By 2025, the global cost of cybercrimes will reach $10.5 trillion each year, up from $6 trillion in 2020. That’s an 11.8% annual growth rate – made even more shocking by the fact that it more than doubles the global economy’s roughly 5.4% growth rate.
With cybercrimes posing such a large and growing threat, it’s no surprise that cybersecurity engineering is one of the fastest growing industries and professions in the world. The global cybersecurity market is projected to grow from $218 billion in 2021 to over $345 billion by 2026. And in 2022, Indeed ranked information security analysts thirteenth in its list of fastest growing careers of the decade.
Cybersecurity engineers are the professionals tasked with protecting the world’s applications and data from a growing list of attacks. In this post, we break down the statistics, job requirements, and responsibilities of a career in cybersecurity engineering.
What Does a Cybersecurity Engineer Do?
As long as developers have been building software, there have been bad actors trying to break into applications and engineers dedicated to stopping them.
Cybersecurity is an advancing discipline concerned with protecting and securing applications, networks, corporate data, and user data. Cybersecurity engineers are responsible for preventing, identifying, and stopping a variety of cyberattacks and breaches.
The types of attacks that cybersecurity engineers have to combat are countless, with bad actors deploying more threats regularly. The most common attacks include:
- Malware
- Phishing
- Ransomware
- Man-in-the-Middle / Machine-in-the-Middle (MITM)
- Denial-of-Service (DOS)
- Distributed Denial-of-Service (DDoS)
- Malware as a Service (MaaS)
- Cross-site scripting (XSS)
- Password attack
- SQL injection
On a more technical level, the core job responsibilities of cybersecurity engineers include:
- Responding to system and network security breaches
- Protecting the organization’s infrastructure and data
- Monitoring for new types of cyber attacks and breaches
- Working with stakeholders to secure new features
- Keeping up-to-date with advancements in technology
- Working in an agile environment
What Kinds of Companies Hire Cybersecurity Engineers?
Any company that produces software will need to hire cybersecurity engineers to protect their applications and data. With companies in every industry becoming increasingly driven by technology, the demand and opportunities for professionals with this skill set will continue to grow. The top sectors hiring for cybersecurity engineers range from small startups to Fortune 500 companies, including:
- Technology
- Finance
- Professional services
- Retail
- Media
- Manufacturing
Types of Cybersecurity Engineer Positions
The titles cybersecurity engineers hold vary drastically, depending on their experience, education, and company.
At the beginning of their career, a cybersecurity engineer typically starts with an entry-level role, like junior cybersecurity engineer or cybersecurity associate. A new cybersecurity engineer usually works in one of these roles for one to three years.
From there, they’ll have the opportunity to move into more senior-level and specialized roles with hands-on engineering experience. Cybersecurity engineering job titles include:
- Network security engineer
- Cybersecurity technician
- Cryptographer
- White hat hacker
- Information security analyst
- Senior cybersecurity engineer
Larger companies that employ a significant number of engineers tend to use well-defined structures and pay grades for their seniority levels. For example, GitLab’s cybersecurity team uses the following title structure:
- Intermediate Security Engineer
- Senior Security Engineer
- Staff Security Engineer
- Principal Security Engineer
- Distinguished Security Engineer
While they spend several years honing their skills, their responsibilities expand to include taking ownership of projects, working independently in a team environment, and mentoring project team members.
With a few years of experience, a cybersecurity engineer often faces a crossroads in their career having to choose between a few paths.
One path is to pivot into managing people and teams. Hiring, mentoring, resource planning and allocation, strategy, and operations become a larger component of the responsibilities of cybersecurity engineers pursuing this career path. At the higher levels of an organization, these job functions might include:
- Information security manager
- Cybersecurity engineering manager
- Director of cybersecurity
- Chief information officer (CIO)
- Chief information security officer (CISO)
Another possible career path is to continue as an individual contributor. Many cybersecurity engineers opt to continue their careers as individual contributors, enjoying equally fulfilling careers and developing deeper technical expertise in various languages and frameworks. Larger organizations might refer to individuals in these positions as individual contributor leadership to communicate the influence of their position.
An experienced cybersecurity engineer might not be interested in (or qualified) to manage a team. And engineers in an individual contributor role have the opportunity to focus on growing their technical skills and learning the newest emerging technologies.
Salary Comparisons and Job Outlook
On average, cybersecurity engineers receive highly competitive compensation packages. However, data sources on technical salaries often present vastly different – and at times conflicting – numbers at both a regional and global level. Estimates of total compensation for cybersecurity engineers in the U.S. range from $120,446 to $140,143.
Current market conditions have made technical salaries especially volatile. Because of this, public salary data may be low or out of date. Total compensation packages, including equity and bonuses, are also changing rapidly. Hiring teams need to conduct their own research to identify salary bands based on their company’s requirements and the technical needs of the role.
The job outlook for cybersecurity engineers is equally promising. As long as there are companies with software and criminals looking to break into that software, there will be a demand for cybersecurity engineers. From 2020 to 2030, The U.S. Bureau of Labor Statistics projects the number of information security professionals in the U.S. to grow by 33 percent.
Requirements to Become a Cybersecurity Engineer
Technical Skills
Cybersecurity engineers use a range of programming languages to secure networks, databases, and applications. But a unique attribute of cybersecurity engineers is that they also have to learn the languages that attackers use to break into a company’s system. Front-end, back-end, and database languages are particularly important, as many web-based attacks happen through the systems built by these technologies.
The languages that cybersecurity engineers use include:
- HTML
- Javascript
- SQL
- Java
- C/C++
- Python
- Ruby
- PHP
Cybersecurity engineers also use a number of tools and frameworks. The exact technologies they’ll work with depend on the role or specialization. These include:
- Wireshark (network protocol analysis)
- Kali Linux (digital forensics and penetration testing)
- Ncat (network monitoring and management)
- SiteLock (website security and monitoring)
- John the Ripper (password cracking)
- PowerShell (task automation)
- Nmap (network scanning)
- Shell scripting
It’s worth noting that there’s a degree of fluidity to the technologies that cybersecurity engineers learn. Cybersecurity is a fast-paced discipline. Engineers in this profession need to continuously evolve and expand their skill sets to outpace the attackers trying to break into their systems.
Soft Skills
Technical competency alone isn’t enough to succeed in a cybersecurity engineering role. Mathematical, analytical, and problem-solving skills are a must in any technical role. And soft skills are even more critical in a remote-first only environment.
Employers may have a preference for cybersecurity engineers with strong soft skills, such as:
- Adaptability
- Time management
- Communication
- Project management
- Problem solving
While soft skills are important to any technical professional, communication skills are particularly important to cybersecurity. Because the majority of cyber attacks target employees, cybersecurity engineers need to have the necessary soft skills to communicate with and train both technical and non-technical stakeholders.
Experience and Education
After competency, the most important qualification for cybersecurity engineers is experience. On-the-job experience and training is a critical requirement for many employers.
Then, there’s the question of education. 63% of cybersecurity engineers have a bachelor’s degree and 15% have a master’s degree. Many employers still require cybersecurity candidates to have four-year degrees.
But competition for skilled cybersecurity engineers is fierce, and it’s common for job openings requiring degrees to go unfilled. There are simply not enough engineers with degrees to fill thousands of open roles out there. Companies looking to hire cybersecurity engineers will have access to a much larger pool of talent and achieve their data initiatives if they recognize other forms of education and experience.