Skip to content ↓ | Skip to navigation ↓

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series.

#5: Security Engineer

A Security Engineer is a mid-level employee who is responsible for building and maintaining the IT security solutions of an organization. In this capacity, Security Engineers configure firewalls, test new security solutions, and investigate intrusion incidents, among other duties, all while reporting to the Security Manager.

Candidates who aspire to become Security Engineers must possess a strong technical background in vulnerability and penetrating testing, virtualization security, application and encryption technologies, and network and web-related protocols. The more tools and concepts with which a Security Engineer is familiar, the more they can help troubleshoot any problems with an organization’s security systems.

Security Engineers make a median salary of $86,996, according to PayScale’s 2015 estimates. Those who enter the field of information security as Security Engineers can expect to make at least $57,000. However, some can earn as much as $128,000 a year.

#4: Security Manager

A Security Manager is a mid-level employee who is tasked with managing an organization’s IT security policy. Soft skills, such as leadership and strong interpersonal and communication skills, are therefore crucial for successful Security Managers.

Individuals who are interested in becoming a Security Manager must be prepared to create and execute security strategies based on the input from the Security Director and/or the CISO. They must also test and implement new security tools, lead security awareness campaigns, and administer both department budgets and staff schedules.

Security Managers make on average a salary of $103,827. They can expect to earn at least $68,900, according to PayScale, but those in larger organizations can make as much as $142,094.

#3: Security Architect

A Security Architect is a senior-level employee who is responsible for building and maintaining the computer and network security infrastructure for an organization. This position requires that individuals develop a comprehensive picture of an organization’s technology and information needs, which they can then use to develop and test security structures.

Security Architects are expected to be knowledgeable in a diverse set of technical skills including ISO 27001/27002, ITIL and COBIT frameworks, risk assessment procedures, operating systems, and perimeter security controls.

Security Architects make a median salary of $120,181. According to PayScale, those on the lower end of the spectrum make around $84,258, whereas the highest-paid Security Architects earn approximately $154,075.

#2: Security Director

A Security Director is a senior-level employee whose task is to oversee the implementation of all IT security measures throughout an organization. As such, Security Directors are responsible for designing, managing and allocating resources to various security programs within an organization’s security department; creating user awareness and security compliance education campaigns; interacting with non-management employees; and offering key assistance to law enforcement in the event of a security incident and subsequent investigation.

Security Directors are expected to possess backgrounds similar to those of CISOs with respect to their knowledge of IT strategy, enterprise architecture, and other security-related concepts. In fact, Security Directors report directly to a CISO and generally assume the position of this executive role in smaller organizations.

Security Directors’ median salary is $137,143. PayScale’s estimates locate the salary range for Security Directors between $87,206 and $172,995.

#1: Chief Information Security Officer (CISO)

A CISO is a C-level management executive whose primary task is to oversee the general operations of an organization’s IT security department and other related staff. The organization’s overall security is the foremost concern of the CISO. As such, persons who aspire to become a CISO must demonstrate a strong background in IT strategy and security architecture.

They must also possess people and communication skills, which they are expected to use when assembling and managing a team of IT security experts as well as when consulting with other organizational executives and/or federal agencies depending on the nature of their workplace.

CISOs make a median salary of $155,620, according to PayScale’s estimates. On the lower end, CISOs can expect to make at least $101,686, but those in some of the larger organizations can earn as much as $222,466 a year.

Check out Tripwire’s job postings to see if there’s an opening for one of the jobs listed above.

Also, you can read Part 1 of “The Top 10 Highest Paying Jobs in Information Security” here.