Please note: All salary information is based on U.S. national averages according to payscale.com at the time this article was written.
1. Threat intelligence analyst/hunter
These individuals try to predict the future. No, they don’t use a crystal ball: they use in-depth research and technical analysis of networks and computer systems in an attempt to understand when and how potential threats may arise. Threat intelligence analysts work with companies, law enforcement and the government to help prevent cyberattacks. It’s easy to think of threat analysts as being similar to penetration testers, but they usually don’t carry out tests. Instead, they use research and psychological insight to prevent attacks. Avg. Salary: $66,606
2. Application security engineer
Application security engineers are software developers that specialize in auditing and revising application code for optimal security. It’s entirely possible, and all too common, that applications aren’t coded in the most efficient and secure way possible. An attacker can use an exploit resulting from insecure code to gain all sorts of information from an application or even hijack it. Application security engineers work to ensure that this can’t happen. These engineers usually come from a strong programming background and often have a computer science degree. They know multiple programming languages well and are deeply familiar with engineering and design patterns. Avg. Salary: $68,284
3. Computer forensics expert
Computer forensics experts are the CSIs of the tech world. They investigate computer systems to uncover evidence of cybercrime. Computer forensics experts can work with large companies, but they can also find employment with law enforcement and even law firms. It’s a career that also affords the opportunity to work independently as a contractor. Being a computer forensics expert is like being a cross between a hacker and Sherlock Holmes. It’s one of the more dynamic and challenging careers, but it’s likely to never be boring. Avg. Salary: $69,917
4. Incident responder/intrusion cnalyst
Incident responders are the emergency personnel of the information security world. They arrive immediately after a breach, and it’s their responsibility to triage the problem. It’s on incident responders to track down the root of the problem, contain and repair the damage, and ultimately ensure that it never happens again. This may be both the most exciting and stressful of the information security careers. Being an incident responder means you come into an IT department on their worst day, but it also means you can be the hero that turns all that around. Avg. Salary: $70,497
5. Information security specialist
Somewhat ironically, information security specialist is more of a generalist title for anyone specializing in the information security field. This is a broader role: you may find yourself performing any number of tasks related to information security, and your duties will likely vary with time. Information security specialists are more common in medium-sized companies that have the resources and infrastructure to warrant specialized information security staff but aren’t large enough to specialize further within the field. Avg. Salary: $74,396
6. Security consultant
Security consultants are independent contractors that help organizations improve their overall security. They are generally self-employed or work for a consulting firm and are hired by businesses, government organizations and even non-profits to implement new security measures and procedures or shore up existing ones. Security consultants are usually generalists, but they’re also considered experts in the field and demonstrate education and a proven track record to earn their status. They need to adapt to meet the needs of their clients, whatever they may be. Avg. Salary: $79,738
7. Penetration tester
Have you ever thought that it’d be amazing to work as a hacker without being on the wrong side of the law? This is the career for you. Penetration testers are ethical hackers, sometimes called white hats, and they work with businesses to ensure that systems aren’t vulnerable to known exploits and security threats. Penetration testers are hired to test out real-world scenarios as though they were a malicious attacker trying to breach a company, usually employing the same tools and techniques. But instead of carrying out an attack that would do real damage, the penetration tester documents any vulnerabilities and reports them back to the business. Avg. Salary: $81,198
8. Malware analyst
As the title suggests, malware analysts specialize in studying, preventing and combating malware. Malware analysts work within an organization examining viruses, worms, Trojans, rootkits and other forms of malicious code. Malware analysts usually come from a development or computer science background, since they need to be strong programmers to both understand the behavior of malware and write protective measures and anti-virus code counter it. Avg. Salary: $87,671
9. Information security engineer
When most people think of a career in information security, they’re probably thinking of a career as an information security engineer. Information security engineers are IT professionals that implement and maintain the security systems of an organization on a daily basis. This is similar to a traditional systems administration position, but with a focus on security. Instead of testing and implementing a new web server, you’ll be configuring and hardening advanced network firewalls and performing security analysis on your network. Information security engineers are also responsible for tracking and reporting incidents when they occur. Avg. Salary: $91,503
10. IT security architect
IT security architects plan and design an organization’s entire network, including computer systems. They then oversee the implementation of those systems. This is a senior-level position that requires complete knowledge of the systems an organization needs to implement, as well as all applicable security standards and best practices. Security architects orchestrate every aspect of a network’s construction, including vulnerability testing and education efforts for employees. Avg. Salary: $120,306