Updated: November 27, 2018
There’s no shortage of open cyber security jobs (as we’ve documented here). But which ones will top the list in 2019?
Thanks to the CyberSeek.org project backed by NICE, we have a pretty good idea. The top five open positions, described below, can help students understand the opportunities that are available to them, experienced professionals find opportunities for career transitions (like IT to cyber), and cyber security and business leaders understand the hiring landscape as they build their cyber workforce development programs.
We’ve mapped these high-level job categories to specific job roles within the NICE Cybersecurity Workforce Framework, for those interested in detailed readouts of the KSAs (knowledge, skills, abilities) required of each position.
Without further ado, the top five cyber security jobs, ending with the most in-demand, are (drumroll, please):
All salary information is from payscale.com and/or the Bureau of Labor Statistics, and is likely to vary drastically by region and level of experience.
5. Penetration and Vulnerability Tester
On the list for the first time in 2019, the penetration and vulnerability tester (“penetration tester” going forward) is the only position on this list with the express goal of breaking into things, instead of keeping others out. In fact, that’s precisely why this position is valued so highly. Penetration testers, also called ethical hackers, are tasked with finding and exploiting the weaknesses in their own systems, networks, and applications, and reporting those vulnerabilities to the security team.
Penetration testers typically conduct a variety of assessment types against their own organizations. Using security tools like Metasploit, Wireshark, and Nikto, penetration testers conduct tests of network and application security, perform code reviews, assess physical security, and evaluate security policies.
But it’s not all hacking and cracking. Penetration testers also must be able to write comprehensive and detailed reports of their findings so the security team can patch vulnerabilities quickly. Because of this unique skill set and its importance for enterprise security, the demand for penetration testers will continue to grow.
Average salary: $95,510
Related NICE Work Role ID: PR-VAM-001
4. Cyber Security Consultant
Also making the list for the first time in 2019: the Cyber Security Consultant. Unlike the other jobs on this list, the Cyber Security Consultant is typically not employed by in-house security teams, but is more commonly associated with external or third-party security consulting firms (like Focal Point).
The Cyber Security Consultant is generally an entry-level cyber security position, performing a wide range of tasks from policy reviews to controls testing to report generation. Many Cyber Security Consultants go on to specialize in specific security disciplines, like penetration testing, incident response, or compliance.
The inclusion of this role on the Top 5 list is perhaps an indication of a broader industry trend: the growing workforce shortage in the security field. As companies struggle to fill security roles, they increasingly rely on cyber security consulting firms to handle their largest, most complex projects. As a result, demand for entry-level consultants is on the rise among professional services firms.
Average salary: $77,746
Related NICE Work Role ID: N/A
3. Cyber Security Manager / Administrator
The Cyber Security Manager/Administrator is responsible for implementing and overseeing the cyber security program for a given system or network. Large organizations typically require many security managers or administrators to run specific portions of the enterprise security program. They are often required to monitor their focus area, maintain the related tools, monitor compliance with related policies, audit their program, and build cyber security awareness.
Many organizations further break down the cyber security manager role into two categories: program security managers, which are typically focused on programmatic risk management and mitigation (think vendor risk management, etc.), and technical security managers, which oversee specific systems and the teams that manage them (think firewalls, pen testing, encryption, etc.).
With enterprise cyber security investments on the rise across the board, including the rapid growth of enterprise SOCs, organizations will continue to seek out cyber security managers to serve as the backbone of their ever-expanding security programs.
Average salary: $109,113
Related NICE Work Role IDs: OV-MGT-001
2. Cyber Security Analyst
Cyber security analysts are on the front lines of a company’s cyber defense. And with data breaches on the rise, organizations are hiring large numbers of cyber security analysts to do the critical work of analyzing security incidents quickly and thoroughly. Using information collected from threat monitoring tools and other sources, they identify, analyze, and report on events that have occurred or may occur on the network. As one of the fastest growing positions in the cyber security industry, the U.S. Bureau of Labor Statistics expects 28% growth in hiring between 2016 and 2026 – far outpacing the average for all occupations.
Many cyber security analysts eventually leave that position for more specialized roles in engineering, compliance, or penetration testing. For that reason, it’s a desirable place to begin a career in cyber security, especially in a company with a well-developed cyber workforce development program.
Many cyber security analysts are employed by consulting firms and security service providers, as well. As the need for third-party security services grows, the hiring demand for junior cyber security analysts will only increase.
Average salary: $75,162
Related NICE Work Role IDs: PR-CDA-001
1. Cyber Security Engineer
The cyber security engineer is projected to be the most in-demand security position yet again in 2019 (it also topped the list in 2018).
An intermediate-level position in most organizations, cyber security engineers are tasked with using an engineering approach to design and implement security systems customized to stop specific threats. This position requires a broad base of knowledge and the ability to maintain systems, identify vulnerabilities, track issues, and improve automation.
Unlike analysts, who are primarily concerned with monitoring and tracking threats, the cyber security engineer is often called upon to develop security plans and policies, implement solutions or mitigate vulnerabilities, investigate breaches, and respond to security incidents. As the quantity and severity of security threats rises, so does the need for cyber security engineers to design systems to stop them.
Critically, cyber security engineers are also often asked to communicate their findings upward, and may be asked to interface with a wide variety of stakeholders. Soft skills – particularly the ability to communicate complex ideas quickly and simply – is critical in this role.
Average salary: $96,188
Related NICE Work Role IDs: PR-INF001, SP-SYS001
To learn more about how to build a workforce development program that incorporates these positions, check out our virtual white paper, the Essential Guide to Cyber Workforce Development.