Author: Stefan Waldvogel
Editor: Shana Wejuli -reserved-
Updated April 2022
Editor: Shana Wejuli -reserved-
Updated April 2022
Cybersecurity jobs are famous for their high salaries, even though this is not true for the first one or two jobs. I mentioned these number before:
These numbers are general numbers. The US is large and diverse. Some areas like the Bay area offer a lot higher salaries, but the costs of living is a lot higher.
Researching for the right salary is a mandatory and challenging task. Most employers want to know your salary expectation in an interview. You can use glassdoor, Indeed, Linkedin, payscale, salary.com, dice to get the first idea, and it could look like this:
- Do you not have experience? You’re looking at $40-$55.
- A couple of years’ experience? Between $50 - $80K.
- Between two and five years of experience? $80 - $125K.
- Five years and more? $80 - $350K.
These numbers are general numbers. The US is large and diverse. Some areas like the Bay area offer a lot higher salaries, but the costs of living is a lot higher.
Researching for the right salary is a mandatory and challenging task. Most employers want to know your salary expectation in an interview. You can use glassdoor, Indeed, Linkedin, payscale, salary.com, dice to get the first idea, and it could look like this:
This job (Incident Handler) is not an entry-level job, and if it is your first Cybersecurity role, most likely you pivot into this role with a couple of years of IT experience.
You get the highest numbers if you look at certification companies like SANS, EC-Council, CompTIA, etc. These companies want to sell classes, courses, and certifications. -> it is sales.
The other side is the employer's side. I found the lowest number on indeed with $55K because employers want to pay as little as possible. Well-structured Cybersecurity recruiting websites can give you a deeper inside:
Some states in the US require a salary range upfront and some companies like Dragos always give a range.
Ziprecruiter has a cool feature, you see the distribution. The following picture gives you a deeper inside about Entry Level SOC Analyst. The average number is around what people expect, but most people make a lot less. You will get around $65K if you work for a good company, but most SOCs are renamed and underfunded HelpDesks and there you will earn a lot less.
This works, because companies get hundreds or even thousands of applicants for such jobs. -> Someone will take a $35K job to get the foot into the door.
You get the highest numbers if you look at certification companies like SANS, EC-Council, CompTIA, etc. These companies want to sell classes, courses, and certifications. -> it is sales.
The other side is the employer's side. I found the lowest number on indeed with $55K because employers want to pay as little as possible. Well-structured Cybersecurity recruiting websites can give you a deeper inside:
- www.westpointrecruitment.com/job-search (all jobs have a salary range -> most jobs are in Europe)
- https://www.hays.com/resources/reports/2021-salary-guide
- www.roberthalf.com/salary-guide
- payscale.com
- https://www.ziprecruiter.com/
Some states in the US require a salary range upfront and some companies like Dragos always give a range.
Ziprecruiter has a cool feature, you see the distribution. The following picture gives you a deeper inside about Entry Level SOC Analyst. The average number is around what people expect, but most people make a lot less. You will get around $65K if you work for a good company, but most SOCs are renamed and underfunded HelpDesks and there you will earn a lot less.
This works, because companies get hundreds or even thousands of applicants for such jobs. -> Someone will take a $35K job to get the foot into the door.
Every time you see a number think about the intention.
The question is: What is a good salary or what salary is acceptable?
These questions are very had to answer because each city is different and each person is different. There are a lot of variables. Some companies (especially in tech) offer "low" salaries, but the benefits are great.
You get the city modifiers via https://www.roberthalf.com/salary-guide but be aware, these are numbers, too. They give you the bigger idea, but it does not matter if a modifier is +8% or +10%, but it matters if you compare a minus 20% city vs. a plus 30% city.
I got the idea for the following picture from a twitch stream (www.twitch.tv/videos/976897705) with Joe Hudson and Neal Bridges:
The question is: What is a good salary or what salary is acceptable?
These questions are very had to answer because each city is different and each person is different. There are a lot of variables. Some companies (especially in tech) offer "low" salaries, but the benefits are great.
You get the city modifiers via https://www.roberthalf.com/salary-guide but be aware, these are numbers, too. They give you the bigger idea, but it does not matter if a modifier is +8% or +10%, but it matters if you compare a minus 20% city vs. a plus 30% city.
I got the idea for the following picture from a twitch stream (www.twitch.tv/videos/976897705) with Joe Hudson and Neal Bridges:
- If you are on LinkedIn and have local recruiters in your network, you can ask them. These people know the market very well, and their numbers are more accurate than glassdoor or other salary websites.
- Ask your cybersecurity connections to get a better idea about the salary situation. Most companies have a salary structure for a specific position and the people earn more or less the same amount of money.
- Use Reddit and just ask. Maybe you get a useful information, maybe not.
- Websites for salaries and reviews are not very accurate.
For the following pictures, I used salary.com together with 0 years experience and a specific city:
|
|
This website does not have "Incident Handler" as a job, but similar jobs. Here, you can see the typical range. The first job description is between $50K and $80K, and the higher job is between $60K and $100K.
Remember: these are just numbers for your orientation, and each city and situation is different.
Often, tech jobs offer a lot of benefits.
Remember: these are just numbers for your orientation, and each city and situation is different.
Often, tech jobs offer a lot of benefits.
In this example, the base salary is 66.5% and the total compensation is >$90K.
As an Incident Handler with 0 years work experience, the salary range could look like this:
As an Incident Handler with 0 years work experience, the salary range could look like this:
For the UK, you can use Trident's Cyber Security Salary guide. The full guide is 19 pages long and covers all relevant topics. Download link: www.linkedin.com/posts/trident-search-group_salary-guide-activity-6788420335030046720-72gv
source: https://www.tridentsearch.co.uk/
SIEM Engineers
I applied for a job as Security Analyst and got a job as a SIEM Engineer at Graylog, so I did the most research about that area. I got the most accurate numbers from a recruiter (Joe Hudson) who placed over thousand people in the industry and looked into other places.
Junior SIEM Engineer $90K (first year)
SIEM Engineers (Tier II/III in a SOC) $130 - 160K
Senior/Principal/SOAR SIEM Engineers $150 - 165K
SIEM Content Developers (2 years experience) $90 - 110K
Senior SIEM Content Developers $120 - 140K
Architect roles $160 - 190K
Salary is not everything
If it comes to accept an offer, salary is only one thing to consider. If you have multiple offers, try to include holidays, paid certifications, health care, 401K and other points.
A salary that is slightly under average might beat a lot better base salary in terms of the full packet. 100% remote or not?
In my case, I do not even own a car and this saves me at least $6,000 a year, have a lower risk, and spend 0 time commuting.
Conclusion
This topic is enormous, and this post covers a tiny part. If you get an offer, think about the package, including health insurance, stocks, bonis, etc... Sometimes a lower offer is an excellent deal if you add all extra things. Some companies offer free SANS classes, and this way, you get valuable certs, and you can do a lot of high-end networking.
What is my salary goal for the first year? Honestly, I know one thing: If I get my first Cybersecurity job, I am "useless" for the first 12 to 18 months. It is like a paid apprenticeship, and I am very thankful to get it. A $50K apprenticeship is still okay, and everything on top of it is a bonus. I will ask for $70K due to my IT background, and I will see.
--> Edit: I got into the job with a high salary (for the job i applied for) and had even job offers beyond 140K. I took a job with a lower salary than the maximum because the life-balance packet for the job at Graylog was much better. 100% work from home, 0 requirements in time, location and workdays.
SIEM Engineers
I applied for a job as Security Analyst and got a job as a SIEM Engineer at Graylog, so I did the most research about that area. I got the most accurate numbers from a recruiter (Joe Hudson) who placed over thousand people in the industry and looked into other places.
Junior SIEM Engineer $90K (first year)
SIEM Engineers (Tier II/III in a SOC) $130 - 160K
Senior/Principal/SOAR SIEM Engineers $150 - 165K
SIEM Content Developers (2 years experience) $90 - 110K
Senior SIEM Content Developers $120 - 140K
Architect roles $160 - 190K
Salary is not everything
If it comes to accept an offer, salary is only one thing to consider. If you have multiple offers, try to include holidays, paid certifications, health care, 401K and other points.
A salary that is slightly under average might beat a lot better base salary in terms of the full packet. 100% remote or not?
In my case, I do not even own a car and this saves me at least $6,000 a year, have a lower risk, and spend 0 time commuting.
Conclusion
This topic is enormous, and this post covers a tiny part. If you get an offer, think about the package, including health insurance, stocks, bonis, etc... Sometimes a lower offer is an excellent deal if you add all extra things. Some companies offer free SANS classes, and this way, you get valuable certs, and you can do a lot of high-end networking.
What is my salary goal for the first year? Honestly, I know one thing: If I get my first Cybersecurity job, I am "useless" for the first 12 to 18 months. It is like a paid apprenticeship, and I am very thankful to get it. A $50K apprenticeship is still okay, and everything on top of it is a bonus. I will ask for $70K due to my IT background, and I will see.
--> Edit: I got into the job with a high salary (for the job i applied for) and had even job offers beyond 140K. I took a job with a lower salary than the maximum because the life-balance packet for the job at Graylog was much better. 100% work from home, 0 requirements in time, location and workdays.
© 2021. This work is licensed under a CC BY-SA 4.0 license