Cybersecurity Analyst Salary Guide 2026
Cybersecurity Analyst Salary Guide
Information security analysts earned a median annual wage of $124,910 in May 2024, according to the Bureau of Labor Statistics [1]. With employment projected to grow 29 percent from 2024 to 2034, cybersecurity represents one of the fastest-growing and most lucrative career paths in the U.S. economy [2].
Key Takeaways
- The national median salary for cybersecurity analysts is $124,910 per year ($60.05 per hour) under the BLS Information Security Analysts classification (SOC 15-1212) [1]
- Wages range from $69,660 at the 10th percentile to $186,420 at the 90th percentile [3]
- Employment is projected to grow 29 percent from 2024 to 2034, far exceeding the average for all occupations [2]
- Washington and California report the highest cybersecurity salaries nationally [6]
- The persistent global cybersecurity talent shortage gives qualified professionals significant negotiating leverage
National Salary Overview
The BLS tracks cybersecurity analysts under the classification Information Security Analysts (SOC 15-1212), defined as professionals who plan, implement, upgrade, or monitor security measures for the protection of computer networks and information [1]. The May 2024 wage distribution reveals strong compensation at every level [1][3]:
| Percentile | Annual Wage | Hourly Wage |
|---|---|---|
| 10th | $69,660 | $33.49 |
| 25th | $92,160 | $44.31 |
| 50th (Median) | $124,910 | $60.05 |
| 75th | $159,600 | $76.73 |
| 90th | $186,420 | $89.63 |
The $116,760 gap between the 10th and 90th percentiles reflects the enormous variation in cybersecurity roles, from junior SOC analysts monitoring alerts to senior security architects designing enterprise defense frameworks [10]. The median of $124,910 places cybersecurity analysts in the top 20 percent of all wage earners nationally, well above the $49,500 median for all occupations [5].
Approximately 182,800 information security analyst positions existed nationwide as of 2024 [2]. The occupation's relatively small workforce combined with explosive demand growth creates a supply-demand imbalance that continues to push wages upward.
Salary by Experience Level
Cybersecurity compensation scales steeply with experience, as the consequences of security decisions increase with seniority [2][9].
Entry-Level SOC Analyst (0-2 years): Security operations center analysts and junior security engineers typically earn between $69,660 and $92,160, the 10th to 25th percentile range [3]. At this stage, a bachelor's degree in cybersecurity or computer science plus CompTIA Security+ certification represents the typical qualification profile.
Mid-Level Security Analyst (3-5 years): Analysts with incident response experience, threat hunting capabilities, and intermediate certifications (CySA+, GCIA, GCIH) earn between $92,160 and $124,910, spanning the 25th to 50th percentile [3]. Experience with SIEM platforms (Splunk, QRadar, Sentinel) and cloud security significantly accelerates progression through this range.
Senior Security Engineer (6-10 years): Senior professionals responsible for security architecture, penetration testing leadership, or security program management earn between $124,910 and $159,600, the 50th to 75th percentile [3]. CISSP, OSCP, or GXPN certifications are standard at this level.
Principal/Director Level (10+ years): Chief Information Security Officers (CISOs), VP-level security leaders, and principal security architects earn $159,600 to $186,420 and above [3]. CISO compensation at Fortune 500 companies frequently exceeds $250,000 in total compensation, with some exceeding $400,000 [9].
Top-Paying States
Cybersecurity compensation follows the distribution of financial services, technology, and federal government employers [4][6].
| Rank | State | Annual Mean Wage |
|---|---|---|
| 1 | Washington | $145,200 |
| 2 | California | $143,870 |
| 3 | New York | $141,520 |
| 4 | New Jersey | $139,780 |
| 5 | Virginia | $138,400 |
| 6 | Maryland | $136,200 |
| 7 | Massachusetts | $134,900 |
| 8 | Colorado | $132,750 |
| 9 | Connecticut | $131,400 |
| 10 | District of Columbia | $130,200 |
Washington and California lead due to the concentration of major technology employers with massive security operations [6]. Virginia and Maryland's high rankings reflect the Northern Virginia cybersecurity corridor and the proximity to federal intelligence and defense agencies, where cleared cybersecurity professionals command substantial premiums [4]. The D.C. metropolitan area (spanning Virginia, Maryland, and D.C.) collectively employs more cybersecurity professionals than any other region in the country.
Top-Paying Metro Areas
Metro areas with significant federal, financial, or technology presence offer the highest cybersecurity compensation [4][7].
| Metro Area | Annual Mean Wage |
|---|---|
| San Jose-Sunnyvale-Santa Clara, CA | $168,200 |
| San Francisco-Oakland-Berkeley, CA | $162,400 |
| Washington-Arlington-Alexandria, DC-VA-MD | $156,800 |
| New York-Newark-Jersey City, NY-NJ-PA | $152,300 |
| Seattle-Tacoma-Bellevue, WA | $149,700 |
| Boston-Cambridge-Nashua, MA-NH | $145,400 |
| Baltimore-Columbia-Towson, MD | $140,200 |
| Denver-Aurora-Lakewood, CO | $138,500 |
| Dallas-Fort Worth-Arlington, TX | $134,800 |
| Charlotte-Concord-Gastonia, NC-SC | $131,200 |
The San Jose metro area leads at $168,200, reflecting the security needs of major technology companies headquartered in Silicon Valley [4]. The Washington, D.C. metro consistently ranks among the top three due to federal cybersecurity spending, which exceeds $20 billion annually across civilian and defense agencies.
Salary by Specialization
Cybersecurity encompasses numerous specializations with varying compensation profiles [2][9].
Penetration Testing/Red Team: Offensive security professionals (holding OSCP, OSCE, or GXPN) typically earn at or above the 75th percentile ($159,600+) due to the specialized nature of adversarial simulation [3].
Cloud Security: Specialists securing AWS, Azure, and GCP environments (with CCSP, AWS Security Specialty, or AZ-500 certifications) command premiums of 10-20 percent above generalist security roles.
Application Security (AppSec): Developers-turned-security-professionals who perform code review, threat modeling, and secure SDLC implementation earn at the 50th-75th percentile ($124,910-$159,600) [3].
Incident Response and Digital Forensics: IR specialists and forensic analysts earn near the median to 75th percentile, with premiums for those holding GCFA, GNFA, or EnCE certifications.
Governance, Risk, and Compliance (GRC): GRC analysts and managers, particularly those in regulated industries (HIPAA, PCI-DSS, SOX), earn solidly in the 50th-75th percentile range [3]. CISM and CRISC certifications are standard for this track.
Benefits and Total Compensation
Cybersecurity professionals typically receive comprehensive compensation packages that augment base salary [2][9].
Security Clearance Premium: Professionals holding active U.S. government security clearances (Secret, Top Secret, TS/SCI) earn 15-30 percent more than their non-cleared counterparts. The clearance investigation process takes 6-18 months, creating a significant barrier to entry that sustains the premium.
Signing Bonuses: The cybersecurity talent shortage drives signing bonuses of $5,000-$25,000, particularly for cleared professionals or those with niche specializations like OT/ICS security.
Certification Reimbursement: Employers routinely cover the cost of cybersecurity certifications ($300-$1,000+ per exam) and training courses ($2,000-$8,000 per course), representing $5,000-$15,000 in annual professional development value.
Performance Bonuses: Annual bonuses of 10-20 percent of base salary are standard, with some financial services firms offering higher variable compensation.
Stock Options/RSUs: Technology companies increasingly offer equity compensation to cybersecurity professionals, adding 15-40 percent to total compensation at the senior level.
How to Negotiate Your Cybersecurity Analyst Salary
The global cybersecurity workforce gap (estimated at 3.4 million unfilled positions) gives qualified professionals exceptional negotiating leverage [2].
-
Anchor negotiations to BLS percentile data. The 25th-75th percentile range of $92,160 to $159,600 provides an objective market framework [3][11]. Position yourself within this range based on your experience, certifications, and specialization.
-
Quantify the cost of breaches you have prevented. If your threat detection reduced incident response time by 60 percent, or your security assessment identified vulnerabilities that could have led to regulatory fines, convert those outcomes to dollar figures.
-
Stack certifications for compounding value. CISSP provides the broadest salary premium, but adding offensive certifications (OSCP) or cloud security credentials (CCSP) on top creates differentiated expertise. Each major certification adds $5,000-$15,000 in market value [9].
-
Negotiate the security clearance timeline. If an employer needs a cleared professional, the 6-18 month investigation period represents significant cost. Already holding an active clearance commands immediate premium.
-
Leverage the 29 percent growth projection. BLS projects 29 percent employment growth through 2034, dwarfing the average across all occupations [2]. This structural demand expansion gives every cybersecurity professional a market-level tailwind.
-
Consider the consulting premium. Cybersecurity consulting roles at Big Four firms and specialized boutiques often pay 20-40 percent above equivalent in-house positions, with trade-offs in travel and work-life balance.
-
Negotiate incident response on-call compensation. If the role requires after-hours availability for security incidents, negotiate explicit on-call pay or compensatory time off.
Salary Growth and Career Progression
Cybersecurity careers offer among the steepest salary progression curves in the technology sector [2][9].
The typical trajectory from SOC analyst ($69,660-$92,160) to senior security engineer ($124,910-$159,600) spans 5-8 years and represents a 60-90 percent salary increase [3]. This progression is faster than most technology disciplines because the consequence severity of cybersecurity decisions creates strong employer incentive to retain and advance experienced professionals.
The CISO career path represents the highest compensation ceiling, with Fortune 500 CISOs earning $250,000-$500,000+ in total compensation [9]. However, this path requires both deep technical expertise and business leadership capabilities.
With 29 percent projected employment growth from 2024 to 2034 and approximately 17,400 annual openings [2], the supply-demand imbalance is expected to persist. The proliferation of ransomware, supply chain attacks, and regulatory requirements (SEC cybersecurity disclosure rules, CMMC, DORA) continues to expand the scope and importance of cybersecurity roles.
Key Takeaways and Next Steps
Cybersecurity analysts earn a median of $124,910 nationally, with the top 10 percent exceeding $186,420 [1][3]. The 29 percent projected growth rate through 2034 makes this one of the most supply-constrained professional disciplines in the United States [2]. Specialization, certifications, security clearances, and geographic location all provide levers for maximizing compensation.
Presenting your cybersecurity expertise effectively on your resume is essential in a field where technical depth must be balanced with business communication. ResumeGeni's AI-powered resume builder helps cybersecurity analysts articulate their incident response capabilities, certification portfolio, and risk mitigation impact in a format that resonates with both technical hiring managers and HR screening systems.
Frequently Asked Questions
What is the average salary for a cybersecurity analyst in 2025? The national median salary for information security analysts is $124,910 per year ($60.05 per hour) based on BLS May 2024 data [1]. Mean salaries tend to be slightly higher due to the upward skew from senior and specialized roles.
How much do entry-level cybersecurity analysts make? Entry-level SOC analysts and junior security engineers typically earn between $69,660 and $92,160, corresponding to the 10th through 25th percentile [3]. Geographic location and certifications (CompTIA Security+, CySA+) significantly influence starting compensation.
Which cybersecurity certification pays the most? CISSP (Certified Information Systems Security Professional) is consistently associated with the highest average salaries among security certifications. OSCP and GXPN command high premiums in offensive security, while CCSP is increasingly valuable as organizations migrate to cloud [9].
Is cybersecurity a good career financially? Cybersecurity is among the highest-paying and fastest-growing career paths. The median of $124,910 exceeds the national median for all occupations ($49,500) by 152 percent, and 29 percent projected job growth through 2034 ensures sustained demand [1][2][5].
Do cybersecurity analysts with security clearances earn more? Significantly. Active security clearances (Secret, Top Secret, TS/SCI) command premiums of 15-30 percent above non-cleared equivalents [7]. A TS/SCI clearance can add $20,000-$40,000 to annual compensation, particularly in the Washington, D.C. metro area.
How much does a CISO earn? Chief Information Security Officers at mid-size companies typically earn $180,000-$300,000 in total compensation, while Fortune 500 CISOs can earn $300,000-$500,000+ including base salary, bonuses, and equity [9]. CISO compensation has risen sharply due to increased regulatory scrutiny and board-level attention to cybersecurity risk.
Which state pays cybersecurity analysts the most? Washington leads at approximately $145,200 in annual mean wages, followed by California at $143,870 and New York at $141,520 [6]. The D.C.-Virginia-Maryland corridor collectively offers the highest concentration of cybersecurity jobs and competitive salaries driven by federal spending.
Earning what you deserve starts with your resume
AI-powered suggestions to highlight your highest-value achievements and negotiate better.
Improve My ResumeFree. No signup required.