Following a hiring lull, the cybersecurity industry is seeing modest gains in job openings and new roles. CyberSeek data released earlier this month shows private and public sector employers posted more than 514,000 cyber job listings over the past 12 months, a 12 percent increase compared to the previous year.
While the cyber job market is rebounding, compensation remains a key issue within the industry, with pay scales varying depending on the skills cyber professionals bring to a role.
New data from CyberSN, a security and IT workforce management platform provider, examines the cybersecurity market across 45 cybersecurity roles within the U.S. to find the average salary. The researchers found that, as the threat landscape changes and the increasing use of tools such as artificial intelligence (AI) alters the job market, the key to higher salaries is experience, developing cutting-edge skills, and having the knowledge to demonstrate how these changes are affecting the risks organizations face.
While generalist cybersecurity jobs still pay well, salaries have begun to stagnate as some of these positions are either automated or outsourced. At the same time, organizations have shifted their hiring criteria to target and recruit top talent and pay for specialized skills.
“Hiring strategies are increasingly focused on technical depth, strategic vision and clearly defined responsibilities,” according to CyberSN’s Cybersecurity Salary Data Report 2025. “Meanwhile, roles experiencing salary stagnation or decline are often impacted by automation, nearshore and farshore outsourcing or corporate economic constraints that limit or eliminate annual raises.”
This shift in how highly-skilled cybersecurity professionals are compensated is no surprise to industry insiders and experts.
“The biggest paychecks go to people who know their stuff really well—think cloud security, threat hunting and keeping up with new rules,” Stephen Kowski, field CTO at SlashNext, told Dice. “Companies want people who can spot tricky online threats and make smart choices fast, not just follow instructions. If you want to earn more, get good at things like understanding AI, solving hard problems and making sure companies follow the law. The best jobs go to those who keep learning and can handle both tech and business needs.”
The salary data offers a handy guide for cybersecurity professionals examining what skill sets can boost their compensation or help them get into the fast track for climbing the career ladder.
Specialized Skills Drive Cybersecurity Salaries
The CyberSN data breaks the 45 cybersecurity job titles into 10 categories, which include:
Defense
Governance, Risk and Compliance (GRC)
Planning
Management
Offense
Research
Response
Product Security
Sales
Education
The cybersecurity defense category includes the most job titles (12) as well as some of the highest average annual salaries within the whole U.S. security space. These include: cybersecurity engineer ($180,000), data security engineer ($160,000), identity and access management engineer ($160,000), security engineer ($155,000) and cyber threat intelligence analyst ($145,000).
The report also noted that organizations continue to invest more in GRC and this is leading to greater compensation for skilled cyber professionals who can fill these roles. The average salary for roles in this category ranges from $118,000 for a privacy analyst position up to $180,000 for data privacy officer. A cybersecurity or privacy attorney has an average salary of $165,000.
“Governance, risk and compliance roles have evolved into a strategic priority as organizations navigate increasing compliance pressures and reputational risks,” Patrick Tiquet, vice president for security and architecture at Keeper Security, told Dice. “For those looking to move into the highest-paying roles, it’s not just technical expertise that matters—it’s the ability to anticipate threats, adapt to emerging technologies and align cybersecurity with business continuity. That kind of strategic, defense-in-depth thinking is becoming the standard for modern security teams.”
Offensive cybersecurity roles are also seeing rising salaries, a trend that caught attendees’ attention at the 2025 RSA Conference in San Francisco.
The CyberSN data shows four positions within this category: Penetration tester, threat hunter ($155,000 each), red teamer ($180,000) and application security engineer ($185,000).
Bugcrowd Founder Casey Ellis noted that the reasons why offensive security specialists and red teamers are seeing their salaries increase are: “Red teaming isn’t just about finding vulnerabilities, it’s about building cyber resilience through adversarial testing. It’s a mindset shift, and the organizations embracing it are the ones staying ahead of the curve.”
When considering what skills cyber professionals need to move into higher salary ranges, Tiquet noted that offensive security skills, along with other deeper specializations, are becoming more in-demand as the threat landscape changes and new technologies are needed to address security concerns.
“We’re seeing salaries reflect this shift—roles in cloud security, identity and access management, threat hunting, DevSecOps and product security engineering are commanding top compensation because they are critical to defending modern digital infrastructure,” he added.
Cybersecurity Management Tracks and Salaries
The data also demonstrates that cybersecurity management remains the one career track that holds the most promise for pay. The six positions listed by CyberSN include:
C-Suite ($350,000 average annual salary)
Chief Information Security Officer ($325,000 average annual salary)
Chief Security Officer ($310,000 average annual salary)
Cybersecurity Director ($230,000 average annual salary)
Cybersecurity Lead ($180,000 average annual salary)
Cybersecurity Manager ($200,000 average annual salary)
As AI and other technologies automate more security functions, these management salaries show that human expertise remains critical to enable these advances, said Chris Gray, field CTO at Deepwatch.
“Managers are the ones who identify issues, develop improvements and manage the advancement of the programs,” Gray told Dice. “These [leaders] ability to focus, organization and—most importantly—communicate and negotiate capabilities are more critical than ever before as the capability migrations occur. This functional area will likely become less focused on leading people and more oriented toward managing the enabled programmatic outcomes.”
The ability to communicate and demonstrate how cybersecurity benefits the overall organization is also a crucial component of another category (Planning) that lists four positions where the average annual salary is $175,000 or higher. These include: Cybersecurity advisor, cybersecurity program manager, cybersecurity project manager and security architect.
In these roles, Gray notes, professionals who communicate well and explain risk clearly will command higher salaries despite increasing automation.
“Practitioners need to understand that our field is being optimized through automation. This automation is great at performing repetitive tasks, but the ability to find bad actors and communicate effectively is still deeply in the human realm,” Gray noted. “Security practitioners need to find the areas where our world rubs up against the automation capabilities and build their skillsets to further enable and utilize these processes. Do not fight the future—enable it and be the best enabler that you can. The salaries and roles will follow.”
