal oversight.
- Ability to use static and dynamic methods to analyze a file using a debugger disassembler and other tools in a Virtual Machine (VM).
- LEARN MORE ABOUT A CAREER AS A MALWARE ANALYST
Digital data forensic examiner
- Work effectively as a team contributor and independently with minimal supervision or direction.
- Strong verbal and written communication skills.
- Proficiency in forensic techniques and tools (e.g., X-Ways, EnCase, FTK Suite, Cellebrite).
- Experience with scripting languages to automate investigative and routine functions.
- Experience with Microsoft, Apple, and Linux-based operating systems.
- Experience with server, workstation and mobile device hardware and software.
- Familiarity with network infrastructure components, as well as virtual and cloud environments.
- Available for occasional travel.
- Current forensic certification (e.g., CCE, GCFE, GCFA, EnCE, CFE).
- LEARN MORE ABOUT A CAREER IN DIGITAL FORENSICS
Check out the careers section for more detailed guides on cybersecurity jobs.
Remote cybersecurity jobs
Many people dream of having the ability to work from the comfort of their home. Or perhaps, some just want the ability to travel without having their job hold them back. Fortunately for those in cybersecurity careers, it’s possible to find a job that is either completely or partially remote.
The great thing about the internet is that it has granted many people the freedom from being tied to their desks in an office.
There are some jobs that will still require that individuals are onsite. For example, if you are a penetration tester and part of your job is testing physical controls, your presence at the customer site will be a vital part of your role.
On the other hand, an individual tasked with reverse engineering a piece of malware may be able to do so from anywhere in the world.
There are plenty of tools ranging from remote access software to virtual private networks, that allow professionals to be on their organization’s network without physically being in the same geographical location.
“In today’s world, nearly every business, regardless of size, needs help with cybersecurity. If you expand that view across the nation and the world, it is staggering the number of security professionals required to fill the need.”
— Ryan Sporrer, cybersecurity instructor at Western Iowa Tech
Some job sites, such as Indeed, will allow job seekers to type the word “remote” into the location search. This will typically produce job postings that are not locked into a specific location. In addition, there are some job searching websites that allow individuals to search through a database of strictly remote positions.
Another option for remote work is freelancing. Working for an organization permanently is not a good fit for everyone. Having the freedom to choose which projects you work on and having the ability to create your own schedule is certainly appealing.
Freelancing is a popular option for cybersecurity professionals who want these benefits. Websites such as Upwork and Freelancer are two popular websites which can help professionals get started freelancing.
Cybersecurity jobs near me
It’s safe to say that wherever technology exists, there is a need for cybersecurity. However, much like with any major industry there will be certain locations, or “hubs” where jobs in that field are more prevalent or higher-paying.
Not surprisingly, Washington D.C. has one of the highest concentrations of cybersecurity job openings according to analytics done by Indeed and CyberSeek. This is likely due to the number of government agencies in that area. While these government agencies have their own job openings, you’ll also find companies who contract for the government, such as Booz Allen Hamilton, close by as well.
Another major hub includes New York City. With New York City also being the financial capital of the US, it makes sense that cybersecurity is a big business in that area. Somebody needs to protect that data!
Indeed.com also lists Dallas-Fort Worth, TX, Baltimore, MD, and Chicago, IL in their top five cybersecurity cities.
Now, just because a city has a lot of cybersecurity jobs, doesn’t mean it will pay the highest. San Francisco ranks the highest in cybersecurity salaries at around $148,621. However, that number isn’t adjusted for the pricey cost of living in San Francisco, so that’s one more thing to keep in mind.
According to TheSoftwareReport.com, Symantec which is based in Mountain View, California was ranked the leading provider of cybersecurity software and services. FireEye, another California-based company, was ranked in second place.
In order to find local cybersecurity jobs in your area, you can use the location-based search feature on sites such as Monster, ZipRecruiter, Indeed, LinkedIn, and CareerBuilder.
According to the Bureau of Labor Statistics (BLS), in 2019 the median pay for a cybersecurity technician was $99,730 per year, or $47.95 per hour. For context, the median annual wage in the United States is just $39,810.
The lowest paid 10 percent of cybersecurity workers earn $57,810 per year or less. The highest paid 10 percent of cybersecurity workers earn $158,860 per year or more.
BLS data provides detailed information about the salary for a cybersecurity professional, depending on which industry that they work in. These are the median annual wages for various industries, as measured in May of 2019.
- Finance and insurance $103,510
- Computer systems design and related services $101,980
- Information technology $100,560
- Management of companies and enterprises $97,440
- Administrative and support services $96,190
As is the case in many industries, cybersecurity managers typically make more than cybersecurity technicians. According to the BLS the median annual salary for a computer and information systems manager is $146,360 per year. That equates to $70.37 per hour.
The mean salary for a cybersecurity technician is more than $100,000 per year, again according to the BLS.
The following five states are the largest employers of cybersecurity technicians. Total employment numbers and the mean salary are provided for each state.
- Virginia — 15,010 — $114,760
- Texas — 10,430 — $108,810
- California — 9,200 — $114,620
- New York — 7,120 — $121,750
- Florida — 6,630 — $91,580
The following five cities are the largest employers of cybersecurity technicians. Included is the total number of cybersecurity technicians employed in that city.
- Washington — 15,470
- Greater New York Area — 8,850
- Dallas — 4,690
- Boston — 4,010
- Atlanta — 3,540
Some employers may offer on the job training and certification programs. This is one way for a cybersecurity professional to gain new skills and advance within an organization. Once again, CyberSeek.org is a useful resource as it shows which cybersecurity positions are entry level and which require more experience.
It’s also important to point out that in many cases, cybersecurity may be one part of the job but not the entire job. Some organizations expect a cybersecurity worker to also fill a broader role as an IT professional. Tasks may include troubleshooting and fixing computer systems, setting up new systems and maintaining the security of the network.
Besides an excellent salary, there are several other benefits associated with a career in cybersecurity.
- Work from home — 2020 has brought about a work from home revolution all across America, with many jobs now being done outside of the office. However, cybersecurity technicians have been enjoying work from home benefits for years. One anecdote tells the story of a cybersecurity technician who has been working from home for 8 years without visiting the office once!
- High job satisfaction — An ICS2 study has found that 71 percent of all cybersecurity technicians report being satisfied with their job and 36 percent report being very satisfied. Cybersecurity technicians have an important role to play and the work that they do directly contributes to keeping an organization’s digital infrastructure safe.
- Plenty of job variety — Repetitive jobs can quickly become tedious and unsatisfying. Thankfully, no two days are the same for a cybersecurity technician. There are constantly new threats to defend against and new skills to learn. Cybersecurity is very dynamic and cybersecurity technicians are constantly engaged on the job.
Example cybersecurity careers with salaries
This section provides detailed salary statistics, including salary variations based on education level and industry.
The following are some of the most common job types within the field of cybersecurity, and their respective salaries. All salary information is provided by CyberSeek.org.
- Computer security incident responder — In the event of a data breach or a hack the incident responder is the first person to get a call. An incident responder is responsible for identifying the scope of the attack and responding to it as quickly as possible.
Average annual salary — $85,000
Available positions — 7,783
- Penetration tester — Also known as an “ethical hacker,” a penetration tester looks for vulnerabilities in a company’s digital infrastructure. Their job is to find an exploit before a hacker does.
Average annual salary — $104,000
Available positions — 13,959
- Security administrator — A security administrator is responsible for maintaining the security and functionality of a company’s computer systems and networks. It’s typically a high level job and the administrator must be familiar with many different systems.
Average annual salary — $103,000
Available positions — 19,471
- Security analyst — The security analyst is responsible for ensuring that security best practices are followed at a corporation or organization. As new security systems are released, it may be up to the analyst to update their organization’s infrastructure. Average annual salary — $96,000
Available positions — 29,494
- Security architect — A security architect is responsible for designing a computer network and all of the other digital infrastructure that a high tech company needs to operate efficiently. Security architects are highly paid, due to the complexity and importance of their work.
Average annual salary — $131,000
Available positions — 6,205
- Security code auditor — A security code auditor analyzes code to check for potential vulnerabilities. An auditor typically has extensive experience in programming and network infrastructure, and this is not an entry level position.
Average annual salary — $95,000
Available positions — 7,424
- Security consultant — A company may engage a security consultant when they have a problem that their in-house cybersecurity team cannot solve. Security consultants are typically familiar with many areas of cybersecurity, including penetration testing, network infrastructure and programming.
Average annual salary — $91,000
Available positions — 20,922
- Security engineer — Out of all cybersecurity professions, security engineers are typically paid the most. Their job involves building a secure computer system and ensuring that there is no chance for a hacker to compromise the system and steal data. More information is
Average annual salary — $99,000
Available positions — 54,838
- Security specialist — The security specialist maintains a network and upgrades it as needed. They may also perform security audits to ensure a network is safe against attack.
Average annual salary — $89,000
Available positions — 9,049
How cybersecurity degree level affects salary
The following three sections present information about how the education level of a job applicant can affect the salary they earn.
Bachelor’s degree holders typically earn the lowest salary in the cybersecurity field. According to Payscale, cybersecurity professionals with a bachelor’s degree earn an average annual salary of $70,232. This is an average salary, not a starting salary.
In terms of an entry level position, the The National Association of Colleges and Employers has found that the starting salary for a cybersecurity professional with a bachelor’s degree is $62,200 per year.
As a cybersecurity technician with a bachelor’s degree gains experience they’ll begin to earn a better salary, especially once they have 10 years or more of experience. However, a bachelor’s degree may keep a technician from advancing within an organization. Many upper management positions require a master’s degree.
Besides industry experience and advanced certifications, the best way to increase a cybersecurity salary is to complete a master’s degree program.
According to Payscale, the average annual salary for a cybersecurity professional with a master’s degree is $86,858. That’s an increase of about $16,000 per year, over what a bachelor’s degree holder can earn.
The National Association of Colleges and Employers has a similar finding. They report that the average salary for a master’s degree holder is $80,400, which is $18,000 more than a bachelor’s degree holder.
Ph.D. in cybersecurity
The following information from Payscale is based on an employee who has a doctor of science in computer science. This is a degree that qualifies someone to work in the cybersecurity field.
Based on the data below, it’s possible to see how a Ph.D. holder may earn $10,000 to $20,000 more than a non-Ph.D. holder.
- Senior security consultant — $130,000
- Cyber security engineer — $120,000
- Senior technical consultant — $157,000
- Senior data analyst — $91,000
- Cyber security analyst — $119,000
- Data security analyst — $134,000
Future cybersecurity job projections
The cybersecurity industry as a whole suffers from a lack of qualified personnel. This supply and demand mismatch is only likely to increase, as the world goes increasingly digital and even more computer infrastructure is built out.
According to a Burning Glass cybersecurity hiring report,
“The number of cybersecurity job postings has grown 94 percent since 2013, compared to only 30 percent for IT positions overall. That’s over three times faster than the overall IT market.”
Furthermore, there are only 2.3 employed cybersecurity technicians for every available position. That’s only half as many candidates as is typical. On average, across the United States there are 5.8 employed workers for each job opening. These findings illustrate a large supply and demand mismatch.
The Burning Glass report also indicates that within the field of cybersecurity, public cloud security and internet of things (IoT) are the fastest growing industries. Cybersecurity workers with expertise in these fields can expect to find many employment opportunities.
For even more projections about cybersecurity job growth we can turn to the BLS. According to BLS estimates,
“Employment of information security analysts is projected to grow 31 percent from 2019 to 2029, much faster than the average for all occupations.”
One of the key drivers in hiring for cybersecurity professionals is the amount of data that companies are collecting today. Data breaches are frustratingly common and many large companies want to hire cybersecurity professionals to build more secure systems.
The National Initiative for Cybersecurity Careers and Studies has released data which shows that the demand for cybersecurity professionals is growing twelve times faster than the average demand for workers in the United States.
By some estimates there could be as many as 3.5 million unfilled cybersecurity positions by 2021.
Cybersecurity could easily be labeled as one of the best jobs in America. Job demand is high today and is only projected to grow in the future. Salaries are well above average and experienced technicians can easily make more than $100,000 a year.
FOR MORE INFORMATION ABOUT SPECIFIC CAREERS BE SURE TO CHECK OUT OUR CAREERS SECTION. AND CHECK OUT OUR CYBERSECURITY CAREER NETWORKING GUIDE.
GENERAL CYBERSECURITY JOB DATA
Bureau of Labor Statistics (BLS): This is a national employment data resource maintained by the federal government. The report above cites several pages within the BLS database.
Burning Glass State of Cybersecurity Hiring Report: Burning Glass is a data analytics software company that has created a comprehensive cybersecurity hiring report.
Federal Cybersecurity Workforce Strategy: This document was created by the federal government to help define the nation’s cybersecurity capacity and to increase the cybersecurity workforce pipeline.
ISC2 Cybersecurity Workforce Report: ISC2 is a global cybersecurity professional organization that publishes annual workforce reports.
National Initiative for Cybersecurity Careers and Studies: This report, Veterans: Launch a New Career in Cybersecurity was specifically created for veterans, but it also contains useful and actionable information for all.
CompTIA Cybersecurity Career Pathway: This report, from the Computer Technology Industry Association, maps certification level to career opportunities. It also provides information on their cybersecurity certifications, which are common in the industry.
EC Council: This organization offers a number of well-regarded certifications within the cybersecurity space including the certified ethical hacker, certified penetration tester, and cybersecurity for business.
Infosec Institute: The Infosec Institute offers cybersecurity training for people and companies.
CYBERSECURITY SALARY DATA
Cyberseek: An interactive data portal regarding cybersecurity job opportunities supported by the National Initiative for Cybersecurity Education (NICE).
Payscale cybersecurity compensation data: Payscale is a career compensation data service.