Home Blog Cybersecurity career paths

Cybersecurity career paths

November 22, 2021
A hand points to the cyber security listing on a touch-screen menu

As computers and the internet have evolved, several new cybersecurity career paths have emerged to meet the growing demand for specialized roles. It’s rare to see an IT team handling the complexities of securing a network anymore. Instead, most companies rely on dedicated cybersecurity departments, each of which is split into teams. Every team plays a distinct role in keeping the company secure.1

Companies with large networks spread over multiple locations require experts from a wide range of backgrounds to ensure that every aspect of their security is covered. Incident responders are often the first to address a problem, while network architects focus on improving security and penetration testers look for gaps in the network's defenses.

Three distinct cybersecurity career paths cover the majority of specializations within the field.2 Read on to explore responsibilities and career outlooks for each.

Three routes to success in cybersecurity

The three main paths one can follow in cybersecurity are those of engineer, tester and responder. Each set of roles differs in that it benefits from a distinct type of individual with specific characteristics regarding work ethic, personality type and career aspirations.3

As you consider your goals and the traits that best suit you for a career in cybersecurity, you may find that you excel in the highly technical and challenging world of testing. If you thrive in an environment that’s more social than technical, you may enjoy the social aspect of being a responder. Before choosing which path to pursue, it's important to assess your strengths and identify the sort of environment in which you can do your best work.4


Engineers spend time planning, designing and implementing the cybersecurity infrastructure of a company. They often work with high-level management to discuss the organization’s needs and secure an adequate security budget.

Careers in cybersecurity engineering comprise several mid-to-high-level roles, often filled by experts with many years working in the field. They usually have a long history in IT and have gone on to complete further study in cybersecurity engineering. Junior-level responsibilities involve installing cybersecurity hardware, configuring network security and monitoring for threats.5

The Bureau of Labor Statistics projects 33% job growth for cybersecurity engineers between 2020 and 2030.6 Successful candidates for these positions are typically highly analytical, with strong attention to detail and the ability to operate well under pressure.7 Careers in this area include the following, with median salaries as noted on a leading employment site:8

Security architect: $154,000
These management-level professionals oversee the security of an organization’s network, from design through implementation and the network’s entire operational life. To avoid putting the organization at risk, they oversee changes made to the network. Typically, they handle defensive measures such as implementing and configuring firewalls and anti-virus software, as well as offensive testing.

Chief security officer: $146,000
These executives are responsible for the safety and security of personnel, physical assets, and information in physical and digital form. They’re typically responsible for online safety protocols, risk management, and responding to security incidents. They’re called upon to prevent data breaches, phishing, and malware by developing robust safety and crisis management protocols.

Cloud security engineer: $117,000
Responsible for the operations of an organization’s secure cloud infrastructure, platforms, and software, these specialists build, install, maintain, upgrade and continuously improve cloud networks and cloud-based systems.

Identity and access management engineer: $106,000
Identity and access management ensures that the right people and job roles, known as identities, in an organization can access the tools they need to do their jobs. They enable the organization to:

  • Manage employee apps without logging into each app as an administrator
  • Manage a range of identities including people, software, and hardware such as robotics and Internet of Things devices

Information security analyst: $99,000
Tasked with planning and executing security measures to protect an organization’s computer networks and systems, these analysts are deeply involved with creating procedures that IT employees follow in case of emergency: their organization’s disaster recovery plan. They must stay up to date on IT security and on the latest methods attackers use to infiltrate computer systems. They research new security technology and determine what will most effectively protect their organization.

Security director: $85,000
Responsible for managing the security personnel and systems that keep company data safe, security directors oversee security departments and programs. They implement and maintain information technology-related security measures. Their managerial responsibilities include budgeting and strategic planning, and they must align their company’s practices with legal and regulatory standards.


Testing is a highly specialized area of cybersecurity that involves finding gaps in an organization’s defenses by trying to break into the system. Many cybersecurity testers are ex-hackers who now work to defend the systems they once tried to infiltrate. Successful testers are patient and methodical, with extensive knowledge of all types of networking protocols, operating systems and programming languages. They can spend days or sometimes weeks just gathering information on a network before attempting to breach it.9

It’s not uncommon for an organization to outsource testing responsibilities to a third-party company that specializes in cybersecurity testing, to ensure that the tester has no prior knowledge of the organization’s network.4 The market around penetration testing is predicted to nearly double by 2026, at a Compound Annual Growth Rate (CAGR) of 13.8%.10

Careers in this area include the following, with median salaries as noted on a leading employment site:8

Penetration tester: $102,000
Also called “ethical hackers” or “white hat hackers,” these highly skilled security specialists perform authorized simulated cyberattacks on a company’s computer systems and networks, providing detailed documentation of the steps they took and how successfully they breached security protocols. These tests help identify security vulnerabilities and weaknesses before they can be exploited.

Cybersecurity researcher: $91,000
These investigators research existing types of malware, analyze their capabilities, and attempt to predict new forms of malware in order to develop appropriate security responses. They stay current on all developments in threats to computer software and networks, including computer viruses, malicious software and scripts, as well as direct attacks.

Exploit developer: $81,000
These professionals with high-level security clearance provide on-site support in research and development of software designed to exploit vulnerabilities of adversary technology. This may include algorithm development and software utility development, analysis and reverse engineering of source code, software integration and testing, technical writing and documentation, and lifecycle maintenance of customer software programs.


Responders are the first line of defense between an organization and an active cyber threat. They are tasked with spotting new cyberattacks as they happen, alerting the rest of the team and working to neutralize threats.11 They use security intelligence tools to monitor networks, analyze data and investigate anomalies.

Responders must be open-minded, critical thinkers versed in using threat modeling to anticipate all possible attack vectors at any given time.12 Ten-year growth in this field is projected at around 30%, in line with similar cybersecurity fields.13 Careers in this area include the following, with median salaries as noted on a leading employment site:8

Intrusion analyst: $94,000
These technical leaders are responsible for maintaining the integrity and security of enterprise-wide systems and networks. They support security initiatives through predictive and reactive analysis, and by articulating emerging trends and responses to leadership and staff.

Incident manager: $87,000
Incident managers work to manage the lifecycle of all unplanned interruptions, malfunctions, and quality reductions of provided IT services. They follow incident management protocols and restore provided IT services to normal operation as quickly as possible, prioritizing incidents according to their urgency and influence on the business. They manage and collaborate with incident response teams and report major system issues to upper management.

Incident response analyst: $76,000
Incident response analysts work with incident response teams to identify and monitor security threats to an organization’s cyber systems. They prevent escalation of severe security threats, provide reports to the organization’s security team, utilize tools to minimize the effects of a security breach on the computer network, and perform analysis to ensure that the organization’s computer network is clear of threats. They implement and optimize security tools to prevent threat repetition, communicating with law enforcement about security threats if necessary.

Develop the expertise for your cybersecurity career.

Ranked No. 6 in Best Online Master's in Computer Information Technology Programs by US News & World Report,14 Marquette University’s online Master of Science in Computer and Information Science program gets you career-ready in as little as two years. Through study with expert faculty in a flexible online program, you’ll gain the experience and qualifications to succeed in diverse top IT and cybersecurity roles. Explore our curriculum and reach out to one of our Admissions Advisors today.

  1. Retrieved on November 22, 2021, from medium.com/securebit/understanding-cyber-security-teams-and-roles-cf964d7737ae
  2. Retrieved on November 22, 2021, from computer.org/publications/tech-news/build-your-career/cybersecurity-career-paths/
  3. Retrieved on November 22, 2021, from techradar.com/news/the-three-main-cybersecurity-career-paths
  4. Retrieved on November 22, 2021, from f5.com/labs/articles/cisotociso/the-three-main-cybersecurity-career-paths
  5. Retrieved on November 22, 2021, from betterteam.com/cyber-security-engineer-job-description
  6. Retrieved on November 22, 2021, from www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm#tab-1
  7. Retrieved on November 22, 2021, from resources.infosecinstitute.com/career/cybersecurity-engineer-job-description/
  8. Retrieved on November 22, 2021, from glassdoor.com
  9. Retrieved on November 22, 2021, from jobhero.com/job-description/examples/information-technology/penetration-tester
  10. Retrieved on November 22, 2021, from marketsandmarkets.com/Market-Reports/penetration-testing-market-13422019.html
  11. Retrieved on November 22, 2021, from cybersecurityguide.org/careers/computer-security-incident-responder/
  12. Retrieved on November 22, 2021, from csoonline.com/article/3537370/threat-modeling-explained-a-process-for-anticipating-cyber-attacks.html
  13. Retrieved on November 22­­­­­­­, 2021, from cyberdegrees.org/jobs/incident-responder
  14. Retrieved on November 22, 2021, from usnews.com/education/online-education/marquette-university-OCIT0079/computer-information-technology