Skip to content ↓ | Skip to navigation ↓

Want a job in cybersecurity? There are plenty to go around. Cybersecurity Ventures estimated that there will be 3.5 million job openings in the industry by the end of the year. That makes sense. According to Gartner, global spending on information security and risk management technology is expected to exceed $150 billion in 2021. Organizations are going to need someone to help them manage those new solutions.

The issue is that information security is an expansive industry. As such, it’s not always easy for aspiring security professionals to know where to begin with selecting a career path or with pursuing their first certification. To help them out, here are 10 of the top highest-paying infosec jobs based on overall median pay grade.

#10: Forensic Computer Analyst

A Forensic Computer Analyst gathers evidence off computers, networks, and other data storage devices for investigating instances of digital crime.

These individuals commonly work closely with law enforcement agencies to compile evidence for legal cases, draft technical reports, offer expert testimony in trials, and train officers in computer evidence tactics. Those wanting to pursue this career path must be familiar with several programming languages and operating systems as well as with cryptography principles, eDiscovery tools, and forensics software.

Forensic Computer Analysts make a median salary of $74,896. They can expect to earn at least $51K, according to PayScale. But with the possibility of commissions, tips, and overtime, they can make as much as $119K.

#9: Information Security Specialist

An Information Security Specialist is an entry- to mid-level employee whose job functions help to strengthen the security of an organization.

Information Security Specialists are often required to analyze a system’s security requirements, install and configure security solutions, perform vulnerability testing, and help train fellow employees in security awareness. Individuals who are interested in becoming Information Security Specialists should have knowledge of ethical hacking, computer networking, programming, and Security Information and Event Management (SIEM).

Information Security Specialists earn a median salary of $77,092. According to PayScale, these individuals make at least $51K but can take home as much as $121K.

#8: IT Security Consultant

A IT Security Consultant is an outside expert who helps an organization implement the best solutions according to their security needs.

Those who wish to become IT Security Consultants must be knowledgeable in a wide range of security standards, security systems, and authentication protocols. They must also be willing to develop an in-depth picture of the organization for which they are working. That includes interviewing management and other executives as well as familiarizing themselves with the organization’s corporate policies. IT Security Consultants can then use this knowledge to implement a set of security tools they see fit depending on an organization’s requirements.

IT Security Consultants make a median salary of $85,505, according to PayScale. They can expect to bring home at least $62K, and they can earn as much as $140K a year.

#7: Penetration Tester

A Penetration Tester is responsible for probing applications, systems, and networks for vulnerabilities as a test of an organization’s digital security defenses.

Penetration Testers must be prepared to conduct physical security assessments of critical IT assets, design and create new penetration tools, employ social engineering to uncover security gaps, as well as provide feedback on their assessments. Even so, Penetration Testers should leverage a vulnerability or exploit only to demonstrate its potential to produce a security incident. They should not use the entire set of actions that a criminal would in an attack.

Penetration Testers make a median salary of $86,012. Overall, they can expect to earn between $59K and $138K, reveals PayScale.

#6: Malware Analyst

A Malware Analyst is responsible for helping an organization understand the ransomware, worms, bots, Trojans, and other malicious software that threaten its network on a daily basis.

In this capacity, Malware Analysts commonly work with Forensic Computer Analysts and incident responders to help identify malicious programs that may have infiltrated an organization’s computer systems. This involves conducting static and dynamic analysis of the suspicious code to establish signatures of the malware’s presence as well as developing tools that can help protect the organization’s networks against future intrusions.

Malware Analysts make a median salary of $92,880, says PayScale. They can expect to earn at least $66K, but some can take home as much as $118K a year.

Check out the top five jobs in the Information Security industry here: