Are you curious about the state of cybersecurity jobs in today's economy? Discover the latest data on 140k+ cybersecurity job postings in the U.S., refreshed every 30 days. Let CyberSN's expert analysis reveal the key takeaways from this extensive dataset, providing invaluable insights into the state of the cybersecurity job market. Stay ahead of competition and make informed decisions.
Submit the form below to access the latest cybersecurity job posting data.
If you need support hiring cybersecurity professionals or want more insights on the current job market, get in touch.
by Mark Aiello, President, CyberSN
Hey Cybersecurity Professional. We’ve got something to share with you. With an estimated 500,000 open cybersecurity jobs, you would expect to be able to find the job of your dreams. You can, although it’s not as easy as you think. You are in demand but you still need to tread carefully. If you want to be in control and Pwn Your Career, take our advice on some of the pitfalls along the way so you end up with a job that you love.
You owe it to yourself to love where you work and love what you do. You don’t need to follow Johnny Paycheck’s advice about what to do with your current job. Just make a commitment to yourself that you can be happy and love where you work. There are millions of people who love what they do and where they work. You can be one of them. Avoid complacency by answering these questions: What’s my passion? What drives me? What type of culture and team do I want to be a part of? What type of work will excite me every day? Then take the next step and make a commitment to yourself to begin the job search.
Today’s job boards are completely inefficient and mostly ineffective. Job descriptions are generally misleading, inaccurate, and poorly written. You’ll receive 20 bad search results for every one that looks promising. Don’t put your trust in secret algorithms that only return what they think you want. Search for companies that appear to be a good fit for you and proactively reach out to their security leaders. Don’t rely on just one method of finding a job. Take control of your career by actively seeking out opportunities that are interesting to you.
Don’t solely rely on job ads. Haven’t you heard about the secret menu items at In-N-Out Burger? Same is true for jobs. There are a lot more job openings than what you can find in a Google search. Look for companies that are growing, just received funding, or in the news (sometimes because of a breach). Many high-growth companies are moving faster than their talent acquisition team can keep up. Connect with their security leaders and let them know you are interested should they find themselves in need of someone with your particular set of skills. Join local security organizations and network with the people you meet. Develop a relationship with a recruiting firm that specializes in cybersecurity and can make you aware of opportunities before they become posted job ads.
So you skipped numbers 2 and 3 above and you found a job that looks promising. Except for one minor detail – you don’t have all the skills that are listed as required. Don’t let it stop you. Apply anyway. Most job descriptions are an amalgam of previous job descriptions. Nobody likes to write job descriptions and most people do a poor job when they do. Many times it is a group effort with everyone adding their specific requirements. Chances are unicorn-ishly slim that there is a perfect candidate for the role. So take a shot and present yourself as a candidate.
Applying for a job can be like running an obstacle course. Some companies throw too many challenges at cybersecurity candidates which can be a turn-off. Multiple interviews (video and in-person), proficiency and personality tests, challenges, and just taking their sweet time. Don’t be fooled to think that you shouldn’t have to follow their process because you are in such demand. Play the game and be prepared. Ask prospective employers about their process. Prepare yourself for it and the new interview experiences that you might encounter. Ask with whom you will be interviewing and do some homework. Chart the uncharted territory and when you get hired, if you want, you can change it from the inside.
Take control of your career. Find and do work that feeds your passion, grows your rewards and satisfaction, and meets your career and personal goals. Educate yourself on career paths, job types, and compensation and industry data. Find jobs that are interesting to you and that you are qualified for and engage the right opportunities at the time you see fit. Empower yourself to let your talent, skills and desires lead the way to your best career and reap the rewards of your profession. Know your worth. Find your fit. Plan your path. Pwn Your Career.
This article first appeared in Cyber Security Magazine - October 21, 2021
As we get into the swing of 2021, we thought it would be pertinent to dig in a little bit and figure out what the top cybersecurity jobs are in the current industry landscape that can lead to a prosperous cybersecurity career. As we all well know, cybersecurity careers are very much on the rise as the demand for skilled cybersecurity professionals continues to outpace the available workforce. This is a strange reality, and with it comes the potential for great opportunity.
Today, there are over 521,600 open cybersecurity jobs nationwide. You read that correctly. Over a half-million available positions… For those already working as a cybersecurity professional, the opportunity for job advancement has never been better. The question is, what is the best line from point A to point B as it relates to your success in a cybersecurity career?
To help facilitate that answer, CyberSN has uncovered the top five cybersecurity jobs in 2021 that are both in-demand and present a great path for a highly-successful career in cybersecurity. As you read on, we will detail the top jobs in the cybersecurity marketplace and where they can take you as your cybersecurity career moves forward.
Open Nationwide Jobs: 18,400+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
Threat hunting is the practice of proactively searching for cyber threats that are lurking undetected in a network. Cyber threat hunting digs deep to find malicious actors in your environment that have slipped past your initial endpoint security defenses. See CrowdStrike for more information.
Currently, there are over 18,000 Threat Hunter jobs open in the US alone. As more and more systems and businesses become fully digital, the potential for security flaws increases. These systems, both in the private sector and public sector, need skilled Threat Hunters to uncover threats and monitor adversary techniques to avoid data breaches and successful attacks.
Cyber Threat Hunters can expect to advance their careers through a number of paths, many becoming Cybersecurity Engineers creating frameworks to solve for the latest security threats. Others will move past the engineering stage into leadership roles such as Information Security Managers, Information Security Officers, or even a Chief Information Security Officers (CISO).
Open Nationwide Jobs: 57,100+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
A Cloud Security Analyst has detailed knowledge of common security threats, security controls, and associated technologies and practices related to securing cloud platforms, cloud services, and associated IT resources based on typical cloud technologies. They monitor and maintain existing cloud security environments, security performance, security testing, and setup.
Cloud Security Analysts generally feature educational backgrounds such as a bachelor’s degree in IT, computer science, or a related field. Previous work experience in computer science and network security systems provides job seekers with the best opportunity to obtain this role. Employers are often looking for 2-4 years of applicable experience in a similar cybersecurity working environment.
Currently, there are in excess of 57,000 Cloud Security Analyst jobs available throughout the United States. Given the times, many organizations have either made the switch, or are in the process of making the switch to a more comprehensive cloud based environment for their core business operations.
A Cloud Security Analyst is a great position to advance your career in cybersecurity with further growth opportunities. Cloud Security Analysts can expect to advance their careers through a number of paths which offer broader security reporting and threat monitoring. Others will move past the engineering stage into leadership roles such as Security Directors and, Chief Information Security Officers (CISO).
Open Nationwide Jobs: 6,200+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
A DevSecOps engineer has involvement in and appreciation of every stage in the software project lifecycle, from initial design and build to rollout and maintenance. In a continuous integration/continuous delivery (CI/CD) environment. DevSecOps engineers are responsible for securing software deployment, identifying security threats, and the configuration of network infrastructure. DevSecOps engineers must have some knowledge in network protocols like HTTP, DNS, and FTP. They also need to know how to implement threat intelligence and risk assessment techniques and be up to date with the latest security best practices. Previous work experience in computer science and network security systems provides job seekers with the best opportunity to obtain this role.
There are currently over 6,000 DevSecOps Engineer positions open in the United States. Companies with a solid foundation of preventative thinking are employing more DevSecOps Engineers to help assess cybersecurity risk at the beginning stages of launching cyber based initiatives rather than implementing a solution and addressing system threats as they happen.
A DevSecOps Engineer position can move rather quickly through the cybersecurity career ranks and might expect to further their career by becoming an Application Security Engineer who works to combat cybersecurity threats pre and post system initiation. From that post, one can expect to move further up into a role such as a Security Director or Security Product Manager.
Open Nationwide Jobs: 1,100+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
From the BMC Blogs: a SecOps engineer is a security professional who is responsible for securing and protecting network systems, applications, and data. In short, a SecOps engineer supports enterprise security operations. SecOps engineers help to design and build all of these different computer networks and put tools into place to secure and protect them. These systems typically require regular maintenance, so SecOps engineers must update, tuning and return operations issues arise. Security engineers are also responsible for deploying new security software and hardware.
There are currently over 1,100 vacancies for applicable SecOps Engineer positions throughout the country. This number is likely one that will continue to grow due in part to the number of different applications organizations are designing and integrating to fulfill unique mission tasks. Thus, there will be an increased interest in having a cybersecurity professional like an SecOps Engineer to “own” these vital application environments and protect them from threats.
A SecOps Engineer can expect to experience cybersecurity career growth by taking the next step and becoming the organization’s pointed Security Engineer who would oversee the tasks and goals of an applicable team. From there, it’s realistic to expect to become a Security Director or Security Product Manager down the line.
Open Nationwide Jobs: 29,000+
General Requirements: Four-year degree in Cybersecurity, some employers require a Master’s Degree
From Cybrary: A Security Engineer is tasked with the role of protecting the networks and computer systems of a company from any security threats or attacks. A Security Engineer is responsible for establishing and implementing security solutions that can defend a company and its networking assets. This can be accomplished through a variety of ways. Just a few of the essential duties of a Security Engineer include: establishing security standards and best practices that an organization should follow, evaluating an organization’s systems, networks, and data to determine what types of security protocols are necessary, developing proper security measures to meet an organization’s needs, implementing security controls to protect an organization’s infrastructure and digital files, monitoring and upgrading security measures as necessary, and responding to any security breaches or intrusions that may occur
At this moment there are in excess of 29,000 open Security Engineer positions. This is an area that is ripe with opportunity as businesses everywhere move to employ Security Engineers with the skills necessary to design and maintain stout cybersecurity architectures that facilitate business operations without fear of costly data breaches. System Engineers will often be employed to manage and oversee a team of cybersecurity professionals to see to it that the overall digital architecture is armed and operating effectively to diffuse disruption.
As a Security Engineer, you can expect in due time to have a great shot at becoming a Security Director who would oversee the cybersecurity efforts of an organization.
We’ll end this conversation the same way we started it… There’s A LOT of opportunity in the cybersecurity marketplace right now. With over 521,600 open cybersecurity jobs nationwide, there’s no shortage of positions to be had, and if you’re a cyber professional your path to continued or bolstered success in advancing your cybersecurity career is yours to choose. On the flipside, if you’re a hiring manager looking to solicit the help of a qualified cybersecurity professional, you likely already know that the competition is fierce, so consider your pitch, and put some time and energy into making sure it’s worth the pursuit. If you need help, we’re here for you. Programs like CyberSN’s KnowMore platform offer tools and templates to build job descriptions specifically targeted toward people in the cybersecurity industry for free.
Happy New Year. After a year of uncertainty and emotional stresses, I look to 2021 with great optimism. The cybersecurity community is significantly stronger and being counted on now more than ever. The need for cybersecurity talent has grown exponentially. The importance of cybersecurity professionals is universally understood and appreciated at a much higher level.
We as a community are treating each other better too! It’s wonderful to see our cybersecurity leaders working together the way we all are. Our response to recent breach announcements shows us that we have learned to support each other. I remember when Equifax shared their breach a few years back, the CISO at the time was attacked and ridiculed. Fast forward a few years to the FireEye/SolarWinds breach; the cybersecurity community has been kind and supportive to the cybersecurity leadership victims. It’s awesome to see this advancement in our ability to provide empathy and support vs. blame and shame. We are one team and we all can be breached… We are defending against more attackers than we have defenders and therefore we must work together. Thank you for bringing this empathy and kindness to the cybersecurity community; we will attract and retain more talent, to include diverse talent when we come from a place of empathy and kindness.
Below I have highlighted five contributing factors that we predict will lead to significant growth in the cybersecurity job market in 2021. Please feel free to reach out anytime. CyberSN is 100% focused on solving your cybersecurity talent challenges.
Cloud computing has provided attackers with a larger set of potential exploitable targets prior to the digitalization shift. Increases in new or past rapidly planned cloud deployments has created additional opportunities for attackers to elevate privileges, add persistence, and breach credentials and data. Managing cloud cybersecurity risks to accelerate business operations, data privacy, and compliance will be critical roles in 2021.
Cybersecurity spending is projected to increase in 2021. CISOs will revisit and revamp cyber strategies addressing potential threats and detection/defense gaps introduced by remote workforces, authentication threats, on-premise office infrastructure, cyber hygiene, supply chain threats, and cyber awareness.
Data-driven approaches will begin to solidify threat and incident analysis, threat anticipation, and breach response practices. Data-driven cybersecurity will influence decisions on “normal patterns'' versus anomalies and provide insights from all cybersecurity data, visualizations, and reusable models. All of this will inform adding intelligence, automation, and measurable value.
Cybersecurity programs will leverage Application Security Engineers and DevSecOps professionals to focus on integrating automation to the development pipeline, rather than detecting software flaws. This proactive approach will enable them to manage risks which lead to security vulnerabilities in APIs, production software, and the overall architecture.
The rapid shift to digitalization has added data access complexity as well as less visibility and potential blind spots for SOC analysts and Cyber Fusion teams. Recent breaches have reminded the cybersecurity industry that alerts from defense products should not be the time to begin searching for breach indications. Organizations will reinforce their cybersecurity playbooks by enhancing or adding proactive approaches which will include threat hunting and threat awareness.
As the new year unfolds, so too does the unique challenges that present themselves to us. This is especially true in the cybersecurity industry. As quickly as we develop new, bolstered proactive processes and technologies to minimize potential breaches, new threats are born and introduced to challenge those very efforts. Thus, as we stated in our intro here, we must work collaboratively to create success as a collective whole. Cybersecurity isn’t only an industry, it’s a community, and we as cyber pros are each a thread in that ever-growing fabric. When we band together, that fabric becomes stronger, and with that, success is more easily accomplished. CyberSN is dedicated to the successful advancement of the cybersecurity workforce. Let’s work together and make 2021 the best year yet!
Cybersecurity job titles are all over the map. Some companies have their own definition of what a security engineer does, while another company requires a whole other set of skills and experience. Cybersecurity roles and responsibilities for specific job titles can vary from organization to organization, leaving many hiring managers, HR recruiters and job seekers speaking different languages about the same job!
NICE Cybersecurity Workforce Framework attempts to standardize cyber job titles—in a 144 page document. Few companies have HR recruiters who have even heard of NICE, let alone know what any of these job title definitions are. The Bureau of Labor Statistics put most of cybersecurity’s many different roles and responsibilities under the giant umbrella of “information security analyst,” defined as people who “plan and carry out security measures to protect an organization’s computer networks and systems.”
Defining these roles and responsibilities should not be complicated. While there will always be slight differences between different jobs at different organizations, having standardized terms make it easier to search for talented cyber pros. Here you can find a list of 45 Cybersecurity Job Categories and many more subcategories that will help you use the right language to create a job description cybersecurity professionals will want to apply to.
Before you dive into the list, though, let’s go over some of these categories and what they mean.
When it comes to C-level leadership roles, the titles are pretty self-explanatory. Chief Information Security Officer (CISO) and Chief Security Officer (CSO) are the people who oversee all of cybersecurity and then some. When it comes to keeping the company safe from cyber threats, the buck stops there.
Similar to the CISO and CSO are roles like Security Director, which can have different names and areas of focus depending on the type of company and its size. For example, a CISO may have a Cloud Security Director and an Information Security Director reporting to them. Other leadership roles that bring with them more responsibility and higher compensation include Privacy Officer, Compliance and Risk Manager, and Security Product Manager.
For many years, corporate leaders looked at cyber leadership roles as purely technical, but with the speed of today’s attackers and the importance of aligning with the business, Board of Directors and strategies throughout the organization, well-rounded leaders are more important than ever. As Harvard Business Review notes, “Today’s cyber leaders must be able to embed security throughout the company’s operations, rapidly respond to threats, and influence fellow senior leaders. In short, they must be able to lead. And that means companies need to hire and develop security executives who have the skills to do so.”
Technical roles include both people who configure, maintain and tune the systems for securing information as well as those who defend, detect, and respond to attacks.
Security engineers may build or monitor the environments and protections to minimize attacks before they can happen. Application Security Engineers are focused on securing software applications. Then there are Security Analysts who monitor and may actively hunt for threats and Incident Responders who review and remediate identified threats. There are Penetration Testers who look for vulnerabilities much like an attacker would and Cryptographers who focus on encryption.
As we’ve said before, it’s not just the title that matters. Hiring managers must vet candidates based on whether they have the right skill set for the job. Having the wrong title on your job description could prevent you from finding that person. When people search for potential jobs, they start first with their own title and then run through similar, frequently used titles that closely match their skills. If they aren’t looking for your job title, they may never see the opening at your company.
In turn, some great candidates may work at a company that used uncommon or unconventional titles. If your organization vets professionals using resume search software, it may miss highly qualified people.
There are a number of cybersecurity roles that focus on the executing and integrating security measures across the organization through policies and programs. Many of these are considered GRC (Governance, Risk and Compliance) roles. This can include Security Auditors, Cybersecurity Attorneys, Cyber Insurance Specialists, Security Awareness Trainers, and Customer Support Representatives.
Attackers depend on human error to infiltrate organizations, which is why it’s so important to have liaisons between human resources and technical roles within cybersecurity. Too often the job of ensuring every employee understands the importance of security practices falls onto the wrong department—IT may be charged with finding cyber insurance or HR may show a short security protocol video during onboarding never to be mentioned again. Non-technical cybersecurity roles are needed to keep large organizations focused on protecting its data.
Using a common language is essential in any profession, whether it’s technical or creative, and cyber is no different. As cyber hiring consultants, we’ve worked to use a common language so that it’s easier for people to find the kinds of jobs they’re looking for, and for companies to understand the skills potential hires would bring. Getting familiar with cybersecurity roles and responsibilities for each job title will help your company do the same as well.
Shifting roles within the cybersecurity industry can be extremely difficult—job seekers are faced with a variety of frustrating hurdles they must overcome in order to find a great career fit. From firms underestimating the importance of cybersecurity roles, to nonsensical job descriptions, to outlandish job requirements, it can take an exhausting amount of effort searching cybersecurity jobs or even find an opening that’s worth applying to.
As a job seeker, you may have already encountered similar red flags while applying to positions. So the question is, how can you find the right fit in an industry with so many hiring and retention problems? There is a deep disconnect between hiring managers and cybersecurity professionals, and it can be difficult for anyone on their own to bridge that gap. Luckily, that’s where expert recruiters step in and take the lead, helping to match professionals with great job opportunities that allow for personal and career growth. Here are some of the many ways that cybersecurity recruiters function to help you land your dream job.
Too often, hiring managers in charge of adding cybersecurity professionals to their team have no real understanding or insight into the job openings they’re posting about. As a result, you’ll find plenty of work experience requirements that do not match the role described in a listing. Other times you might come across a job description very clearly written by someone with zero knowledge of cybersecurity. Recruiters at CyberSN, however, take the time to work with hiring managers to ensure that job descriptions are as accurate as possible, so you know exactly what you’re applying for.
While there are cybersecurity hiring and retention issues in nearly every single department of businesses, the most glaring problem is created inadvertently by hiring managers. Rather than focus their energy on building an effective team of cybersecurity professionals with diverse experience and expertise, they instead spend all their time looking for one single candidate who can fill the shoes of multiple people. We all know that this is an impossible task, but still happens all the time. CyberSN aims to reduce this crisis by helping hiring managers understand what talent their team needs to be as effective and efficient as possible.
There’s a lot more to salary than just a number on a piece of paper. Besides an annual salary, cybersecurity professionals also want to know how they’ll be compensated with bonuses, annual raises, stock options, health benefits, retirement savings, paid time off, and everything else that we need to support ourselves. Recruiters can help you understand what your total compensation will be for a specific job role, and encourage you to vouch for yourself to get the best possible deal.
For many cybersecurity professionals, job hunting can become a part-time job in itself. Between trying to sift through the nonsensical postings to fruitless interviews, you could end up spending months searching for a new job only to be unsuccessful. CyberSN’s professional recruiters understand that your time is valuable, especially when you’re looking for a job. Our expertise in the recruiting field combined with our knowledge of cybersecurity puts us in a unique position to cut through the noise and present you with openings that best match your abilities and values.
When it comes time to explore a new career, your first thought should be to work with a recruiter to help you find the perfect job. A good fit is the difference between a successful, rewarding career and a job that you leave after only several months. Recruiters can take the guessing games out of the application process and steer you toward the best roles for you.
