Cybersecurity Analysts Salary

mnashemnashe Member Posts: 136 ■■■□□□□□□□
I received an email today from CompTIA about cybersecurity jobs. In the article, they list Cybersecurity Analysts with a salary range of $55,560 to $153,090. They list Pentester as $101,000 and Cybersecurity Engineer with a range of $107,000-$127,000.

This seems off to me, but I'm not in the security field, so I don't know. I didn't think analysts would make up to $153,000 and I would assume pen testing and engineers would make more than analysts

Comments

  • LeBrokeLeBroke Member Posts: 490 ■■■■□□□□□□
    An analyst is a very catch-all term. I have a friend that's contracting in Calgary (so not even US salaries) for $120/hour, for example. His title? Security Analyst.

    His previous title was Security Architect at a multinational, and he's also been running his own company for a good 10-15 years now.

    Job titles are basically meaningless in tech. I've met a guy whose business card literally said "Computer Janitor." He's a senior sysadmin at a trendy tech company.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    The word "Analyst" is one of the most confusing terms in cyber security.

    I've seen jobs where analyst refers to entry level and salary of £25'000

    Equally I've seen jobs where analyst is for about £70'000

    I found it surprising as I always associated analyst with lower level/junior roles. I think on the most part it is.

    Funny though as I've also seen similar trends with "ethical hacker", "vulnerability assessment" and even to some degree pen tester. E.g. Junior may be on £30k but red team lead on £100k+

    The only consistent job title for salary and level has been "engineer". Each time they've been well paid jobs.

    I think most of it is HR not really understanding the connotations these titles have and also lacking true knowledge of skills and experience of the applicants.

    An example of this is

    people saying "you haven't got CEH have you?"....
    me: no but I have my oscp
    Them; ok... mmmm they did ask for ceh though
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Yep, in security the blanket terms seem to be analyst, engineer and architect, which covers pretty much everything. You'll find analysts who teach SANS courses and work in the NSA and other people who feel that after 2 years they're too experienced to be an analyst anymore.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Rule #1: titles mean NOTHING! A security analyst can be anything from a compliance monkey to a highly skilled incident responder or even a reverse engineer. It’s useless to throw salary ranges around without understanding the scope of responsibilities of a particular role. This is part of the problem why I get entry level security positions asking for $100k+ salaries, even when the list of duties we publish clearly shows entry level tasks.
  • mnashemnashe Member Posts: 136 ■■■□□□□□□□
    thanks all, this explains it. The true analyst role seems cool, but only with that higher end salary lol. Salary is kind of what has kept me away from a security role. I'm already making over 100k doing networking. I'd rather in a security role, but can't compromise the income
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Pay me 150k and you can call me anything lol
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    chrisone wrote: »
    Pay me 150k and you can call me anything lol

    icon_lol.gif ComTIA just wants your money so they'll throw around ridiculous salary ranges. Not saying it's not obtainable just a bit deceiving. Ask around on these forums and you'll get a straight salary answer for your area in 5mins.
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • NOC-NinjaNOC-Ninja Member Posts: 1,403
    the pay depends on the company, location, experience, degree, skills and network.
    the title matters but its varies. there is a range of pay on the title. some gets paid less , some gets paid more.
  • DatabaseHeadDatabaseHead Member Posts: 2,760 ■■■■■■■■■■
    This is the same in data.

    We have a principal architect who has the title Business Analyst. He makes over 200 an hour. The titles can get ridiculous, what I noticed from my perspective is that contracting agencies who work on premise sometimes carry goofy titles.

    For instance I'm a senior BI analyst, but perform roles such as data modeler, (design data models for the business). So in reality my title doesn't match what I do completely......

    @ Mikey completely agree.......
  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    mikey88 wrote: »
    icon_lol.gif ComTIA just wants your money so they'll throw around ridiculous salary ranges. Not saying it's not obtainable just a bit deceiving. Ask around on these forums and you'll get a straight salary answer for your area in 5mins.
    I had a messy negotiation like that once based 100% off the CompTIA promo emails an employee got. "This says I should be getting $X, but I'm nowhere near that and I just got that certification!"
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    cyberguypr wrote: »
    Rule #1: titles mean NOTHING! A security analyst can be anything from a compliance monkey to a highly skilled incident responder or even a reverse engineer. It’s useless to throw salary ranges around without understanding the scope of responsibilities of a particular role. This is part of the problem why I get entry level security positions asking for $100k+ salaries, even when the list of duties we publish clearly shows entry level tasks.

    Everyone is a Senior! I see resumes where their first position is a "senior".
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    Blucodex wrote: »
    Everyone is a Senior! I see resumes where their first position is a "senior".

    I guess that's what you get when the "entry" level job postings require 5+ years experience.
    Certs: CISSP, CISA, PMP
  • mnashemnashe Member Posts: 136 ■■■□□□□□□□
    It all makes sense. Thanks everyone
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    cyberguypr wrote: »
    Rule #1: titles mean NOTHING!....


    /thread.
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

Sign In or Register to comment.