Cybersecurity Analysts Salary

mnashe

I received an email today from CompTIA about cybersecurity jobs. In the article, they list Cybersecurity Analysts with a salary range of $55,560 to $153,090. They list Pentester as $101,000 and Cybersecurity Engineer with a range of $107,000-$127,000.

This seems off to me, but I'm not in the security field, so I don't know. I didn't think analysts would make up to $153,000 and I would assume pen testing and engineers would make more than analysts

LeBroke

An analyst is a very catch-all term. I have a friend that's contracting in Calgary (so not even US salaries) for $120/hour, for example. His title? Security Analyst.

His previous title was Security Architect at a multinational, and he's also been running his own company for a good 10-15 years now.

Job titles are basically meaningless in tech. I've met a guy whose business card literally said "Computer Janitor." He's a senior sysadmin at a trendy tech company.

CyberCop123

The word "Analyst" is one of the most confusing terms in cyber security.

I've seen jobs where analyst refers to entry level and salary of £25'000

Equally I've seen jobs where analyst is for about £70'000

I found it surprising as I always associated analyst with lower level/junior roles. I think on the most part it is.

Funny though as I've also seen similar trends with "ethical hacker", "vulnerability assessment" and even to some degree pen tester. E.g. Junior may be on £30k but red team lead on £100k+

The only consistent job title for salary and level has been "engineer". Each time they've been well paid jobs.

I think most of it is HR not really understanding the connotations these titles have and also lacking true knowledge of skills and experience of the applicants.

An example of this is

people saying "you haven't got CEH have you?"....
me: no but I have my oscp
Them; ok... mmmm they did ask for ceh though

Danielm7

Yep, in security the blanket terms seem to be analyst, engineer and architect, which covers pretty much everything. You'll find analysts who teach SANS courses and work in the NSA and other people who feel that after 2 years they're too experienced to be an analyst anymore.

cyberguypr

Rule #1: titles mean NOTHING! A security analyst can be anything from a compliance monkey to a highly skilled incident responder or even a reverse engineer. It’s useless to throw salary ranges around without understanding the scope of responsibilities of a particular role. This is part of the problem why I get entry level security positions asking for $100k+ salaries, even when the list of duties we publish clearly shows entry level tasks.

mnashe

thanks all, this explains it. The true analyst role seems cool, but only with that higher end salary lol. Salary is kind of what has kept me away from a security role. I'm already making over 100k doing networking. I'd rather in a security role, but can't compromise the income

chrisone

Pay me 150k and you can call me anything lol

mikey88

chrisone wrote: »

Pay me 150k and you can call me anything lol

ComTIA just wants your money so they'll throw around ridiculous salary ranges. Not saying it's not obtainable just a bit deceiving. Ask around on these forums and you'll get a straight salary answer for your area in 5mins.

NOC-Ninja

the pay depends on the company, location, experience, degree, skills and network.
the title matters but its varies. there is a range of pay on the title. some gets paid less , some gets paid more.

DatabaseHead

This is the same in data.

We have a principal architect who has the title Business Analyst. He makes over 200 an hour. The titles can get ridiculous, what I noticed from my perspective is that contracting agencies who work on premise sometimes carry goofy titles.

For instance I'm a senior BI analyst, but perform roles such as data modeler, (design data models for the business). So in reality my title doesn't match what I do completely......

@ Mikey completely agree.......

Danielm7

mikey88 wrote: »

ComTIA just wants your money so they'll throw around ridiculous salary ranges. Not saying it's not obtainable just a bit deceiving. Ask around on these forums and you'll get a straight salary answer for your area in 5mins.

I had a messy negotiation like that once based 100% off the CompTIA promo emails an employee got. "This says I should be getting $X, but I'm nowhere near that and I just got that certification!"

Blucodex

cyberguypr wrote: »

Rule #1: titles mean NOTHING! A security analyst can be anything from a compliance monkey to a highly skilled incident responder or even a reverse engineer. It’s useless to throw salary ranges around without understanding the scope of responsibilities of a particular role. This is part of the problem why I get entry level security positions asking for $100k+ salaries, even when the list of duties we publish clearly shows entry level tasks.

Everyone is a Senior! I see resumes where their first position is a "senior".

soccarplayer29

Blucodex wrote: »

Everyone is a Senior! I see resumes where their first position is a "senior".

I guess that's what you get when the "entry" level job postings require 5+ years experience.

mnashe

It all makes sense. Thanks everyone

UnixGuy

cyberguypr wrote: »

Rule #1: titles mean NOTHING!....

/thread.