Information Security Salaries - Entry/Mid-Level

I've been lucky enough to snag an information security role only having been in the IT industry for 2 years. I'm coming up on my first full year in Info Sec and I feel like I could probably start looking soon for the next pay bump. I have development experience and would consider myself relatively proficient in both Python and Java. I now have my B.S. in IT, hoping to have a "CISSP, (ISC)2 associate" title next Saturday, and am officially enrolled in a Masters program. Currently making just about $24/h with full benefits, which I know is the lowest of the low for my department as a whole.

I'm really wanting to move into either a pen-test or SOC analyst/security engineering role. The pay of these jobs have ranged widely whenever I look. For those currently in this role, what is the range that you're looking at and the location? I'm hoping to get out of the Twin Cities and get to either Denver or NoVA next year, so salaries in that area would help.

I'm hoping for my next jump to be at least a 35%+ bump to around 65k. Am I crazy in thinking I can make this? I this would be pretty low in a areas like NoVA, maybe no so much for Denver.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

YFZblu

Here's my take on the salary piece: I started in a SOC at 55k in Phoenix, where cost of living isn't bad. After about 7 months I left for a pay bump to 74k; again working for a SOC in Phoenix. These were Associate-level positions, I was an L1 analyst. I'm looking at a mid-level promotion around the first of the year, and I expect to be around at least 85k before bonuses. Around 100k including bonuses.

IMO a competent analyst with experience and the ability to wear a developer hat, in NoVA, should be eyeing six figures. Definitely play up the fact that you bring the ability to automate tasks and create value with your ability to code. It's important, as I'm sure you already know.

My understanding is that analysts in NoVA either have no clue of what they're doing, or they're borderline overqualified and many are looking to join the Threat Intelligence space. Good analysts who want to be analysts are well-compensated as a result. Outside of a security hub like NoVA, analysts with a clue are extremely difficult to find - I'm sure you'll have no issue getting the salary you've hinted at in this thread. Good luck - definitely keep us posted if you're able to.

LionelTeo

35% is really possible, so go for it

MSP-IT

Great news. I plan on working a little more on my development skills alongside the OSCP. I really love automation work and could see myself thoroughly enjoying development work in red-team/blue team instead of IAM.

Maybe I'll shoot even higher.

brabbege

Any Northern Jersey Security locals that can ballpark similar starting salaries similar to OP?

docrice

One thing to look at is Glassdoor salary reports for companies with offices in your location(s) of interest. It's probably better if you can find a company with only one location, otherwise salaries from other states / countries might throw you off.

emerald_octane

Full stop, you won't see any gain from the Associate of ISC2 toward CISSP because most recruiters don't even know what it is. Once you get the 4 years experience (+1 for having a degree), I say you'll be drowning in offers.

LionelTeo

35% is possible base on personal experience, PM me if you want to know more

MSP-IT

emerald_octane wrote: »

Full stop, you won't see any gain from the Associate of ISC2 toward CISSP because most recruiters don't even know what it is. Once you get the 4 years experience (+1 for having a degree), I say you'll be drowning in offers.

As long as I can turn up from a keyword search that includes "CISSP".

LionelTeo

You still had to beat the auto resume filtering machine, kinda gross technology.