Top-paying cybersecurity jobs and salary trends for 2024
A career in cybersecurity is highly promising in terms of salaries, career growth and longevity. While the industry is maturing, the skills necessary for a successful career are constantly evolving. With the advent of cloud environments, zero trust, artificial intelligence and everything in between, cybersecurity professionals must stay ahead of the latest trends and threats.
Formal education is important for many job roles, but the learning doesn’t stop once you earn your degree. Cybersecurity certifications and learning new skills are crucial to helping you validate your skills, stay marketable to employers and command the highest possible salary.
CISOs earn top salaries, with average base salaries from $174,000 to $242,000. Like all high-paying roles, CISOs are life-long learners able to thrive amid change.
The landscape of cybersecurity careers in 2024
According to CyberSeek, there were only 72 cybersecurity professionals for every 100 U.S. cybersecurity jobs over the past year. It’s clear that the cybersecurity industry needs more workers at all levels.
For example,
-
The Bureau of Labor Statistics projects the need for information security analysts will grow 32% from 2022 to 2032 due to the increasing number of cyberattacks.
-
The cybersecurity workforce is also increasing, exploding 28% from 660,000 job openings in 2022.
-
The cybersecurity workforce shortage hit a record high of 4 million despite the huge industry recruitment push.
There are a variety of roles in cybersecurity — and not all are technical. For more insight into available job roles, see our best cybersecurity jobs in 2023.
What should you learn next?
10 high-paying cybersecurity jobs in 2024
While these are some of the most popular and highest-paying U.S. cybersecurity jobs in 2024, the exact cybersecurity salary can vary widely based on experience, geographical location, title, industry, organization size and any bonuses or other benefits.
1. Chief Information Security Officer (CISO)
-
Estimated base salary: $174,127 (PayScale)
-
Estimated base salary: $241,861 (Salary.com)
-
Estimated base salary: $187,358 (Glassdoor)
As the top executive in charge of the company's information and data security, the CISO role is increasing in popularity. This leader focuses solely on the information security program, implementing secure processes, educating on risk management and building a comprehensive cybersecurity strategy and framework.
This role is often highly experienced, with at least a decade of leadership or management in information security. Although they might have varied backgrounds and skill sets, all CISOs should be highly familiar with the leading security standards and possess globally recognized certifications like Certified Information Systems Security Professional (CISSP) from ISC2, Certified Information Security Manager (CISM) or the Certified in Risk and Information Systems Control (CRISC).
CISOs have average base salaries ranging from $174,000 to $242,000 in 2024, not including bonuses or other additional compensation.
A note on total compensation
It’s important to note the base salaries above do not include bonuses.
-
PayScale reports CISO bonuses ranging from $5,000 to $50,000 and profit-sharing ranging from $4,000 to $35,000
-
Salary.com reports an additional $41,000 in median pay with bonuses
-
Glassdoor reports $87,485 in estimated additional total pay
For the rest of the article, we’ll only highlight the base pay for each role, but keep these additional factors in mind when evaluating total compensation.
2. Network security architect
-
Estimated base salary: $137,962 (PayScale)
-
Estimated base salary: $ $127,873 (Salary.com)
-
Estimated base salary: $152,905 (Glassdoor)
Responsible for designing, building and maintaining a company security system, a network security architect is a mid-level role that focuses on assessing information systems for weaknesses. Most network security architects have a formal degree in computer science, IT or security and many have master's degrees or specialized certifications. Popular certification options are the Certified Information Systems Security Professional (CISSP), CASP+ or the Certified Information Security Manager (CISM).
Network security architects have average base salaries ranging from $127,000 to $153,000 in 2024, not including bonuses or other additional compensation.
3. Cybersecurity engineer
-
Estimated base salary: $101,584 (PayScale)
-
Estimated base salary: $150,430 (Salary.com)
-
Estimated base salary: $119,021 (Glassdoor)
A security engineer is responsible for every aspect of data security in an organization, ensuring vulnerabilities are minimized by utilizing emerging technologies to mitigate threats. Their goal is to reduce business downtime during a disaster, mitigate threats entirely and protect vulnerable data and systems. Ideal certifications for career advancement include CCNP Enterprise, the Certified Information Systems Security Professional (CISSP) or an ethical hacking certification like Certified Ethical Hacker (CEH) or PenTest+. More advanced engineers may earn their CASP+ as well.
Cybersecurity engineers’ duties and salaries can vary greatly based on the size of the company and their experience, but they have average base salaries ranging from $102,000 to $150,000 in 2024, not including bonuses or other additional compensation.
4. Cloud security engineer
-
Estimated base salary: $136,485 (PayScale)
-
Estimated base salary: $102,723 (Salary.com)
-
Estimated base salary: $118,317 (Glassdoor)
Large enterprises project that 60% of their data will be in cloud environments by 2025, highlighting increased adoption and cloud spending. With the increased demand for cloud environments and security, cloud security engineers are one of the fastest-growing cybersecurity positions. Their responsibilities include designing and implementing secure cloud architecture and infrastructure, including installations, maintenance and more. Ideal certifications include cloud-focused certifications like CCSP, CCSK, Azure or AWS.
Cloud security engineers have average base salaries ranging from $103,000 to $136,000 in 2024, not including bonuses or other additional compensation.
What should you learn next?
5. Security sales engineer
-
Estimated base salary: $114,323 (PayScale)
-
Estimated base salary: $94,081 (Salary.com)
-
Estimated base salary: $106,529 (Glassdoor)
A security sales engineer is a unique blend of strong sales skills and technical knowledge. They participate in the technology evaluation buying process for customers and work with the sales team to advise on technical product aspects. This unique role uses strong selling skills to explain complex, advanced products to often non-technical clients. Although security certifications may not be required for this role, earning a Security+ can help ensure you’re speaking the same language as your cybersecurity buyers. If you’re wondering, "What is the CompTIA Security+ certification?" check our informational hub to learn more about this popular cert.
Security sales engineers have average base salaries ranging from $94,000 to $114,000 in 2024, not including bonuses or other additional compensation. Like most sales roles, some component of the compensation is often commission-based, so total pay can be higher (and base pay potentially lower) depending on how the position is structured.
6. Application security engineer
-
Estimated base salary: $97,684 (PayScale)
-
Estimated base salary: $108,499 (Salary.com)
-
Estimated base salary: $136,313 (Glassdoor)
Application security engineers specialize in anticipating structural vulnerabilities in an organization's applications. They might be responsible for proactively updating software, building encryption programs and executing robust firewall systems. They also perform regular testing and penetration scans, so a bachelor's degree in cybersecurity or IT is often paired with a specialized offensive certification like the Certified Ethical Hacker (CEH) or PenTest+ and secure coding best practices like the CSSLP.
Application security engineers have average base salaries ranging from $98,000 to $136,000 in 2024, not including bonuses or other additional compensation.
7. Penetration tester
-
Estimated base salary: $92,759 (PayScale)
-
Estimated base salary: $88,341 (Salary.com)
-
Estimated base salary: $112,070 (Glassdoor)
A penetration tester designs and plans simulations and security assessments to probe for potential vulnerabilities or weaknesses that cybercriminals or hackers might try to exploit — and then reports on those weaknesses to organizations. This challenging role requires skilled professionals to anticipate sophisticated cybercriminal tactics.
The Certified Ethical Hacker (CEH) and PenTest+ are popular certifications for this role, but you can also specialize in different areas of pentesting (see our top 10 pentesting certifications article for more) as you build your experience and value to organizations.
Penetration testers have average base salaries ranging from $88,000 to $112,000 in 2024, not including bonuses or other additional compensation.
8. Malware analyst
-
Estimated base salary: $92,880 (PayScale)
-
Estimated base salary: $100,225 (Salary.com)
-
Estimated base salary: $100,089 (Glassdoor)
Malware analysts are in high demand as malicious software (malware) is one of the most damaging and popular types of cyber threats. A malware analyst examines, identifies and understands the nature of all different types of cyber threats and builds defense systems against them. This is a specialized and technical role that can benefit from offensive certifications like those listed under penetration tester. Certified Reverse Engineering Analyst (CREA) and a strong understanding of the OWASP Top 10 and common vulnerabilities can help succeed in this role.
Malware analyst have average base salaries ranging from $93,000 to $100,000 in 2024, not including bonuses or other additional compensation.
9. Cybersecurity administrator
-
Estimated base salary: $71,071 (PayScale)
-
Estimated base salary: $93,584 (Salary.com)
-
Estimated base salary: $89,193 (Glassdoor)
A security administrator can have different responsibilities depending on the organization, but it is the primary job role associated with the Security+ certification. As a result, this can be a good entry-level role for someone with IT experience moving into cybersecurity and building their knowledge and skills. Security administrators typically help protect computer systems and networks from threats and have duties ranging from installing and configuring security software to responding to security incidents. In addition to the Security+, a strong understanding of networks is essential to defend them, so Network+ and vendor-specific certs like CCNA can be helpful.
Security administrators have average base salaries ranging from $71,000 to $93,000 in 2024, not including bonuses or other additional compensation.
10. Information security analyst (Tier 1, 2, 3)
-
Estimated base salary: $73,664 (PayScale)
-
Estimated base salary: $93,584 (Salary.com)
-
Estimated base salary: $74,315 (Glassdoor)
An information security analyst monitors a business's network for security breaches, responds to incidents and assists with disaster recovery when breaches occur. Many security operation centers (SOCs) have different levels of SOC analysts, with increasing levels of responsibility and salary. For example, Glassdoor has an average salary of $99,747 for Tier II security analysts and $11,476 for a senior SOC analyst. Once you have a Security+ or equivalent knowledge, the most common certification is CompTIA’s Cybersecurity Analyst (CySA+).
Information security analysts have average base salaries ranging from $74,000 to $93,000 in 2024, not including bonuses or other additional compensation from advancing to more senior levels.
The role of certifications in cybersecurity careers
As you advance in your security career, your experience and certifications will provide you with momentum and a corresponding salary. Certifications supporting high-paying manager cybersecurity roles include the CISSP and CISM. The CRISC and CGEIT are also frequently listed among the highest-paying certs as they align with senior risk and governance roles. All four of these certs require experience to pass the exam. This makes them ideal for hiring managers to confirm that candidates have both the needed knowledge and hands-on experience.
What should you learn next?
While these are popular high-paying certifications, they may not be right — or the most lucrative for you. It’s important to tailor your training and skills to the role you’re pursuing. For example, CompTIA Security+ is built for entry-level cybersecurity, but it might be ideal for a sales engineer looking to understand the technical side of products. Likewise, those working with vendor-specific technologies may want to focus on earning Cisco, Microsoft, AWS or other vendor certifications.
Additional certifications like PMP for project management or an IAPP cert for privacy can also help you stand out to employers. To accelerate your career path, explore Infosec's extensive security training course catalog to see what fits your goals.