Updated: December 10, 2019
In 2019, businesses invested even more in technology, new privacy regulations were passed, and cyber threats became more sophisticated. To meet the growing demands of today’s businesses, (ISC)2 estimates that the U.S. cybersecurity workforce would need to increase by 62%.
With cybersecurity jobs in such high demand and skilled professionals in low supply, many companies have whittled their cyber talent wishlist down to a few key positions. Which positions will top the list in 2020? Based on data from the CyberSeek.org project backed by NICE, we have a pretty good idea.
The top five positions, described below, can help students understand the opportunities that are available to them, experienced professionals find opportunities for career transitions (like IT to cyber), and cybersecurity and business leaders understand the hiring landscape as they build their cyber workforce development programs.
We’ve mapped these high-level job categories to specific job roles within the NICE Cybersecurity Workforce Framework, for those interested in detailed readouts of the KSAs (knowledge, skills, abilities) required of each position.
Let’s take a closer look at the top five cybersecurity jobs, ending with the most in-demand position.
All salary information is from payscale.com and/or the Bureau of Labor Statistics, and is likely to vary drastically by region and level of experience.
5. Cybersecurity Manager / Administrator
While still securing a spot in the top five, the Cybersecurity Manager/Administrator dropped two places from last year’s list of most in-demand positions. Cybersecurity Managers/Administrators are typically responsible for implementing and overseeing the cybersecurity program for a given system or network, and many organizations require multiple Security Managers to run specific portions of their enterprise security program. Cybersecurity Managers/Administrators are often required to monitor their focus area, maintain the related tools, monitor compliance with related policies, audit their program, and build cybersecurity awareness.
Many organizations further break down the cybersecurity manager role into two categories: program security managers, which are typically focused on programmatic risk management and mitigation (think vendor risk management, etc.), and technical security managers, which oversee specific systems and the teams that manage them (think firewalls, pen testing, encryption, etc.).
As the title would suggest, the Cybersecurity Manager/Administrator role requires significant work experience and technical expertise, and many employers look for professionals with degrees in cybersecurity or a related field.
With enterprise cybersecurity investments on the rise across the board, including the rapid growth of enterprise SOCs, organizations will continue to seek out cybersecurity managers to serve as the backbone of their ever-expanding security programs.
Average salary: $105,000
Related NICE Work Role IDs: OV-MGT-001
4. Cybersecurity Consultant
Holding the same spot for the second year in a row is the Cybersecurity Consultant. The Cybersecurity Consultant plays the role of both an attacker and a defender to exploit vulnerabilities and detect weaknesses in an organization’s computer network, systems, and applications. Typically, this position is not employed by in-house security teams; a Cybersecurity Consultant is usually either a self-employed contractor or works for an external or third-party security consulting firm (like Focal Point).
Consultant roles vary by opportunity, so a Cybersecurity Consultant can range from an entry-level to a more intermediate-level cybersecurity position, with most employers looking to see a degree in the field, technical skills, certifications, and potentially work experience conducting similar tasks.
Since cyber threats are constantly changing, it is not surprising that this position has maintained such a high demand. As the demand for cybersecurity workers has boomed and companies struggle to fill security roles, they increasingly rely on cybersecurity consulting firms to handle their largest, most complex projects. As a result, the need for Cybersecurity Consultants is on the rise among professional services firms.
Average salary: $91,000
Related NICE Work Role ID: N/A
3. Network Engineer / Architect
Making the list for the first time in 2020 is the role of Network Engineer/Architect. In this advanced-level position, Network Engineers/Architects are responsible for implementing, designing, and testing secure, cost-effective computer networks, including local area networks (LANs), wide area networks (WANs), internet connections, intranets, and other data communication systems.
Network Engineers/Architects are in charge of upgrading software and hardware and planning the implementation of security patches or other defense measures to protect the network against vulnerabilities. Researching new networking technology to better analyze current data and estimate how future organizational growth might affect the network are also important components of this role.
With most organizations requiring 5 to 10 years of professional experience and an advanced degree such as a master’s or even a Ph.D., Network Engineers/Architects are among the highest paid employees in cybersecurity. Professionals in this role often come from other computer-related occupations like database administrator, computer systems analyst, or network administrator.
A large part of the Network Engineer/Architect role is communicating to senior management how network security factors into business strategies, so excellent communication skills are essential. As organizations continue to expand their use of mobile, wireless, and other IT networks, demand for Network Engineers/Architects will continue to increase.
Average salary: $113,500
Related NICE Work Role IDs: SP-ARC-001, OM-NET-001
2. Cybersecurity Analyst
For the second year in a row, the Cybersecurity Analyst role ranks as the first runner-up for most in-demand security position. Cybersecurity Analysts are on the front lines of an organization’s cyber defense. With the number of data breaches increasing by over 50% since last year, Cybersecurity Analysts keep constant tabs on threats and monitor their organization’s network for any potential security vulnerabilities. Using information collected from threat monitoring tools and other sources, they identify, analyze, and report on events that have occurred or may occur on the network.
The U.S. Bureau of Labor Statistics expects a 32% growth in hiring for the Cybersecurity Analyst role between 2018 and 2028 – far outpacing the average for the other roles on this list. Since just last year, the total number of job openings for a Cybersecurity Analyst has increased by almost 4,000.
Many Cybersecurity Analysts eventually advance from this position into more specialized roles in engineering, compliance, or penetration testing. That advancement potential makes this role a desirable place to start a career in cybersecurity, especially at a company with a well-developed cyber workforce development program.
Average salary: $95,000
Related NICE Work Role IDs: PR-CDA-001
1. Cybersecurity Engineer
The Cybersecurity Engineer was the most in-demand security position for 2018 and 2019 and tops the chart again in 2020. This is an intermediate to advanced-level position in most organizations, and Cybersecurity Engineers are tasked with applying an engineering approach to designing and implementing security systems to stop advanced cyberattacks.
Unlike analysts, who are primarily concerned with monitoring and tracking threats, the Cybersecurity Engineer is often called upon to develop security plans and policies, implement solutions, mitigate vulnerabilities, investigate breaches, and respond to security incidents. As the quantity and severity of security threats rise, so does the need for Cybersecurity Engineers to design systems to stop them.
This position requires a broad base of knowledge and the ability to maintain systems, identify vulnerabilities, track issues, and improve automation. Most Cybersecurity Engineer roles require at least three years of professional experience (depending on the quality and depth of the skillset). A master’s degree is expected to become more commonplace, especially for senior-level engineering roles. Certifications are also highly valued in this field, and certifications like the CEH, CISSP, or any security-related GIAC certifications may help win the job.
Soft skills also play an essential role in this position since Cybersecurity Engineers are often asked to communicate their findings to executive leadership and may be asked to collaborate with a wide variety of stakeholders. The ability to communicate complex ideas quickly and clearly is critical to the success of this role.
Average salary: $106,000
Related NICE Work Role IDs: PR-INF001, SP-SYS001
To learn more about how to build a workforce development program that incorporates these positions, check out our white paper, the Essential Guide to Cyber Workforce Development.