Cybersecurity Careers 2025
Real salary data, demand trends, and career paths — updated for the current market.
3.5M
Unfilled Jobs Globally
+35%
Industry Growth (2025)
$107K
US Median Salary
0%
Unemployment Rate
All Roles at a Glance
| Role | Level | US Salary Range | Demand | Key Skills |
|---|---|---|---|---|
| SOC Analyst I | Entry | $52K – $75K | SIEM, Splunk, log analysis, triage | |
| SOC Analyst II / III | Mid | $75K – $110K | Threat hunting, EDR, SOAR, detection rules | |
| GRC Analyst | Entry–Mid | $60K – $105K | ISO 27001, SOC 2, NIST, risk assessments | |
| Incident Responder | Mid | $80K – $130K | DFIR, Volatility, memory forensics, malware triage | |
| Penetration Tester | Mid | $85K – $145K | Metasploit, Burp Suite, Python, OSCP | |
| Threat Intelligence Analyst | Mid–Senior | $90K – $145K | MITRE ATT&CK, OSINT, STIX/TAXII, APT research | |
| Malware Analyst | Mid–Senior | $95K – $150K | IDA Pro, x64dbg, assembly, sandbox analysis | |
| AppSec Engineer | Mid–Senior | $105K – $165K | OWASP Top 10, SAST/DAST, secure SDLC, code review | |
| Cloud Security Engineer | Senior | $120K – $185K | AWS/Azure/GCP security, Terraform, IAM, CSPM | |
| Detection Engineer | Senior | $115K – $175K | Sigma/YARA, KQL, Python, threat modelling | |
| Red Team Lead | Senior | $135K – $200K | C2 frameworks, AD exploitation, custom tooling, red team ops | |
| Security Architect | Senior–Staff | $150K – $220K | Zero-trust, SABSA, enterprise architecture, TOGAF | |
| CISO | Executive | $200K – $450K+ | Board reporting, strategy, budget, CISSP/CISM, leadership |
Common Career Paths
🛡️ Blue Team / Defensive
SOC Analyst I
→
SOC Analyst II/III
→
Detection Engineer
→
Security Architect
Start with CompTIA Security+ → CySA+ → GCIA → GCIH. Build experience with Splunk, Elastic, and EDR platforms.
🔴 Red Team / Offensive
CTF Player
→
Junior Pentester
→
Pentester / IR
→
Red Team Lead
TryHackMe / HTB → eJPT → OSCP → CRTO. Practice on HackTheBox, build custom C2 tooling.
☁️ Cloud Security
Cloud Engineer
→
Cloud Security Eng
→
Cloud Architect
→
Director / CISO
AWS SAA → AWS Security Specialty → CCSP. Build skills in Terraform, CSPM tools (Prisma/Wiz), and cloud-native IAM.
📋 GRC / Management
GRC Analyst
→
Risk Manager
→
Compliance Director
→
CISO / vCISO
CompTIA Security+ → CISM → CISSP. Develop expertise in ISO 27001 implementation, NIST CSF, and regulatory compliance (GDPR, HIPAA, MAS TRM).
Top Hiring Companies (2025)
🌐 Global Security Vendors
CrowdStrike
Palo Alto Networks
SentinelOne
Fortinet
Zscaler
Wiz
Tenable
Rapid7
Qualys
Darktrace
💼 Big Tech & Cloud
Google (Mandiant / GCAT)
Microsoft Security
Amazon AWS Security
Meta Security
Apple Platform Security
Cloudflare
Cisco Talos
IBM X-Force
🏦 Financial & Consulting
Deloitte Cyber
PwC Cybersecurity
KPMG Advisory
Accenture Security
JPMorgan Chase
Goldman Sachs
HSBC Cyber
Bank of America
🏙️ Hong Kong & APAC
HKMA (HK Monetary Authority)
SFC (Securities & Futures Commission)
HKCERT
HKEX Technology
Cathay Pacific IT Security
MTR Corporation
CLP Group
HKSAR GCSD
Standard Chartered HK
HSBC APAC