There’s no shortage of open cyber security jobs (as we’ve documented here).
But which ones will top the list in 2018?
Thanks to the CyberSeek.org project backed by NICE, we have a pretty good idea. The top five open positions, described below, can help students understand the opportunities that are available to them, experienced professionals find opportunities for career transitions (like IT to cyber), and cyber security and business leaders understand the hiring landscape as they build their cyber workforce development programs.
We’ve mapped these high-level job categories to specific job roles within the NICE Cybersecurity Workforce Framework, for those interested in detailed readouts of the KSAs (knowledge, skills, abilities) required of each position.
The top five jobs, ending with the most in-demand, are (drumroll, please):
All salary information is from payscale.com, and is likely to vary drastically by region and level of experience.
5. Software Developer / Engineer
Software developers, as the name would suggest, do the heavy lifting in the creation of new software applications or the customization of existing systems. They must be familiar with (or specialize in) any number of computer languages, including Python, Java, PHP, XML, C++, or Unix Shell Scripting. They are also often expected to be familiar with a variety of operating systems and databases.
Software engineers play a complementary role. They are principally focused on connecting the needs of the end user (what does the user need to accomplish?) with the development solutions available to them (what can we build?). In other words, they use the principles of engineering to build software.
A third related position is the secure software assessor, responsible for analyzing the security of new or existing applications and software. They function, essentially, as the security check on the work of the developers and engineers.
The driving force behind the demand for software developers and engineers is, simply, an increased demand for internal and external software. As more companies turn to automation software for routine tasks and interactions, that demand is only expected to rise – as is the need for assessors to analyze the security of new applications. In fact, the Bureau of Labor Statistics expects employment for this position to grow 24% between 2016 and 2026.
Average salary: $69,297 - $81,425
Related NICE Work Role IDs: SP-DEV-001, SP-DEV-002
4. Cyber Security Manager / Administrator
The Cyber Security Manager/Administrator is responsible for implementing and overseeing the cyber security program for a given system or network. Large organizations typically require many security managers or administrators to run specific portions of the enterprise security program. They are often required to monitor their focus area, maintain the related tools, monitor compliance with related policies, audit their program, and build cyber security awareness.
Many organizations further break down the cyber security manager role into two categories: program security managers, which are typically focused on programmatic risk management and mitigation (think vendor risk management, etc.), and technical security managers, which oversee specific systems and the teams that manage them (think firewalls, pen testing, encryption, etc.).
With enterprise cyber security investments on the rise across the board, including the rapid growth of enterprise SOCs, organizations will continue to seek out cyber security managers to serve as the backbone of their ever-expanding security programs.
Average salary: $109,113
Related NICE Work Role IDs: OV-MGT-001
3. Network Engineer / Architect
Network engineers install, configure, test, operate, maintain, and manage local area networks, wide area networks, intranets, and extranets. They also typically manage their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software.
Network engineers play an absolutely critical role in ensuring that work gets done. Perhaps more than most other positions on the list, if a network engineer/architect has a bad day, it has the potential to interrupt the day-to-day work of large swaths of your co-workers and customers.
In the late 2010s, many IT leaders were predicting a gradual decline in the number of network engineers. The theory was that the explosion of automation and cloud computing would slowly make network engineers less relevant. However, the thinking has changed in the past few years. Many experts now expect the role of thenetwork engineer to evolve, rather than evaporate. In 2018, we expect hiring of network engineers to continue to be strong.
Average salary: $70,951 - $113,065
Related NICE Work Role IDs: OM-NET-001
2. Cyber Security Analyst
Cyber security analysts are on the front lines of a company’s cyber defense. And with data breaches on the rise, organizations are hiring large numbers of cyber security analysts to do the critical work of analyzing security incidents quickly and thoroughly. Using information collected from threat monitoring tools and other sources, they identify, analyze, and report on events that have occurred or may occur on the network. As one of the fastest growing positions in the cyber security industry, the U.S. Bureau of Labor Statistics expects 28% growth in hiring between 2016 and 2026 – far outpacing the average for all occupations.
Many cyber security analysts eventually leave that position for more specialized roles in engineering, compliance, or penetration testing. For that reason, it’s a desirable place to begin a career in cyber security, especially in a company with a well-developed cyber workforce development program.
Many cyber security analysts are employed by consulting firms and security service providers, as well. As the need for third-party security services grows, the hiring demand for junior cyber security analysts will only increase.
Average salary: $75,162
Related NICE Work Role IDs: PR-CDA-001
1. Cyber Security Engineer
The cyber security engineer is projected to be the most in-demand security position in 2018.
An intermediate-level position in most organizations, the cyber security engineers are tasked with using an engineering approach to design and implement security systems customized to stop specific threats. This position requires a broad base of knowledge and the ability to maintain systems, identify vulnerabilities, track issues, and improve automation.
Unlike analysts, who are primarily concerned with monitoring and tracking threats, the cyber security engineer is often called upon to develop security plans and policies, implement solutions or mitigate vulnerabilities, investigate breaches, and respond to security incidents. As the quantity and severity of security threats rises, so does the need for cyber security engineers to design systems to stop them.
Critically, cyber security engineers are also often asked to communicate their findings upward, and may be asked to interface with a wide variety of stakeholders. Soft skills – particularly the ability to communicate complex ideas quickly and simply – is critical in this role.
Average salary: $96,188
Related NICE Work Role IDs: PR-INF001, SP-SYS001
To learn more about how to build a workforce development program that incorporates these positions, check out our virtual white paper, the Essential Guide to Cyber Workforce Development.