There’s a serious skills gap in the information security industry. Cybersecurity specialists are hard to come by, causing a major talent shortage in the U.S. To give one example, technology industry data firm CyberSeek estimates that of 128,000 information security analyst openings across the country, only 88,000 are filled. That’s 40,000 empty seats in one of the cybersecurity’s most-advertised roles to find occupants for.
If you’re looking to go a little more niche, these six specialist roles could net big rewards.
Information Systems and Security Director
Also known as cybersecurity director, this role is responsible for the day-to-day implementation and maintenance of cutting-edge cyber defenses. These will need to guard against attacks involving intrusion, breaches and malware – anything that might put customers’ information or trade secrets at risk.
Required education: A four-year degree is a must-have for some of these jobs, with an additional master’s being a common requirement. Information technology, computer science or software engineering are some of the fields recruiters look for. Having industry certifications is often an added bonus and they certainly help boost a resume.
Make sure you follow: Eric Vanderburg, director of information systems and security at Jurinnov. His day job involves leading a cybersecurity team to protect sensitive data, apply security governance and counter security breaches.
Salary range: $103,353 to $173,619
Malware Intelligence Analyst
Putting viruses, worms, bots, ransomware and other cyber threats under the microscope is all in a day’s work. A malware intelligence analyst applies that knowledge toward stopping threats before they develop.
Required education: A four-year degree in a field such as computer engineering, with certification in computer forensics.
Make sure you follow: Jerome Segura, lead malware intelligence analyst at Malwarebytes. Constantly at the frontline of malware detection, in 2016 he spotted attacks targeting the likes of MSN, AOL, the New York Times and the BBC.
“The biggest challenges will always be trying to bridge the gaps between users and technology in a connected world that is evolving at a very fast pace,” Segura told SC Media. “Security is not a state but rather a continuous journey with bumps along the road.”
Salary range: $54,000 to $120,000
Principal Security Consultant
Often working as a contractor, a lead, or principal security consultant, this role serves as the experienced professional that IT managers take guidance from. Building secure systems, devising network-wide security plans and managing roll-outs are common responsibilities.
Required education: Most companies look for hands-on experience rather than specific college qualifications. Soft skills such as communication and influencing are very helpful.
Make sure you follow: Ben Rothke, principal security consultant at Nettitude. His experience has seen him designing cybersecurity defenses for automotive manufacturers, financial services firms and cloud communication providers.
Salary range: $62,792 to $156,594
A research engineer is responsible for analyzing new exploits in forensic detail. These findings are then passed on to the rest of a cybersecurity team to help underpin any new strategy.
Required education: Extensive knowledge of C/C++ and scripting and programming languages, as well as a bachelor’s and often a master’s degree in computer science.
Make sure you follow: Tod Beardsley, research director at Rapid7. He told InfoSecurity Magazine his job is “to pursue, promote and protect the social good by securing common technologies that we all rely on for commerce and culture.”
Salary range: $55,364 to $116,037
Senior Penetration Tester
A network security expert who’s adept at finding potential exploits in different computer ecosystems, penetration testers (aka Pen testers) are essentially the white witches of the hacking world. They’ll use a mix of in-depth technical skills and imagination to devise advanced security tests.
Required education: While any computer science degree will help, employers really look for practical experience of ethical hacking.
Make sure you follow: Jason Haddix, head of trust and security at Bugcrowd. A self-described “bug hunter,” he’s at the forefront of the penetration testing field.
Salary range: $76,596 to $137,020
Director of Newsroom Information Security
A niche role among niche roles, this cybersecurity director role has a particularly specialized brief: to protect journalists, the organizations they work for and their sources from some of the most fervent hackers around. Often sitting among journalists to advise on security concerns, they’ll design appropriate defenses and policies.
Required education: Bachelor’s or master’s degree in computer science or computer engineering, as well as Certified Information Systems Security Professional qualification.
Make sure you follow: Runa Sandvik, director of information security at The New York Times newsroom. She told Vice.com: “It’s not a pure security role; it’s not a pure support role, it’s a jack-of-all trades type of role, because you end up wearing a whole load of hats.”
Salary range: $71,294 to $165,935
Cybersecurity jobs are some of the hottest around right now. Candidates who can display specialized experience in fields like these are more likely to be snapped up by firms across the U.S.
To further explore opportunities in the industry, check out some more popular and in-demand cybersecurity roles.