Cyber Security Salary in USA 2025
Analyst & engineer pay by level, state, and industry
Median Total Compensation (USA)
Cyber Security Salary Overview
This guide covers cyber security salaries in the US for 2025, focusing on core roles like cybersecurity analysts, information security analysts, and cyber security engineers. Whether you're considering entering the field, evaluating a job offer, or planning your next career move, these figures provide the benchmarks you need.
Cybersecurity roles consistently rank among the highest paying jobs in IT and technology. Demand continues to grow as organizations face increasingly sophisticated attacks, stricter compliance requirements, and the ongoing challenge of protecting digital assets. The Bureau of Labor Statistics projects information security analyst employment to grow much faster than average over the coming decade.
The data here draws from government sources (BLS), industry salary databases, and compensation aggregators, presented as realistic ranges rather than exact guarantees. For broader context on how cyber security fits within tech salaries, see our industry comparison guide.
What Cyber Security Professionals Earn: Salary Snapshot
Cybersecurity professionals in the US earn solid five-figure to mid-six-figure salaries depending on role and experience. The field offers strong compensation relative to many other IT careers, reflecting the specialized skills and high stakes involved.
Cyber security analysts and information security analysts typically earn in the high-$70,000s to $100,000+ range, with higher figures for experienced analysts at major organizations. Cyber security engineers often earn above $100,000, with senior engineers and specialized roles reaching well into six figures.
| Role | Typical Annual Pay Range (USD) | Notes |
|---|---|---|
| Cyber / Information Security Analyst | ~$75,000–$115,000 | Core analyst roles; varies by experience and employer |
| Cyber Security Engineer | ~$100,000–$150,000 | More technical; designs and implements security systems |
| Senior Security Engineer / Architect | ~$140,000–$200,000+ | Leadership, strategy, complex system design |
| Security Manager / Director | ~$150,000–$250,000+ | Management track; oversees teams and programs |
| CISO (Chief Information Security Officer) | ~$200,000–$400,000+ | Executive level; varies significantly by company size |
These figures represent approximate ranges from multiple sources. Numbers differ by source and definition (base vs. total compensation, role scope), so treat them as realistic benchmarks rather than precise promises.
Cyber Security Salary by Experience Level
Entry-Level Cyber Security Roles
Entry-level cyber security analysts and junior security engineers typically earn $70,000–$90,000, depending on location, employer, and educational background. This starting range exceeds typical entry-level wages in many other fields, reflecting the specialized knowledge required even for junior positions.
Factors that influence entry-level pay include: relevant degrees (computer science, cybersecurity, information technology), internships or prior IT experience, and entry-level certifications like CompTIA Security+. Candidates who demonstrate hands-on skills through home labs, CTF competitions, or open-source contributions may also command higher starting offers.
Mid-Level Analysts and Engineers
After 3–5 years of experience, cyber security professionals who can own investigations, configure and manage security tools, lead incident response, and communicate effectively with stakeholders typically see significant salary growth. Mid-career security analysts and engineers commonly earn $100,000–$140,000.
This is where specialization starts to matter. Professionals who develop expertise in high-demand areas—cloud security, penetration testing, threat intelligence, or security operations center (SOC) leadership—often earn toward the higher end of this range.
Senior, Lead, and Specialized Roles
Senior security analysts, security architects, and principal engineers with 7+ years of experience typically earn $140,000–$200,000+. These roles require deep technical expertise, strategic thinking, and often the ability to influence organizational security posture.
Management positions (Security Manager, Director of Security, CISO) sit at the upper end of cybersecurity compensation. A CISO at a mid-size company might earn $200,000–$300,000, while those at large enterprises or in high-risk industries can exceed $400,000 in total compensation.
For strategies on advancing your career and compensation, see our salary negotiation guide.
Cyber Security Salary by Location
Cyber security pay varies significantly by state and metro area. The highest salaries are typically found in large urban centers with strong tech, finance, or government presence.
Top-Paying Markets
California (San Francisco, Los Angeles, San Jose), New York, Washington D.C., Virginia (Northern Virginia), and Washington (Seattle) consistently show the highest cyber security salaries. The D.C./Virginia corridor is particularly strong due to federal government and defense contractor demand. Mid-level security analysts in these markets routinely earn $110,000–$140,000+.
However, cost of living in these areas is high. A $130,000 salary in the D.C. area may not go as far as $100,000 in a lower-cost market when housing is factored in.
Growing Markets
Texas (Austin, Dallas), Colorado (Denver), North Carolina (Charlotte, Research Triangle), Georgia (Atlanta), and Florida offer competitive salaries with lower costs of living. These markets have growing tech sectors and increasing demand for security professionals across industries.
Remote Work Impact
Many cyber security roles have shifted to remote or hybrid arrangements. Some employers pay location-adjusted salaries; others pay the same regardless of where employees live. A security analyst working remotely for a D.C.-based firm while living in a lower-cost state may see significant purchasing power advantages.
| Region / Market Type | Typical Effect on Pay | Notes |
|---|---|---|
| Major tech/government hubs (CA, NY, D.C., VA, WA) | Higher nominal salaries | Strong demand; higher living costs |
| Growing markets (TX, CO, NC, GA, FL) | Competitive pay, better cost-adjusted value | Mix of private sector and emerging tech hubs |
| Smaller markets / remote roles | More varied; often lower nominal | Some remote jobs still pay near big-market rates |
For context on how these figures compare to typical US earnings, see our guide to average salary in the US.
Cyber Security Salary by Role and Specialization
"Cyber security salary" covers many distinct job titles, each with different compensation profiles. Understanding these distinctions helps you target the right path.
Security Operations and Analysis
SOC analysts, incident responders, and threat intelligence analysts form the operational backbone of many security teams. These roles typically start in the $70,000–$90,000 range and grow to $100,000–$130,000 for senior positions. SOC managers and incident response leads can earn $130,000–$160,000+.
Security Engineering
Security engineers who design, implement, and maintain security infrastructure (firewalls, SIEM, identity management, endpoint protection) typically earn more than pure analyst roles. Mid-level security engineers commonly earn $110,000–$140,000, with senior engineers reaching $150,000–$180,000+.
Penetration Testing and Red Team
Offensive security roles—penetration testers, red team operators, vulnerability researchers—are in high demand and often command premium pay. Experienced pentesters commonly earn $120,000–$160,000, with top-tier red team leads and researchers earning even more at specialized firms.
Security Architecture and Leadership
Security architects who design enterprise security strategies and frameworks typically earn $150,000–$200,000+. These roles require both deep technical knowledge and the ability to communicate with executives and business stakeholders.
Specialized Areas
Cloud security engineers, application security specialists, and identity/access management experts often earn premiums over generalist roles. As organizations migrate to cloud and face complex identity challenges, these specialists are increasingly valuable.
How Certifications and Skills Affect Pay
Certifications and technical skills significantly influence cyber security compensation. Both what you know and how you can prove it matter to employers.
High-Value Certifications
Certain certifications consistently correlate with higher salaries and more job opportunities:
CISSP (Certified Information Systems Security Professional) is often considered the gold standard for security professionals, particularly for senior and management roles. CISSP holders typically earn 10–20% more than non-certified peers.
CISM (Certified Information Security Manager) focuses on security management and governance, valued for leadership roles.
CEH (Certified Ethical Hacker) and OSCP (Offensive Security Certified Professional) are respected for penetration testing and offensive security roles, with OSCP particularly valued for its hands-on difficulty.
CompTIA Security+ serves as a strong entry-level credential that many employers require for junior positions.
Cloud-specific certifications (AWS Security Specialty, Azure Security Engineer, GCP Security) are increasingly valuable as organizations migrate infrastructure.
Technical Skills That Command Premium Pay
Beyond certifications, practical skills drive compensation: cloud security architecture, SIEM and security automation, incident response and forensics, network security and firewalls, vulnerability assessment and penetration testing, identity and access management, and security operations center management.
Professionals who combine technical depth with communication skills—able to translate security risks into business terms—often advance faster and earn more.
How to Increase Your Cyber Security Salary
Compensation growth in cyber security comes from strategic career development, not just time served.
Gain Hands-On Experience
Real-world experience matters more than certifications alone. Seek opportunities to handle actual incidents, configure security tools, conduct assessments, and defend against real attacks. Build a track record of preventing or mitigating security issues with measurable impact.
Specialize in High-Demand Areas
Generalists earn solid salaries, but specialists often earn more. Cloud security, application security, and offensive security (pentesting/red team) currently command premiums. Identify where demand exceeds supply and invest in those skills.
Target Higher-Paying Sectors
Industry choice significantly affects compensation. Finance, tech companies, and defense contractors typically pay more than retail, education, or small businesses. Moving from a lower-paying sector to finance or big tech can yield 20–40% salary increases for equivalent experience.
Earn Respected Certifications
While experience matters most, certifications provide proof of knowledge and often unlock higher-paying opportunities. CISSP, in particular, is frequently listed as a requirement or preference for senior roles.
Negotiate Effectively
Many security professionals leave money on the table by not negotiating. Research market rates, collect competing offers when possible, and negotiate confidently. Our salary negotiation guide covers specific tactics.
Career Path and Job Outlook
Typical Career Progression
A common career path in cyber security follows this progression: Entry-Level Analyst → Mid-Level Analyst/Engineer → Senior Analyst/Engineer → Lead/Architect → Manager/Director → VP/CISO. Not everyone follows this exact path—some stay on the individual contributor track as principal engineers or architects, while others move into management earlier.
Lateral moves are also common: a SOC analyst might transition to penetration testing, or a security engineer might specialize in cloud security. The field rewards both depth and breadth.
Job Outlook
The Bureau of Labor Statistics projects information security analyst employment to grow 33% from 2023 to 2033—much faster than average for all occupations. This growth reflects increasing cyber threats, expanding regulatory requirements, and organizations' growing reliance on digital systems.
Demand spans virtually every industry: tech companies need security teams, banks need fraud and threat analysts, healthcare organizations need compliance and data protection specialists, and government agencies need defenders against nation-state threats. The persistent shortage of qualified security professionals means strong job security and salary leverage for those with the right skills.
For broader trends affecting compensation across the field, see our salary trends 2025 guide.
Frequently Asked Questions
What is the average cyber security salary in the US in 2025?
Median total compensation for cyber security professionals in the US is approximately $100,000–$120,000, with significant variation by role, experience, and location. Security analysts typically earn $75,000–$115,000, while security engineers earn $100,000–$150,000. Senior roles and specialists can earn $150,000–$200,000+.
How much does an entry-level cyber security analyst make?
Entry-level cyber security analysts with 0–2 years of experience typically earn $70,000–$90,000 depending on location and employer. Factors that push toward the higher end include relevant degrees, internships, entry-level certifications (Security+), and landing a role at a well-funded company or in a major market.
Which cyber security jobs pay the most?
The highest-paying cyber security roles include: CISO ($200,000–$400,000+), Security Architect ($150,000–$200,000+), Principal Security Engineer ($160,000–$200,000+), and specialized roles like senior penetration testers at top firms ($140,000–$180,000+). Management positions generally pay more than individual contributor roles at equivalent experience levels.
Which states or cities offer the highest cyber security salaries?
California (San Francisco, San Jose, Los Angeles), New York, Washington D.C., Virginia (Northern Virginia), and Washington (Seattle) typically offer the highest nominal salaries. The D.C./Virginia corridor is particularly strong due to federal government and defense contractor demand. However, cost of living should be considered—lower-cost markets may offer better purchasing power.
Do you need certifications to earn a high salary in cyber security?
Certifications aren't strictly required but significantly help. CISSP holders typically earn 10–20% more than non-certified peers and have access to more senior roles. For entry-level positions, Security+ is often expected. For offensive security, OSCP is highly respected. Experience and demonstrated skills matter alongside certifications—the combination of hands-on capability and credential validation is most powerful.