The 5 most in-demand cybersecurity roles

If you’re trying to advance your cybersecurity career, there’s good news. A report from job listings site Indeed found that the number of advertised cybersecurity jobs increased by 3.5% between March 2017 and March 2018. 

The report also lists the five most frequently advertised positions:

5. Application security engineer

What they do: Application security engineers can work in any number of industries to create, implement, and maintain computer applications and software. They spend almost all their time in an office environment, with most of their work involving writing and testing software. However, some organizations put their engineers in teams, enabling them to collaborate on projects. 

Necessary qualifications: A bachelor’s degree in an IT-related subject, such as computer science or computer engineering, is expected. Knowledge of multiple programming languages, including C, C#, Java, Python, Ruby, and JavaScript, is also essential. 

Salary: According to Indeed, the average annual salary is about $130,000. 

4. Security engineer

What they do: Security engineers are responsible for creating and implementing solutions that ensure an organization’s products and systems are secure. They also need to be able to assess an organization’s workflows and anticipate future issues. As such, they must be adept at incident response and have a strong understanding of computer forensics. 

Necessary qualifications: A bachelor’s degree in engineering, computer science, or similar field is essential. Significant experience in IT security will typically also be necessary. 

Salary: According to Indeed, the average annual salary is about $98,000. 

3. Network security engineer

What they do: Network security engineers play an essential part in the deployment, configuration, and administration of network- and security-related hardware and software. This includes firewalls, routers, network monitoring tools, and VPNs (virtual private networks). They are also tasked with performing network security risk assessments, and might be asked to help design network infrastructure. 

Necessary qualifications: You will typically need a CISSP® (Certified Information Systems Security Professional) qualification. Individuals are eligible to sit the CISSP exam if they have at least five years’ experience in two or more of the eight CBK (Common Body of Knowledge) domains. 

Salary: According to Indeed, the average annual salary is about $107,000. 

2. Information security analyst

What they do: Information security analysts are responsible for examining security problems and finding solutions. Their duties include researching the industry, finding security threats, and developing strategies to ensure their organization remains secure. The job demands a wide skillset, and requires individuals to work with a broad range of people, including analysts inside and outside the organization and senior personnel. 

Necessary qualifications: A bachelor’s degree in IT or network security is required, as is practical experience. Additional information security qualifications, such as those related to ISO 27001, are beneficial. 

Salary: According to Indeed, the average annual salary is about $80,000. 

1. IT security specialist

What they do: IT security specialists analyze an organization’s cybersecurity posture and its past breaches to understand how incidents occur and what needs to be done to prevent them. Given that IT and cybersecurity are such broad topics, organizations will usually have many IT security specialists, each one focusing on a specific area. For example, one person might work exclusively on web applications while another works on the organization’s networks. 

Necessary qualifications: A bachelor’s degree in computer science or related field will usually be necessary. As you move into a specialist area, you will need to pass relevant exams. 

Salary: According to Indeed, the average annual salary is about $106,000. 

Changing landscape 

In the coming months, the requirements for each of these jobs could change. The introduction of the EU GDPR (General Data Protection Regulation) in May 2018 has had a major influence on the way organizations operate, with managers requiring all staff who work with personal data or information systems to become acquainted with the Regulation. 

This is relevant to US organizations, because the GDPR’s scope stretches far beyond the EU. Its requirements apply to any organization that handles personal data, no matter where it is based. Cybersecurity professionals in the US will therefore need to be aware of the Regulation and how it affects their job role. 

Learn more about GDPR in North America

You can learn more about this by watching our webinar: Why should North American organizations comply with the GDPR? 

This webinar will take place on Tuesday, July 24, 2018 at 1:00 pm (EDT). If you can’t make the presentation, it will be available to download from our website, where you can also browse our previous webinars. 

You might also consider enrolling on our Certified EU GDPR Foundation Training Course. This one-day course gives you a comprehensive introduction to the Regulation and helps you understand the implications and legal requirements for US organizations. 

GDPR webinars