Skip to content ↓ | Skip to navigation ↓

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series.

#5: Security Engineer

A Security Engineer is a mid-level employee who builds and maintains an organization’s IT security solutions. In this capacity, Security Engineers configure firewalls, test new security solutions, and investigate intrusion incidents.

Candidates who aspire to become Security Engineers must possess a strong technical background in vulnerability and penetrating testing, virtualization security, application and encryption technologies, and network and web-related protocols. The more tools and concepts with which a Security Engineer is familiar, the more they can help troubleshoot problems concerning an organization’s security systems.

Security Engineers make a median salary of $93,931, according to PayScale. They can expect to make at least $63K, though some Security Engineers can earn as much as $137K a year.

#4: IT Security Manager

An IT Security Manager is a mid-level employee who manages an organization’s IT security policy. IT Security Managers are leaders, so to be successful, they must have strong interpersonal and communication skills.

Individuals who are interested in becoming an IT Security Manager must be prepared to create and execute security strategies based on the input from the Security Director and/or the CISO. They must also test and implement new security tools, lead security awareness campaigns, and administer both department budgets and staff schedules.

IT Security Managers make on average a salary of $111,625. They can expect to earn at least $73K, according to PayScale, but those in larger organizations can make as much as $149K.

#3: IT Security Architect

An IT Security Architect is a senior-level employee who is responsible for building and maintaining the computer and network security infrastructure for an organization. This position requires that individuals develop a comprehensive picture of an organization’s technology and information needs, which they can then use to develop and test security structures.

IT Security Architects are expected to be knowledgeable in ISO 27001/27002, ITIL, and COBIT frameworks; risk assessment procedures; operating systems; and perimeter security controls, among other best practices.

IT Security Architects make a median salary of $125,382. According to PayScale, those on the lower end of the spectrum make around $85K, whereas the highest-paid IT Security Architects earn approximately $168K.

#2: Security Director

A Security Director is a senior-level employee whose task is to oversee the implementation of all IT security measures throughout an organization. As such, Security Directors are responsible for designing, managing, and allocating resources to various security programs within an organization’s security department; creating user awareness and security compliance education campaigns; interacting with non-management employees; and offering key assistance to law enforcement in the event of a security incident and during the subsequent investigation.

Security Directors must possess backgrounds like those of CISOs with respect to their knowledge of IT strategy, enterprise architecture, and other security-related concepts. They report directly to a CISO and assume the position of this executive role in smaller organizations.

Security Directors’ median salary is $149,155. PayScale locates the salary range for Security Directors between $89K and $182K.

#1: Chief Information Security Officer (CISO)

A CISO is a C-level management executive whose primary task is to oversee the general operations of an organization’s IT security department and other related staff. The organization’s overall security is the foremost concern of the CISO. As such, persons who aspire to become a CISO must demonstrate a strong background in IT strategy and security architecture.

They must also possess people and communication skills, which they are expected to use when assembling and managing a team of IT security experts as well as when consulting with other organizational executives and/or federal agencies depending on the nature of their workplace.

CISOs make a median salary of $166,498, according to PayScale. On the lower end, CISOs can expect to make at least $105K, but those in larger organizations can earn as much as $230K.

Check out Tripwire’s job postings to see if there’s an opening for one of the jobs listed above.