Skip to content ↓ | Skip to navigation ↓

Information security is an exciting and rapidly growing field for individuals who are interested in protecting users and their data. In an effort to map out the industry as a possible career choice, we recently conducted research into the top 10 infosec jobs based on overall pay grade. We now continue with the second part of our two-part series.

#5: Malware Analyst

A Malware Analyst is responsible for helping an organization understand the viruses, worms, bots, Trojans and other malicious software that threaten its network on a daily basis.

In this capacity, Malware Analysts commonly work with Forensic Computer Analysts and incident responders in the event of an intrusion and/or suspicious computer behavior to help identify malicious programs that may have infiltrated an organization’s computer systems. This involves conducting static and dynamic analysis of the suspicious code in order to establish signatures of the malware’s presence as well as developing tools that can help protect the organization’s networks against future intrusions.

Malware Analysts make a median salary of $92,880, says PayScale. They can expect to earn at least $66K, but some can take home as much as $118K a year.

#4: Security Manager

A Security Manager is a mid-level employee who manages an organization’s IT security policy. Soft skills such as leadership and strong interpersonal and communication skills are therefore crucial for Security Managers to be successful.

Individuals who are interested in becoming a Security Manager must be prepared to create and execute security strategies based on the input from the Security Director and/or the CISO. They must also test and implement new security tools, lead security awareness campaigns and administer both department budgets and staff schedules.

Security Managers make on average a salary of $104,914. They can expect to earn at least $71K, according to PayScale, but those in larger organizations can make as much as $147K.

#3: IT Security Architect

An IT Security Architect is a senior-level employee who is responsible for building and maintaining the computer and network security infrastructure for an organization. This position requires that individuals develop a comprehensive picture of an organization’s technology and information needs, which they can then use to develop and test security structures.

IT Security Architects are expected to be knowledgeable in a diverse set of technical skills including ISO 27001/27002, ITIL and COBIT frameworks; risk assessment procedures; operating systems; and perimeter security controls.

IT Security Architects make a median salary of $122,272. According to PayScale, those on the lower end of the spectrum make around $85K, whereas the highest-paid IT Security Architects earn approximately $160K.

#2: Security Director

A Security Director is a senior-level employee whose task is to oversee the implementation of all IT security measures throughout an organization. As such, Security Directors are responsible for designing, managing and allocating resources to various security programs within an organization’s security department; creating user awareness and security compliance education campaigns; interacting with non-management employees; and offering key assistance to law enforcement in the event of a security incident and subsequent investigation.

Security Directors must possess backgrounds similar to those of CISOs with respect to their knowledge of IT strategy, enterprise architecture and other security-related concepts. They report directly to a CISO and assume the position of this executive role in smaller organizations.

Security Directors’ median salary is $139,939. PayScale’s estimates locate the salary range for Security Directors between $85K and $176K.

#1: Chief Information Security Officer (CISO)

A CISO is a C-level management executive whose primary task is to oversee the general operations of an organization’s IT security department and other related staff. The organization’s overall security is the foremost concern of the CISO. As such, persons who aspire to become a CISO must demonstrate a strong background in IT strategy and security architecture.

They must also possess people and communication skills, which they are expected to use when assembling and managing a team of IT security experts as well as when consulting with other organizational executives and/or federal agencies depending on the nature of their workplace.

CISOs make a median salary of $158,939, according to PayScale’s estimates. On the lower end, CISOs can expect to make at least $104K, but those in some of the larger organizations can earn as much as $222K a year.

Check out Tripwire’s job postings to see if there’s an opening for one of the jobs listed above.