Specialized Security Professional Titles
Standardized job titles, responsibilities, and expectations for specialized and cross-functional security professionals. These roles often span traditional offensive/defensive boundaries or focus on specific security domains.
How to use these tables: Levels are displayed as columns for easy vertical comparison. The attribute column stays fixed while you scroll horizontally.
Enterprise Vulnerability Management (EVM)
Strategic vulnerability identification, risk-based prioritization, and remediation enablement
EVM Analyst
Professionals who identify, assess, and drive remediation of security vulnerabilities across the enterprise. Focus on risk-based prioritization, threat intelligence integration, and enabling systemic remediation rather than transactional ticket management. Partner with asset owners to address root causes and improve organizational security posture.
NICE Framework:
PR-VAM-001 Vulnerability Assessment Analyst
strong
Good overlap on vulnerability identification and prioritization.
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior / Lead | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level EVM analyst learning vulnerability assessment fundamentals and remediation workflows. Assists with scan execution, finding validation, and remediation tracking. Develops foundational understanding of vulnerability types, risk rating methodologies, and the importance of context-driven prioritization. | Junior EVM analyst capable of independently executing vulnerability assessments and facilitating remediation efforts. Demonstrates proficiency in risk-based prioritization and can effectively communicate findings to technical stakeholders. Beginning to understand the importance of addressing root causes over individual findings. | Experienced EVM analyst who drives strategic remediation initiatives and identifies systemic vulnerability patterns. Expert in risk-based prioritization integrating threat intelligence, business context, and exploitability data. Focuses on enabling root-cause remediation rather than individual ticket management. Mentors junior analysts and shapes program processes. | Senior EVM analyst and program leader who defines vulnerability management strategy and drives organizational security improvement. Champions the philosophy that effective vulnerability management enables systemic remediation through automation, threat intelligence, and root-cause analysis rather than overwhelming teams with tickets. Leads major initiatives and represents the program to executive stakeholders. | Distinguished EVM strategist who shapes organizational and industry approaches to vulnerability management. Recognized externally as thought leader in risk-based vulnerability prioritization and strategic remediation. Drives innovation in vulnerability intelligence, automation, and program effectiveness measurement. | Elite EVM strategist with industry-defining influence in vulnerability management and risk prioritization. Operates at the intersection of deep expertise and organizational strategy. Shapes not only practice direction but industry approaches to vulnerability risk management. | Legendary practitioner at the pinnacle of vulnerability management expertise. Globally recognized authority who defines how the industry approaches vulnerability risk identification, prioritization, and remediation. Combines unparalleled expertise with strategic vision. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior EVM analysts. Shadows on remediation discussions with asset owners. Expected to complete scanner training and certification within first 6 months. Learns risk-based prioritization philosophy. | Receives guidance from Senior analysts on complex prioritization decisions. Expected to begin mentoring Entry-level analysts informally. Contributes to process documentation and training materials. Should be developing expertise in specific asset types or vulnerability classes. | Primary mentor for Junior and Entry analysts. Leads training on risk-based prioritization methodology. Expected to develop program procedures and best practices. Establishes reputation as expert in vulnerability intelligence and prioritization. | Primary mentor for Mid and Junior analysts. Responsible for analyst career development. Creates program training and development curriculum. Industry mentorship through community engagement. Shapes EVM best practices. | Mentors Senior analysts and emerging leaders. Shapes organizational vulnerability management talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives. |
| Impact Scope | Individual contributor on scan execution and finding validation. Impact limited to assigned scan segments and documentation. Work is reviewed before stakeholder communication. Supports overall program metrics and coverage. | Directly contributes to remediation outcomes. Responsible for accurate prioritization affecting asset owner workload. Analytics inform program decisions. Beginning to influence remediation strategies. | Shapes program strategy and remediation outcomes. Root cause identification prevents future vulnerabilities. Analytics drive organizational security investment. Influences technology and process decisions. | Defines program capabilities and strategic direction. Program effectiveness directly impacts organizational risk posture. Team development impacts security maturity. Executive relationships enable resource allocation. | Industry and organizational transformation. Shapes how vulnerability management is practiced. Multi-year strategic outcomes. Influences industry standards and vendor roadmaps. | Industry-defining impact. Organizational competitive differentiation through security posture. Multi-year strategic transformation. Shapes how vulnerability risk is understood and managed. | Global industry impact. Defines how vulnerability management is practiced. Organizational transformation. Lasting contributions to cybersecurity risk management. |
| Autonomy & Decision Authority | Works under close supervision. Follows established scan procedures and triage guidelines. Limited authority to close or disposition findings independently. Escalates prioritization questions to senior analysts. | Works with moderate supervision. Can make routine prioritization decisions. Authority to facilitate remediation discussions. Escalates risk acceptance and exception requests. | Works independently with strategic guidance. Makes significant prioritization and process decisions. Authority to approve risk acceptances within defined criteria. Consulted on program strategy and tooling decisions. | High autonomy with strategic alignment. Makes significant program and investment decisions. Authority over EVM processes and standards. Trusted to represent program to executives and externally. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with EVM team. May assist with remediation ticket creation. Documents findings in tracking systems. Limited direct interaction with asset owners. | Regular interaction with asset owners and IT teams. Presents findings in remediation meetings. Participates in risk discussions. Documents decisions for audit purposes. | Regular communication with security leadership. Presents to technical and management audiences. Primary analyst contact for major remediation initiatives. Builds relationships with senior asset owners. | Executive and board-level communication on risk posture. Represents program to organizational leadership. Industry conference presentations. Builds relationships with peers at other organizations. | C-suite engagement on risk strategy. Industry-wide influence through publications and speaking. Vendor and standards body relationships. Media and analyst engagement. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry venues. |
| Degree / Experience | Bachelor's degree in IT, Cybersecurity, Computer Science, or related field, OR 1-2 years of IT support or security operations experience, OR completion of vulnerability management training program. | Bachelor's degree in IT, Cybersecurity, or related field, OR 2-4 years of vulnerability management or security operations experience. Demonstrated ability to drive remediation outcomes. | Bachelor's degree in IT, Cybersecurity, or related field, OR 4-6 years of vulnerability management experience. Demonstrated track record of driving strategic remediation outcomes. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of vulnerability management experience. Demonstrated program leadership and strategic impact. Industry recognition through speaking or publications. | Advanced degree often expected, OR 10+ years of elite vulnerability management experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major vulnerability frameworks or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-12 to GS-13) | $115,000 - $150,000 (GS-14 to GS-15) | $145,000 - $180,000 (GS-15 / SES equivalent) | $165,000 - $200,000 (Senior SES equivalent) | $180,000 - $220,000+ (Senior SES / Political appointee) |
| Salary: US Startup | $60,000 - $80,000 | $75,000 - $100,000 | $100,000 - $140,000 | $140,000 - $185,000 + equity | $175,000 - $240,000 + significant equity | $210,000 - $290,000 + major equity | $260,000 - $380,000+ + founder-level equity |
| Salary: US Corporate | $55,000 - $75,000 | $70,000 - $95,000 | $95,000 - $130,000 | $130,000 - $175,000 | $165,000 - $220,000 | $195,000 - $260,000 | $240,000 - $330,000+ |
| Salary: Big Tech (Mag7) | $120,000 - $190,000 | $170,000 - $280,000 | $250,000 - $400,000 | $350,000 - $550,000 | $500,000 - $800,000 | $700,000 - $1,200,000 | $1,000,000 - $2,500,000+ |
EVM Engineer
Technical professionals who build, deploy, and maintain enterprise vulnerability management platforms and infrastructure. Focus on scanner deployment, platform integration, automation development, and enabling analyst effectiveness through tooling and dashboards. Serve as architects for scanning infrastructure and the technical bridge to vendors.
NICE Framework:
PR-VAM-001 Vulnerability Assessment Analyst
partial
Security Titles adds platform engineering and automation scope beyond NICE's assessment focus.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level EVM engineer learning vulnerability scanning platform administration and deployment. Assists with scanner maintenance, agent deployments, and basic platform configuration. Develops foundational understanding of scanning technologies, network architecture requirements, and platform capabilities. | Junior EVM engineer capable of independently managing scanner deployments and platform administration. Demonstrates proficiency in scanning infrastructure and can troubleshoot complex scanning issues. Beginning to develop automation skills and expertise in specific platform capabilities. | Experienced EVM engineer who architects scanning infrastructure and develops platform integrations. Expert in scanner deployment strategies, API integrations, and automation development. Leads platform projects including M&A integrations and capability expansions. Mentors junior engineers and shapes platform standards. | Senior EVM engineer and technical leader who defines platform strategy and architecture for enterprise vulnerability management. Leads complex platform initiatives, M&A integrations, and capability development. Serves as the escalation point for critical platform issues and the primary technical interface with scanning vendors. | Distinguished EVM platform architect who defines organizational platform strategy and drives innovation. Recognized externally as expert in vulnerability management platform architecture and integration. Shapes how scanning infrastructure enables strategic vulnerability management programs. | Elite EVM platform architect with industry-defining technical influence. Operates at the frontier of vulnerability scanning and assessment technology. Shapes how the industry approaches vulnerability detection infrastructure and data platforms. | Legendary EVM platform engineer at the pinnacle of vulnerability scanning and assessment platform expertise. Globally recognized for transformational contributions to vulnerability detection technology. Defines how the industry approaches vulnerability scanning infrastructure. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior EVM engineers. Shadows on platform deployments and integrations. Expected to complete vendor platform training and certification. Learns scanning architecture principles. | Receives guidance from Senior engineers on complex deployments. Expected to begin mentoring Entry-level engineers informally. Contributes to platform documentation and procedures. Should be developing expertise in specific platform capabilities. | Primary mentor for Junior and Entry engineers. Leads training on platform capabilities and architecture. Expected to develop platform standards and patterns. Establishes reputation as expert in scanning infrastructure. | Primary mentor for multiple engineers. Responsible for engineering career development. Creates platform engineering development programs. Industry mentorship through vendor community engagement. | Mentors Senior engineers and emerging technical leaders. Shapes platform engineering career paths. Industry-level mentorship through vendor communities. | Develops technical leadership pipeline. Mentors future industry platform leaders. Legacy through platform innovations and people developed. | Develops generational technical talent. Mentors future industry pioneers. Legacy through lasting technical contributions. |
| Impact Scope | Individual contributor on platform maintenance tasks. Impact limited to assigned infrastructure components. Work is reviewed before production changes. Supports overall scanner coverage and reliability. | Directly maintains scanning infrastructure reliability. Responsible for scanner coverage and health. Platform decisions impact analyst effectiveness. Beginning to influence platform architecture. | Shapes scanning platform capabilities. Architecture decisions impact coverage and effectiveness. Integrations enable program automation. Influences technology investment decisions. | Defines platform capabilities for organization. Strategic decisions impact long-term program effectiveness. Team development impacts engineering maturity. Vendor relationships affect cost and capability. | Organizational platform differentiation. Industry-level impact through vendor relationships. Defines state-of-the-art in vulnerability scanning infrastructure. | Industry-defining platform impact. Shapes how vulnerability scanning is practiced. Organizational competitive differentiation. | Global technical impact. Defines vulnerability scanning capabilities. Lasting contributions to the field. |
| Autonomy & Decision Authority | Works under close supervision. Follows established deployment and maintenance procedures. Limited authority to make platform changes independently. Escalates technical issues to senior engineers. | Works with moderate supervision. Can make routine platform decisions. Authority to deploy standard configurations. Escalates architectural changes and integrations. | Works independently with strategic guidance. Makes significant architecture and integration decisions. Authority over platform configuration standards. Consulted on platform roadmap and vendor selection. | High autonomy with strategic alignment. Makes significant platform and investment decisions. Authority over platform standards and architecture. Trusted to represent organization with vendors. | Near-complete technical autonomy. Strategic influence on platform direction. Shapes investment priorities. Makes decisions with significant organizational impact. | Full technical autonomy. Strategic authority over platform direction. May have significant R&D budget authority. Shapes organizational strategy. | Complete technical autonomy. Executive authority over platform domain. Shapes organizational and industry direction. |
| Communication & Stakeholders | Primarily internal communication with EVM team. Documents work in ticketing systems. Participates in team meetings. Limited interaction with vendor support under guidance. | Regular interaction with EVM analysts and IT teams. Coordinates with network and infrastructure teams. Engages vendor support on technical issues. Documents changes for team consumption. | Regular communication with security leadership. Presents technical recommendations to stakeholders. Primary technical contact for vendor relationships. Coordinates with enterprise architecture. | Executive-level communication on platform strategy. Represents engineering to organizational leadership. Vendor executive relationships. Industry event participation. | C-level technical engagement. Vendor executive relationships. Industry conference keynotes. Shapes vendor product roadmaps. | Industry-defining technical presence. Vendor strategic engagement. Premier conference keynotes. Media thought leadership. | Global technical authority. Premier industry venues. Vendor and government engagement. Media presence. |
| Degree / Experience | Bachelor's degree in IT, Computer Science, Cybersecurity, or related field, OR 1-2 years of system administration or IT operations experience, OR completion of relevant technical training program. | Bachelor's degree in IT, Computer Science, or related field, OR 2-4 years of vulnerability management platform or security infrastructure experience. Demonstrated platform administration skills. | Bachelor's degree in Computer Science, IT, or related field, OR 4-6 years of vulnerability management platform engineering experience. Demonstrated track record of successful platform implementations. | Bachelor's or Master's degree in relevant field, OR 6-10 years of vulnerability management platform engineering experience. Demonstrated team leadership and strategic impact. | Advanced degree often expected, OR 10+ years of elite vulnerability platform engineering with demonstrated industry impact. Recognition is essential. | Advanced degree often present, but recognition is primary qualification. 12+ years of elite experience with transformational platform impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major scanning platforms or techniques. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $60,000 - $80,000 (GS-9 to GS-11) | $75,000 - $100,000 (GS-11 to GS-12) | $95,000 - $125,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-14 to GS-15) | $150,000 - $185,000 (GS-15 / SES equivalent) | $170,000 - $210,000 (Senior SES equivalent) | $185,000 - $230,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $70,000 - $90,000 | $85,000 - $115,000 | $115,000 - $155,000 | $150,000 - $200,000 + equity | $185,000 - $255,000 + significant equity | $225,000 - $310,000 + major equity | $275,000 - $400,000+ + founder-level equity |
| Salary: US Corporate | $65,000 - $85,000 | $80,000 - $110,000 | $105,000 - $145,000 | $140,000 - $185,000 | $175,000 - $230,000 | $205,000 - $280,000 | $250,000 - $350,000+ |
| Salary: Big Tech (Mag7) | $120,000 - $190,000 | $170,000 - $280,000 | $250,000 - $400,000 | $350,000 - $550,000 | $500,000 - $800,000 | $700,000 - $1,200,000 | $1,000,000 - $2,500,000+ |
Application Security (AppSec / Product Security)
Secure software development, security testing, threat modeling, and developer enablement
AppSec Engineer
Technical professionals who secure applications throughout the software development lifecycle. Focus on code review, security testing, DevSecOps integration, and developer enablement. Combine defensive expertise (secure coding guidance, SAST/DAST tooling) with offensive skills (manual testing, proof-of-concept development) to identify and help remediate application vulnerabilities. Prioritize enablement over gatekeeping, helping developers build secure code rather than just finding problems.
NICE Framework:
SP-DEV-002 Secure Software Assessor
strong
NICE focuses on assessment; Security Titles also includes SDLC integration and developer enablement.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level AppSec engineer learning application security fundamentals and secure development practices. Assists with security assessments, tool operation, and developer support. Develops foundational understanding of common vulnerabilities, secure coding principles, and application security testing methodologies. | Junior AppSec engineer capable of independently conducting security assessments and supporting development teams. Demonstrates proficiency with security testing tools and can identify vulnerabilities through both automated and manual techniques. Can use Burp Suite or ZAP to validate findings and demonstrate basic proof-of-concepts to developers. | Experienced AppSec engineer who independently conducts comprehensive application security assessments and drives secure development practices. Expert in both automated tooling and manual testing techniques, able to develop sophisticated proof-of-concepts that clearly demonstrate risk. Leads threat modeling sessions, mentors junior engineers, and builds relationships with development teams as a trusted security partner. | Senior AppSec engineer and team leader who defines application security strategy and leads high-impact initiatives. Expert in sophisticated attack techniques, able to identify and demonstrate complex vulnerability chains. Champions the enablement philosophy, building programs that scale security through developer education and tooling rather than creating bottlenecks. Represents AppSec to executive stakeholders. | Distinguished AppSec engineer who shapes organizational and industry approaches to application security. Recognized externally as thought leader in secure development, application testing, or DevSecOps. Drives innovation in assessment methodologies, tooling, and developer enablement programs. | Elite AppSec engineer with industry-defining influence in application security and secure development. Operates at the intersection of deep technical expertise and organizational strategy. Shapes not only practice direction but industry approaches to building secure software. | Legendary practitioner at the pinnacle of application security expertise. Globally recognized authority who defines how the industry approaches secure software development, application testing, and DevSecOps. Combines unparalleled technical expertise with strategic vision. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior AppSec engineers. Shadows on security assessments and code reviews. Expected to complete secure coding training and tool certifications within first 6 months. Learns the enablement-focused philosophy of helping developers. | Receives guidance from Senior engineers on complex assessments. Expected to begin mentoring Entry-level engineers informally. Contributes to documentation and training materials. Should be developing expertise in specific languages or vulnerability classes. | Primary mentor for Junior and Entry engineers. Leads training on assessment methodologies and tools. Expected to develop team procedures and best practices. Establishes reputation as expert in specific application types or vulnerability classes. | Primary mentor for Mid and Junior engineers. Responsible for team career development. Creates assessment methodology training programs. Industry mentorship through community engagement. Shapes AppSec engineering practices. | Mentors Senior engineers and emerging leaders. Shapes organizational AppSec talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives. |
| Impact Scope | Individual contributor on assigned triage and documentation tasks. Impact limited to supporting assessment activities. Work is reviewed before developer communication. Supports overall application security coverage. | Directly contributes to application security outcomes. Responsible for accurate finding validation and prioritization. Remediation guidance impacts developer productivity. Beginning to influence security practices. | Shapes application security practices for assigned products or teams. Assessment quality directly impacts product security. Threat models influence architectural decisions. Developer enablement improves security culture. | Defines AppSec capabilities and strategic direction. Program effectiveness directly impacts product security posture. Team development impacts security organization maturity. Executive relationships enable security investment. | Industry and organizational transformation. Shapes how application security is practiced. Multi-year strategic outcomes. Influences industry standards and vendor roadmaps. | Industry-defining impact. Organizational competitive differentiation through secure software practices. Multi-year strategic transformation. Shapes how application security is understood and practiced. | Global industry impact. Defines how application security is practiced. Organizational transformation. Lasting contributions to secure software development. |
| Autonomy & Decision Authority | Works under close supervision. Follows established assessment procedures and triage guidelines. Limited authority to disposition findings independently. Escalates vulnerability questions to senior engineers. | Works with moderate supervision. Can make routine triage decisions. Authority to validate and close false positives. Escalates complex vulnerabilities and architectural concerns. | Works independently with strategic guidance. Makes significant assessment and prioritization decisions. Authority over tool configuration and scanning policies. Consulted on security architecture and tool selection. | High autonomy with strategic alignment. Makes significant program and investment decisions. Authority over AppSec processes and standards. Trusted to represent program to executives and externally. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with AppSec team. May assist with documenting remediation guidance. Limited direct interaction with development teams initially. | Regular interaction with development teams. Presents findings and remediation guidance. Participates in security review meetings. Documents findings for developer consumption. | Regular communication with development leadership. Presents to technical and management audiences. Primary AppSec contact for assigned development teams. Builds relationships with engineering managers. | Executive-level communication on application risk. Represents AppSec to organizational leadership. Industry conference presentations. Builds relationships with peers at other organizations. | C-suite engagement on application risk strategy. Industry-wide influence through publications and speaking. Vendor and standards body relationships. Media and analyst engagement. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry venues. |
| Degree / Experience | Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field, OR 1-2 years of software development or security experience, OR completion of application security training program. | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 2-4 years of application security or software development experience. Demonstrated ability to find and validate vulnerabilities. | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 4-6 years of application security experience. Demonstrated track record of comprehensive security assessments. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of application security experience. Demonstrated program leadership and strategic impact. Industry recognition through research or speaking. | Advanced degree often expected, OR 10+ years of elite application security experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major application security methodologies or tools. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $65,000 - $85,000 (GS-9 to GS-11) | $80,000 - $105,000 (GS-11 to GS-12) | $100,000 - $130,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-14 to GS-15) | $150,000 - $185,000 (GS-15 / SES equivalent) | $170,000 - $210,000 (Senior SES equivalent) | $185,000 - $230,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $75,000 - $100,000 | $95,000 - $130,000 | $125,000 - $165,000 | $155,000 - $205,000 + equity | $190,000 - $260,000 + significant equity | $230,000 - $320,000 + major equity | $280,000 - $400,000+ + founder-level equity |
| Salary: US Corporate | $70,000 - $95,000 | $90,000 - $120,000 | $115,000 - $155,000 | $145,000 - $190,000 | $180,000 - $240,000 | $215,000 - $290,000 | $260,000 - $360,000+ |
| Salary: Big Tech (Mag7) | $120,000 - $190,000 | $170,000 - $280,000 | $250,000 - $400,000 | $350,000 - $550,000 | $500,000 - $800,000 | $700,000 - $1,200,000 | $1,000,000 - $2,500,000+ |
AppSec Architect
Strategic technical leaders who design secure application architectures, develop security standards, and build frameworks for secure software development. Focus on threat modeling, secure design patterns, SSDLC program development, and enterprise-wide application security strategy. Enable development organizations to build security into applications from design through deployment.
NICE Framework:
SP-DEV-001 Software Developer
SP-ARC-002 Security Architect
partial
NICE has no dedicated AppSec architecture role. Closest is a combination of secure development and general security architecture.
| Attribute | Architect 1 / Entry | Architect 2 / Junior | Architect 3 / Mid | Architect 4 / Senior / Lead | Architect 5 / Staff | Architect 6 / Senior Staff | Architect 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level AppSec architect learning secure design principles and application security architecture. Assists with threat modeling, security design reviews, and documentation. Develops foundational understanding of secure architecture patterns, SSDLC frameworks, and application security standards. | Junior AppSec architect capable of contributing to secure design work and conducting threat modeling with guidance. Demonstrates proficiency in security architecture patterns and can participate in design reviews. Understands the importance of enabling secure development without creating friction. | Experienced AppSec architect who independently leads secure design initiatives and threat modeling programs. Expert in security architecture patterns across multiple technology stacks. Develops security standards and frameworks that enable developers to build secure applications efficiently. Mentors junior architects and shapes organizational security design practices. | Senior AppSec architect who sets direction for enterprise application security architecture. Leads complex, high-impact architecture initiatives and serves as the escalation point for difficult design challenges. Drives security architecture strategy and builds frameworks that scale secure development across the organization. | Distinguished AppSec architect who defines organizational application security architecture vision and strategy. Recognized externally as industry expert in secure design, threat modeling, or SSDLC frameworks. Shapes how secure software architecture is practiced and drives innovation in security-by-design approaches. | Elite AppSec architect with industry-defining influence in application security architecture and secure design. Operates at the intersection of deep architectural expertise and organizational strategy. Shapes not only practice direction but industry approaches to building secure software at scale. | Legendary practitioner at the pinnacle of application security architecture expertise. Globally recognized authority who defines how the industry approaches secure software design, SSDLC, and security-by-design. Combines unparalleled architectural depth with strategic vision and transformational leadership. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior AppSec architects. Shadows on threat modeling and design reviews. Expected to complete secure architecture training. Learns to balance security with developer experience. | Receives guidance from Senior architects on complex designs. Expected to begin mentoring Entry-level team members. Contributes to architecture standards and patterns. Should be developing expertise in specific architecture domains. | Primary mentor for Junior and Entry architects. Leads architecture training and knowledge sharing. Expected to develop architecture patterns and standards. Establishes reputation as expert in specific architecture domains. | Primary mentor for Mid and Junior architects. Responsible for architecture team development. Creates architecture career paths and programs. Industry mentorship through community engagement. | Mentors Senior architects and emerging leaders. Shapes architecture career paths organization-wide. Industry-level mentorship through community engagement. Develops architecture thought leaders. | Develops organizational architecture leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry architecture leadership pipeline. Mentors future industry leaders. Legacy-building through generational impact. May sponsor architecture education initiatives. |
| Impact Scope | Individual contributor on documentation and research. Impact limited to supporting architecture deliverables. Work is reviewed by senior architects. Contributes to architecture team effectiveness. | Directly contributes to secure design quality. Responsible for specific architecture components. Design decisions impact application security posture. Beginning to influence architecture standards. | Shapes security architecture for major applications and platforms. Standards and patterns improve organizational security posture. Influences technology strategy and investment. Developer enablement improves security culture. | Defines application security architecture for organization. Strategic decisions impact long-term security posture. Team development impacts organizational maturity. Architecture standards enable secure development at scale. | Organizational and industry-level impact. Defines how application security architecture is practiced. Shapes organizational security transformation. Influences industry standards and practices. | Industry-defining architecture impact. Organizational competitive differentiation through secure design practices. Multi-year strategic transformation. Shapes how secure software is designed. | Global industry architecture impact. Defines how secure software is designed. Organizational transformation and long-term success. Creates lasting contributions to the profession. |
| Autonomy & Decision Authority | Works under close supervision. Follows established architecture standards and templates. Limited authority to make design decisions independently. Escalates architecture questions to senior team. | Works with moderate supervision. Can make design decisions within defined scope. Authority to approve standard patterns. Escalates novel or high-risk design decisions. | Works independently with strategic guidance. Makes significant architecture and design decisions. Authority over security standards and patterns. Consulted on major technology and security decisions. | High autonomy with strategic alignment. Makes significant architecture and strategy decisions. Authority over architecture standards and governance. Trusted to represent organization on architecture matters. | Near-complete architecture autonomy. Strategic decision-making authority. Influences organizational direction. Authority over architecture vision. Trusted advisor to executive leadership. | Full autonomy over architecture strategic domain. Executive-level decision authority. May have significant investment authority. Shapes organizational direction. | Complete autonomy over architecture domain. Executive-level decision authority. Shapes organizational and industry direction. May have significant influence over standards and regulations. |
| Communication & Stakeholders | Primarily internal communication with architecture team. Documents findings and research. Participates in design review meetings as observer. Limited stakeholder interaction outside immediate team. | Regular interaction with development teams and architects. Presents design recommendations. Participates in architecture review boards. Documents designs for developer consumption. | Regular communication with development and security leadership. Presents to executive stakeholders. Engages with enterprise architecture. Documents standards for organization. | Executive-level communication on architecture strategy. Presents to steering committees and governance boards. Represents architecture to organizational leadership. Builds relationships with industry peers. | C-suite and board-level engagement. Industry-wide influence through publications. Standards body and industry forum participation. Media and analyst engagement. | Peer engagement with executives and CTOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global industry presence. Regulatory and government engagement. Media thought leadership. Premier industry and academic venues. |
| Degree / Experience | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 3-4 years of software development experience with security exposure. Understanding of application architecture concepts. | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 4-6 years of software architecture or application security experience. Demonstrated ability to contribute to secure designs. | Bachelor's degree in relevant field with strong experience, OR Master's degree with moderate experience, OR 6-8 years of application security architecture experience. Demonstrated track record of successful architecture initiatives. | Master's degree preferred, OR Bachelor's with 8-12 years of application security architecture experience. Demonstrated strategic impact and team leadership. Industry recognition through publications or speaking. | Master's degree or higher often expected, OR 12+ years of application security architecture experience with demonstrated industry impact. Industry recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 14+ years of elite experience with transformational impact. | Advanced degree often present, but industry recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders of major secure design frameworks or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $85,000 - $110,000 (GS-11 to GS-12) | $100,000 - $130,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-13 to GS-14) | $145,000 - $180,000 (GS-14 to GS-15) | $170,000 - $215,000 (GS-15 / SES equivalent) | $190,000 - $240,000 (Senior SES equivalent) | $210,000 - $270,000+ (Senior SES equivalent) |
| Salary: US Startup | $100,000 - $135,000 | $120,000 - $160,000 | $150,000 - $200,000 | $185,000 - $250,000 + equity | $220,000 - $300,000 + significant equity | $270,000 - $370,000 + major equity | $320,000 - $450,000+ + major equity |
| Salary: US Corporate | $95,000 - $125,000 | $115,000 - $150,000 | $140,000 - $185,000 | $175,000 - $230,000 | $210,000 - $280,000 | $250,000 - $340,000 | $300,000 - $400,000+ |
| Salary: Big Tech (Mag7) | $120,000 - $190,000 | $170,000 - $280,000 | $250,000 - $400,000 | $350,000 - $550,000 | $500,000 - $800,000 | $700,000 - $1,200,000 | $1,000,000 - $2,500,000+ |
Cloud Security (CloudSec)
Multi-cloud security architecture, IAM, DevSecOps, and enabling secure cloud adoption
Cloud Security Engineer
Technical professionals who implement, configure, and maintain security controls in cloud environments. Focus on IAM, network security, CSPM/CWPP tooling, container and Kubernetes security, and infrastructure as code security. Combine deep platform expertise with automation skills to secure cloud workloads at scale. Prioritize enablement over blocking, helping organizations adopt cloud securely rather than slowing them down.
NICE Framework:
PR-INF-001 Cyber Defense Infrastructure Support Specialist
tenuous
NICE predates cloud-native security as a standalone discipline. PR-INF-001 is the closest general infrastructure role.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level cloud security engineer learning cloud security fundamentals and platform-specific controls. Assists with security configurations, policy implementation, and monitoring. Develops foundational understanding of shared responsibility, IAM, network security, and cloud-native security services in one major cloud platform. | Junior cloud security engineer capable of independently implementing security controls and managing cloud security tooling. Demonstrates proficiency in one major cloud platform with developing knowledge of another. Can configure IAM policies, network security, and operate CSPM/CWPP tools effectively. | Experienced cloud security engineer who independently designs and implements comprehensive cloud security solutions. Deep expertise in primary platform with working knowledge of another. Expert in IAM, network security, container security, and security automation. Leads cloud security initiatives, mentors junior engineers, and partners with DevOps teams to enable secure cloud adoption. | Senior cloud security engineer and team leader who defines cloud security strategy and leads high-impact initiatives. Multi-cloud expertise with deep knowledge across platforms. Champions automation-first approaches and builds security programs that enable rather than block cloud adoption. Represents cloud security to executive stakeholders and drives organizational cloud security maturity. | Distinguished cloud security engineer who shapes organizational and industry approaches to cloud security. Recognized externally as thought leader in cloud-native security, multi-cloud architecture, or DevSecOps. Drives innovation in cloud security automation, tooling, and enabling secure cloud adoption at enterprise scale. | Elite cloud security engineer with industry-defining influence in cloud security and DevSecOps. Operates at the intersection of deep technical expertise and organizational strategy. Shapes not only practice direction but industry approaches to securing cloud infrastructure at scale. | Legendary practitioner at the pinnacle of cloud security expertise. Globally recognized authority who defines how the industry approaches cloud security, DevSecOps, and securing cloud-native infrastructure. Combines unparalleled technical expertise with strategic vision. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior cloud security engineers. Shadows on security implementations and reviews. Expected to achieve cloud platform certification within first 6 months. Learns enablement-focused philosophy of accelerating secure cloud adoption. | Receives guidance from Senior engineers on complex implementations. Expected to begin mentoring Entry-level engineers informally. Contributes to documentation and procedures. Should be developing deep expertise in primary platform. | Primary mentor for Junior and Entry engineers. Leads training on cloud security practices. Expected to develop team procedures and automation. Establishes reputation as expert in specific cloud security domains. | Primary mentor for Mid and Junior engineers. Responsible for team career development. Creates cloud security training programs. Industry mentorship through community engagement. Shapes cloud security engineering practices. | Mentors Senior engineers and emerging leaders. Shapes organizational cloud security talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives. |
| Impact Scope | Individual contributor on assigned configuration tasks. Impact limited to supporting security operations. Work is reviewed before implementation. Supports overall cloud security coverage. | Directly implements security controls protecting cloud workloads. Responsible for configuration accuracy and policy effectiveness. Beginning to influence cloud security practices. | Shapes cloud security practices for organization. Security implementations directly impact cloud posture. Automation improves team efficiency. Enables secure cloud adoption at scale. | Defines cloud security capabilities and strategic direction. Program effectiveness directly impacts organizational cloud posture. Team development impacts security maturity. Executive relationships enable security investment. | Industry and organizational transformation. Shapes how cloud security is practiced. Multi-year strategic outcomes. Influences CSP security roadmaps. | Industry-defining impact. Organizational competitive differentiation through cloud security capabilities. Multi-year strategic transformation. Shapes how cloud security is practiced. | Global industry impact. Defines how cloud security is practiced. Organizational transformation. Lasting contributions to securing cloud infrastructure. |
| Autonomy & Decision Authority | Works under close supervision. Follows established procedures and security baselines. Limited authority to make configuration changes independently. Escalates security decisions to senior engineers. | Works with moderate supervision. Can make routine security configuration decisions. Authority to implement approved baselines. Escalates architectural changes and exceptions. | Works independently with strategic guidance. Makes significant security design decisions. Authority over security tooling and automation. Consulted on cloud security architecture decisions. | High autonomy with strategic alignment. Makes significant program and investment decisions. Authority over cloud security standards and tooling. Trusted to represent organization externally. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with cloud security team. Documents configurations and procedures. Limited direct interaction with cloud platform teams initially. | Regular interaction with cloud platform and DevOps teams. Participates in security reviews. Documents findings and recommendations for stakeholders. | Regular communication with cloud platform and security leadership. Presents to technical and management audiences. Primary cloud security contact for assigned platforms or projects. | Executive-level communication on cloud security. Represents cloud security to organizational leadership. Industry conference presentations. Builds relationships with CSP security teams. | C-suite engagement on cloud risk strategy. Industry-wide influence through publications and speaking. CSP executive relationships. Media and analyst engagement. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry venues. |
| Degree / Experience | Bachelor's degree in Computer Science, IT, Cybersecurity, or related field, OR 1-2 years of cloud operations or IT experience, OR completion of cloud security training program. | Bachelor's degree in relevant field, OR 2-4 years of cloud security or cloud engineering experience. Demonstrated ability to implement cloud security controls. | Bachelor's degree in relevant field, OR 4-6 years of cloud security experience. Demonstrated track record of complex cloud security implementations. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of cloud security experience. Demonstrated program leadership and strategic impact. Industry recognition through research or speaking. | Advanced degree often expected, OR 10+ years of elite cloud security experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major cloud security tools or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $65,000 - $85,000 (GS-9 to GS-11) | $80,000 - $110,000 (GS-11 to GS-12) | $105,000 - $140,000 (GS-12 to GS-13) | $130,000 - $165,000 (GS-14 to GS-15) | $155,000 - $195,000 (GS-15 / SES equivalent) | $175,000 - $220,000 (Senior SES equivalent) | $195,000 - $250,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $80,000 - $105,000 | $100,000 - $140,000 | $135,000 - $180,000 | $170,000 - $225,000 + equity | $210,000 - $285,000 + significant equity | $250,000 - $340,000 + major equity | $300,000 - $420,000+ + founder-level equity |
| Salary: US Corporate | $75,000 - $100,000 | $95,000 - $130,000 | $125,000 - $165,000 | $160,000 - $210,000 | $195,000 - $260,000 | $235,000 - $310,000 | $280,000 - $380,000+ |
| Salary: Big Tech (Mag7) | $125,000 - $200,000 | $180,000 - $295,000 | $260,000 - $420,000 | $370,000 - $580,000 | $525,000 - $840,000 | $735,000 - $1,260,000 | $1,050,000 - $2,625,000+ |
Cloud Security Architect
Strategic technical leaders who design cloud security architectures, develop security frameworks, and build strategies for securing cloud infrastructure at enterprise scale. Focus on landing zone design, multi-cloud strategy, zero trust architecture, and enabling secure cloud adoption. Partner with enterprise architecture and cloud platform teams to embed security into cloud foundations.
NICE Framework:
SP-ARC-002 Security Architect
partial
NICE's general architecture role has no cloud specificity. Cloud security architecture is not addressed.
| Attribute | Architect 1 / Entry | Architect 2 / Junior | Architect 3 / Mid | Architect 4 / Senior / Lead | Architect 5 / Staff | Architect 6 / Senior Staff | Architect 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level cloud security architect learning cloud security architecture principles and framework development. Assists with security design reviews, documentation, and reference architecture development. Develops foundational understanding of cloud security patterns, shared responsibility implementation, and enterprise cloud strategy. | Junior cloud security architect capable of contributing to security design work and conducting architecture reviews with guidance. Demonstrates proficiency in cloud security patterns and can participate in landing zone and security framework development. Understands the importance of enabling secure cloud adoption. | Experienced cloud security architect who independently leads cloud security design initiatives and develops enterprise security frameworks. Expert in multi-cloud security patterns with deep knowledge of landing zones, identity architecture, and zero trust implementation. Mentors junior architects and shapes organizational cloud security architecture practices. | Senior cloud security architect who sets direction for enterprise cloud security architecture. Leads complex, high-impact architecture initiatives across multi-cloud environments. Drives cloud security strategy and builds frameworks that enable secure cloud adoption at enterprise scale. Represents cloud security architecture to executive stakeholders. | Distinguished cloud security architect who defines organizational cloud security architecture vision and strategy. Recognized externally as industry expert in cloud security architecture, multi-cloud strategy, or zero trust. Shapes how cloud security architecture is practiced and drives innovation in securing cloud infrastructure at scale. | Elite cloud security architect with industry-defining influence in cloud security architecture and strategy. Operates at the intersection of deep architectural expertise and organizational strategy. Shapes not only practice direction but industry approaches to securing cloud infrastructure at enterprise scale. | Legendary practitioner at the pinnacle of cloud security architecture expertise. Globally recognized authority who defines how the industry approaches cloud security architecture, multi-cloud strategy, and securing cloud-native infrastructure. Combines unparalleled architectural depth with strategic vision and transformational leadership. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior cloud security architects. Shadows on architecture reviews and design sessions. Expected to complete cloud architecture training. Learns to balance security with cloud adoption enablement. | Receives guidance from Senior architects on complex designs. Expected to begin mentoring Entry-level team members. Contributes to architecture standards and patterns. Should be developing expertise in specific cloud security domains. | Primary mentor for Junior and Entry architects. Leads architecture training and knowledge sharing. Expected to develop architecture patterns and standards. Establishes reputation as expert in specific cloud security domains. | Primary mentor for Mid and Junior architects. Responsible for architecture team development. Creates architecture career paths and programs. Industry mentorship through community engagement. | Mentors Senior architects and emerging leaders. Shapes architecture career paths organization-wide. Industry-level mentorship through community engagement. Develops architecture thought leaders. | Develops organizational architecture leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry architecture leadership pipeline. Mentors future industry leaders. Legacy-building through generational impact. May sponsor architecture education initiatives. |
| Impact Scope | Individual contributor on documentation and research. Impact limited to supporting architecture deliverables. Work is reviewed by senior architects. Contributes to architecture team effectiveness. | Directly contributes to security design quality. Responsible for specific architecture components. Design decisions impact cloud security posture. Beginning to influence architecture standards. | Shapes cloud security architecture for major initiatives. Standards and patterns improve organizational cloud security posture. Influences technology strategy and investment. Enables secure cloud adoption at scale. | Defines cloud security architecture for organization. Strategic decisions impact long-term cloud security posture. Team development impacts organizational maturity. Architecture standards enable secure cloud at scale. | Organizational and industry-level impact. Defines how cloud security architecture is practiced. Shapes organizational cloud transformation. Influences industry standards and CSP roadmaps. | Industry-defining architecture impact. Organizational competitive differentiation through cloud security architecture. Multi-year strategic transformation. Shapes how cloud security is designed. | Global industry architecture impact. Defines how cloud security is designed. Organizational transformation and long-term success. Creates lasting contributions to the profession. |
| Autonomy & Decision Authority | Works under close supervision. Follows established architecture standards and templates. Limited authority to make design decisions independently. Escalates architecture questions to senior team. | Works with moderate supervision. Can make design decisions within defined scope. Authority to approve standard patterns. Escalates novel or high-risk design decisions. | Works independently with strategic guidance. Makes significant architecture and design decisions. Authority over cloud security standards and patterns. Consulted on major technology and cloud security decisions. | High autonomy with strategic alignment. Makes significant architecture and strategy decisions. Authority over architecture standards and governance. Trusted to represent organization on architecture matters. | Near-complete architecture autonomy. Strategic decision-making authority. Influences organizational direction. Authority over architecture vision. Trusted advisor to executive leadership. | Full autonomy over architecture strategic domain. Executive-level decision authority. May have significant investment authority. Shapes organizational direction. | Complete autonomy over architecture domain. Executive-level decision authority. Shapes organizational and industry direction. May have significant influence over standards and CSP roadmaps. |
| Communication & Stakeholders | Primarily internal communication with architecture team. Documents findings and research. Participates in design review meetings as observer. Limited stakeholder interaction outside immediate team. | Regular interaction with cloud platform and enterprise architecture teams. Presents design recommendations. Participates in architecture review boards. Documents designs for stakeholder consumption. | Regular communication with cloud platform and security leadership. Presents to executive stakeholders. Engages with enterprise architecture. Documents standards for organization. | Executive-level communication on architecture strategy. Presents to steering committees and governance boards. Represents architecture to organizational leadership. Builds relationships with CSP architecture teams. | C-suite and board-level engagement. Industry-wide influence through publications. Standards body and industry forum participation. Media and analyst engagement. | Peer engagement with executives and CTOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global industry presence. Regulatory and government engagement. Media thought leadership. Premier industry and academic venues. |
| Degree / Experience | Bachelor's degree in Computer Science, IT, or related field, OR 3-4 years of cloud engineering or architecture experience with security exposure. Understanding of cloud architecture concepts. | Bachelor's degree in relevant field, OR 4-6 years of cloud architecture or security experience. Demonstrated ability to contribute to cloud security designs. | Bachelor's degree with strong experience, OR Master's degree with moderate experience, OR 6-8 years of cloud security architecture experience. Demonstrated track record of successful architecture initiatives. | Master's degree preferred, OR Bachelor's with 8-12 years of cloud security architecture experience. Demonstrated strategic impact and team leadership. Industry recognition through publications or speaking. | Master's degree or higher often expected, OR 12+ years of cloud security architecture experience with demonstrated industry impact. Industry recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 14+ years of elite experience with transformational impact. | Advanced degree often present, but industry recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders of major cloud security frameworks or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $90,000 - $115,000 (GS-11 to GS-12) | $110,000 - $140,000 (GS-12 to GS-13) | $130,000 - $165,000 (GS-13 to GS-14) | $155,000 - $195,000 (GS-14 to GS-15) | $180,000 - $230,000 (GS-15 / SES equivalent) | $205,000 - $260,000 (Senior SES equivalent) | $230,000 - $300,000+ (Senior SES equivalent) |
| Salary: US Startup | $110,000 - $145,000 | $135,000 - $175,000 | $165,000 - $220,000 | $200,000 - $270,000 + equity | $245,000 - $330,000 + significant equity | $295,000 - $400,000 + major equity | $350,000 - $480,000+ + major equity |
| Salary: US Corporate | $105,000 - $135,000 | $125,000 - $165,000 | $155,000 - $200,000 | $190,000 - $250,000 | $230,000 - $300,000 | $275,000 - $360,000 | $320,000 - $430,000+ |
| Salary: Big Tech (Mag7) | $125,000 - $200,000 | $180,000 - $295,000 | $260,000 - $420,000 | $370,000 - $580,000 | $525,000 - $840,000 | $735,000 - $1,260,000 | $1,050,000 - $2,625,000+ |
Digital Forensics
Evidence acquisition, artifact analysis, incident response forensics, and legal proceedings support
Forensic Analyst
Technical professionals who conduct digital forensic examinations to support incident response, insider threat investigations, HR matters, and legal proceedings. Focus on evidence acquisition, artifact analysis, timeline reconstruction, and producing court-ready documentation. Maintain strict chain of custody and apply scientific methodology to ensure defensible, reproducible findings. Corporate forensics teams are typically small, requiring practitioners to be versatile across disk, memory, mobile, and cloud forensics as they advance.
NICE Framework:
IN-FOR-002 Cyber Defense Forensics Analyst
direct
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior / Lead | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level forensic analyst learning digital forensics fundamentals and evidence handling procedures. Assists with evidence acquisition, basic analysis, and documentation under direct supervision. Develops foundational understanding of file systems, forensic artifacts, chain of custody requirements, and forensic tool operation. Focuses primarily on Windows disk forensics with exposure to other platforms. | Junior forensic analyst capable of independently conducting routine forensic examinations with guidance on complex matters. Demonstrates proficiency in Windows forensics and developing skills in memory analysis. Can perform complete acquisitions, analyze common artifacts, and produce examination reports. Begins exposure to macOS and Linux forensics. | Experienced forensic analyst who independently conducts complex forensic examinations across multiple platforms. Expert in Windows forensics with strong capabilities in memory analysis, macOS, and developing Linux skills. Leads forensic support for major incidents and produces reports suitable for legal proceedings. May provide testimony in depositions or HR hearings. Begins developing mobile forensics capabilities. | Senior forensic analyst and team leader who defines forensic capabilities and leads high-profile investigations. Expert across disk, memory, mobile, and cloud forensics. Handles the most sensitive investigations including executive matters, major breaches, and cases with significant legal exposure. Provides expert testimony in legal proceedings. Represents forensics to executive stakeholders and external parties. | Distinguished forensic analyst who shapes organizational and industry forensic practices. Recognized externally as thought leader in digital forensics, incident response forensics, or emerging forensic domains. Handles investigations with existential organizational risk. Drives innovation in forensic methodology and tooling. | Elite forensic practitioner with industry-defining influence in digital forensics. Operates at the intersection of deep forensic expertise and organizational strategy. Shapes not only practice direction but industry approaches to digital investigations, evidence handling, and forensic methodology. | Legendary practitioner at the pinnacle of digital forensics expertise. Globally recognized authority who defines how the industry approaches digital investigations, evidence handling, and forensic science. Combines unparalleled technical expertise with strategic vision. May have pioneered forensic methodologies or tools used industry-wide. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior forensic analysts. Shadows on all examinations initially. Expected to complete forensic tool training and achieve foundational certification within first year. Learns the critical importance of evidence integrity and defensible processes. | Receives guidance from Senior analysts on complex cases. Expected to begin assisting Entry-level analysts. Contributes to procedure documentation. Should be developing expertise in specific artifact types or investigation categories. | Primary mentor for Junior and Entry analysts. Leads training on examination techniques. Expected to develop team procedures and playbooks. Establishes reputation as expert in specific forensic domains or investigation types. | Primary mentor for Mid and Junior analysts. Responsible for team career development. Creates forensic training programs and certification paths. Industry mentorship through community engagement. Shapes organizational forensic practices. | Mentors Senior analysts and emerging leaders. Shapes organizational forensic talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the forensics space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field of digital forensics. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact on digital forensics. May fund or sponsor forensic research. |
| Impact Scope | Individual contributor on assigned acquisition and documentation tasks. Impact limited to supporting examination activities. All findings reviewed before inclusion in reports. Supports overall forensic team capacity. | Directly contributes to investigation outcomes. Responsible for accurate analysis and documentation. Reports may be used in HR actions or legal proceedings. Beginning to influence forensic procedures. | Shapes forensic practices for the organization. Complex examination findings directly impact legal outcomes and incident response. Procedural improvements enhance team capabilities. May influence security detection through forensic insights. | Defines forensic capabilities and strategic direction. Investigation outcomes directly impact organizational risk and legal exposure. Team development impacts security maturity. Expert testimony can determine case outcomes. | Industry and organizational transformation. Shapes how digital forensics is practiced. Multi-year strategic outcomes. Influences forensic tool development and standards. | Industry-defining impact. Organizational competitive differentiation through forensic capabilities. Multi-year strategic transformation. Shapes how digital forensics is practiced globally. | Global industry impact. Defines how digital forensics is practiced worldwide. Shapes legal frameworks for digital evidence. Creates lasting contributions to investigative science. |
| Autonomy & Decision Authority | Works under close supervision. Follows established forensic procedures strictly. No authority to make independent evidentiary decisions. Escalates all findings and anomalies to senior analysts. | Works with moderate supervision. Can make routine analytical decisions. Authority to conduct standard examinations independently. Escalates complex findings, legal matters, and scope decisions. | Works independently with strategic guidance. Makes significant analytical and procedural decisions. Authority over examination methodology. Consulted on case strategy and legal coordination. | High autonomy with strategic alignment. Makes significant program and investigation decisions. Authority over forensic standards and procedures. Trusted to handle the most sensitive matters independently. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational and legal impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction on investigative matters. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. Significant influence over industry direction and legal standards. |
| Communication & Stakeholders | Primarily internal communication with forensic team. Documents activities in case management systems. Limited direct interaction with IR team or legal initially. May assist with evidence handoffs. | Regular interaction with IR team and security operations. Presents findings to technical audiences. Coordinates with HR on employee investigations. May interact with legal counsel on case requirements. | Regular communication with legal, HR, and security leadership. Presents findings to executive stakeholders. Primary forensic contact for IR team. Coordinates with external counsel on litigation matters. May interface with law enforcement. | Executive-level communication on investigations and capabilities. Represents forensics to legal leadership and external counsel. Coordinates with law enforcement agencies. May present to board on significant matters. | C-suite engagement on investigative strategy. Industry-wide influence through publications and speaking. Law enforcement and regulatory relationships. Media engagement on forensic matters. | Peer engagement with executives and general counsel. Industry-defining thought leadership. Media and public presence on forensic matters. Government and regulatory engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry and legal venues. Congressional or parliamentary testimony. |
| Degree / Experience | Bachelor's degree in Computer Science, Digital Forensics, Criminal Justice, or related field, OR 1-2 years of IT experience with forensics exposure, OR completion of digital forensics training program. | Bachelor's degree in relevant field, OR 2-4 years of digital forensics or IT security experience. Demonstrated ability to conduct forensic examinations and produce quality reports. | Bachelor's degree in relevant field, OR 4-6 years of digital forensics experience. Demonstrated track record of complex examinations and legal proceedings support. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of digital forensics experience. Demonstrated program leadership and expert testimony experience. Industry recognition through research or speaking. | Advanced degree often expected, OR 10+ years of elite forensic experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of foundational forensic methodologies or tools. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-11 to GS-13) | $115,000 - $150,000 (GS-13 to GS-14) | $140,000 - $175,000 (GS-15 / SES equivalent) | $165,000 - $210,000 (Senior SES equivalent) | $185,000 - $240,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $65,000 - $90,000 | $85,000 - $115,000 | $110,000 - $150,000 | $145,000 - $195,000 + equity | $180,000 - $245,000 + significant equity | $220,000 - $300,000 + major equity | $270,000 - $380,000+ + founder-level equity |
| Salary: US Corporate | $60,000 - $85,000 | $80,000 - $110,000 | $105,000 - $140,000 | $135,000 - $180,000 | $170,000 - $230,000 | $205,000 - $275,000 | $250,000 - $340,000+ |
| Salary: Big Tech (Mag7) | $110,000 - $170,000 | $155,000 - $250,000 | $225,000 - $360,000 | $315,000 - $495,000 | $450,000 - $720,000 | $630,000 - $1,080,000 | $900,000 - $2,250,000+ |
Cyber Threat Intelligence (CTI)
Threat actor tracking, organization-specific risk analysis, and intelligence-driven defense
CTI Analyst
Intelligence professionals who produce actionable threat intelligence tailored to their organization's specific risk landscape. Focus on threat actor tracking, campaign analysis, and intelligence products (strategic, operational, tactical) that inform security decisions. Go beyond republishing external reports by correlating internal data sources to identify organization-specific threats—understanding who the real targets are based on access, exposure, and observed targeting patterns, not just titles. Intelligence serves decisions; if it doesn't inform action, it's just information.
NICE Framework:
AN-TWA-001 Threat/Warning Analyst
AN-ASA-002 All-Source Analyst
direct
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior / Lead | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level CTI analyst learning intelligence fundamentals and collection techniques. Assists with open-source intelligence gathering, indicator processing, and report development. Develops foundational understanding of threat actors, attack frameworks, and analytic tradecraft. Begins learning how to correlate external threats with internal organizational context. | Junior CTI analyst capable of independently producing tactical intelligence products and conducting structured analysis. Demonstrates proficiency in OSINT collection and threat actor research. Begins correlating external threat data with internal telemetry to identify organization-specific risks. Can produce indicator-focused intelligence and contribute to operational reporting. | Experienced CTI analyst who independently produces comprehensive intelligence assessments across strategic, operational, and tactical levels. Expert at correlating internal organizational data with external threat intelligence to identify true risk—understanding that the person with 80% of patent access who receives 30% of phishing attempts may be a higher-value target than the CEO. Leads threat actor tracking and provides intelligence that directly informs security investment and defensive priorities. | Senior CTI analyst and team leader who defines intelligence strategy and leads high-impact analysis. Expert at thinking like an attacker to identify organizational risk—correlating access patterns, targeting data, business context, and threat actor capabilities to produce intelligence that truly reflects threats to the specific organization. Builds intelligence programs that go beyond external report aggregation to deliver unique, actionable organizational insight. | Distinguished CTI analyst who shapes organizational and industry intelligence practices. Recognized externally as thought leader in threat intelligence, threat actor research, or specific threat domains. Produces intelligence that transforms how the organization understands and responds to threats. Drives innovation in threat correlation and organization-specific risk identification. | Elite CTI practitioner with industry-defining influence in threat intelligence. Operates at the intersection of deep intelligence expertise and organizational strategy. Shapes not only practice direction but industry approaches to understanding and responding to sophisticated threats. | Legendary practitioner at the pinnacle of threat intelligence expertise. Globally recognized authority who defines how the industry understands sophisticated threats, threat actors, and adversary operations. Combines unparalleled intelligence expertise with strategic vision. May have named major threat actors or developed foundational intelligence methodologies. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior CTI analysts. Shadows on intelligence production and stakeholder briefings. Expected to complete analytic tradecraft training. Learns the organization's business, assets, and threat landscape to ground intelligence in internal context. | Receives guidance from Senior analysts on complex analysis. Expected to begin mentoring Entry-level analysts informally. Contributes to collection plans and procedures. Should be developing expertise in specific threat actors or industry threats. | Primary mentor for Junior and Entry analysts. Leads training on analytic tradecraft and internal correlation. Expected to develop team procedures and intelligence standards. Establishes reputation as expert in specific threat actors or threat domains. | Primary mentor for Mid and Junior analysts. Responsible for team career development. Creates analytic training programs. Industry mentorship through community engagement. Shapes organizational intelligence practices. | Mentors Senior analysts and emerging leaders. Shapes organizational CTI talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the intelligence space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the threat intelligence field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact on threat intelligence. May fund or sponsor research. |
| Impact Scope | Individual contributor on collection and processing tasks. Impact limited to supporting intelligence production. Work is reviewed before dissemination. Supports overall intelligence coverage. | Directly contributes to organizational threat awareness. Responsible for accurate tactical intelligence. Analysis informs detection and hunting activities. Beginning to influence security priorities based on threat landscape. | Shapes organizational threat understanding. Intelligence directly informs security strategy and investment. Targeting analysis identifies organizational risk beyond obvious assumptions. Intelligence products drive defensive priorities. | Defines intelligence capabilities and strategic direction. Program effectiveness directly impacts organizational threat posture. Team development impacts security maturity. Executive relationships enable threat-informed investment. | Industry and organizational transformation. Shapes how threat intelligence is practiced. Multi-year strategic outcomes. Influences how threats are understood industry-wide. | Industry-defining impact. Organizational competitive differentiation through intelligence capabilities. Multi-year strategic transformation. Shapes how threats are understood globally. | Global industry impact. Defines how threats are understood worldwide. Shapes government and industry response to threats. Creates lasting contributions to intelligence practice. |
| Autonomy & Decision Authority | Works under close supervision. Follows established collection and processing procedures. Limited authority to make analytic judgments independently. Escalates potential threats and findings to senior analysts. | Works with moderate supervision. Can make routine analytic judgments. Authority to produce tactical intelligence products. Escalates strategic assessments and high-confidence attributions. | Works independently with strategic guidance. Makes significant analytic judgments including attribution assessments. Authority over collection priorities and intelligence standards. Consulted on threat-informed defense strategy. | High autonomy with strategic alignment. Makes significant program and analytic decisions. Authority over intelligence standards and priorities. Trusted to represent organization on intelligence matters. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction on threat matters. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. Significant influence over industry and government threat understanding. |
| Communication & Stakeholders | Primarily internal communication with CTI team. Documents collection and findings. Limited direct interaction with intelligence consumers initially. May assist with indicator sharing. | Regular interaction with SOC and detection teams. Briefs technical audiences on threats. Participates in intelligence sharing. Documents analysis for internal consumption. | Regular communication with security and business leadership. Briefs executives on strategic threats. Primary CTI contact for stakeholder groups. Represents organization in intelligence sharing communities. | Executive-level communication on threat landscape. Board briefings on strategic threats. Represents organization in senior intelligence sharing forums. Media engagement on threat topics. | C-suite engagement on threat strategy. Industry-wide influence through publications and speaking. Government and law enforcement relationships. Media engagement on major threats. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Government and international engagement. Media presence on major threats. | Global presence. Government and international engagement. Media thought leadership. Premier intelligence and national security venues. |
| Degree / Experience | Bachelor's degree in Intelligence Studies, International Relations, Computer Science, Cybersecurity, or related field, OR 1-2 years of SOC or security operations experience, OR military/IC intelligence background transitioning to private sector. | Bachelor's degree in relevant field, OR 2-4 years of CTI, SOC, or intelligence experience. Demonstrated ability to produce finished intelligence products. | Bachelor's degree in relevant field, OR 4-6 years of CTI or intelligence experience. Demonstrated track record of high-quality finished intelligence. May have Master's degree or IC background with less corporate experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of CTI or intelligence experience. Demonstrated program leadership and thought leadership. IC senior analyst background highly valued. | Advanced degree often expected, OR 10+ years of elite CTI or IC experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of threat intelligence discipline or major discoveries. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-11 to GS-13) | $115,000 - $150,000 (GS-13 to GS-14) | $140,000 - $175,000 (GS-15 / SES equivalent) | $165,000 - $210,000 (Senior SES equivalent) | $185,000 - $240,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $65,000 - $90,000 | $85,000 - $115,000 | $110,000 - $150,000 | $145,000 - $195,000 + equity | $180,000 - $245,000 + significant equity | $220,000 - $300,000 + major equity | $270,000 - $380,000+ + founder-level equity |
| Salary: US Corporate | $60,000 - $85,000 | $80,000 - $110,000 | $105,000 - $140,000 | $135,000 - $180,000 | $170,000 - $230,000 | $205,000 - $275,000 | $250,000 - $340,000+ |
| Salary: Big Tech (Mag7) | $110,000 - $170,000 | $155,000 - $250,000 | $225,000 - $360,000 | $315,000 - $495,000 | $450,000 - $720,000 | $630,000 - $1,080,000 | $900,000 - $2,250,000+ |
CTI Engineer
Technical professionals who build and maintain the infrastructure that enables threat intelligence operations. Focus on TIP deployment, feed integration, enrichment automation, MITRE ATT&CK operationalization, and detection content development. Bridge the gap between raw intelligence and defensive action by building systems that correlate internal telemetry with external threats. Skills overlap significantly with Detection Engineering; some organizations combine these functions.
NICE Framework:
AN-TWA-001 Threat/Warning Analyst
partial
NICE lacks a CTI platform/engineering role. AN-TWA-001 covers analysis but not the TIP infrastructure and automation focus.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level CTI engineer learning intelligence platform operations and automation fundamentals. Assists with feed integration, indicator processing, and basic platform administration. Develops foundational understanding of TIPs, indicator formats, and how intelligence flows into defensive systems. | Junior CTI engineer capable of independently managing feed integrations and developing basic automation. Demonstrates proficiency with TIP administration and can build enrichment workflows. Begins developing detection content from intelligence and understands the connection between intel and defensive action. | Experienced CTI engineer who independently designs and implements intelligence infrastructure and automation. Expert at building systems that correlate internal organizational data with external threat intelligence. Strong detection engineering capabilities—can translate threat actor TTPs into high-fidelity detections. Mentors junior engineers and shapes platform strategy. | Senior CTI engineer and team leader who defines intelligence infrastructure strategy. Expert at building systems that transform intelligence into defensive action—from automated enrichment to detection deployment to threat hunting enablement. Bridges intelligence and detection engineering to maximize defensive value of threat intelligence. Champions internal threat correlation that identifies organization-specific risk. | Distinguished CTI engineer who shapes organizational and industry approaches to intelligence infrastructure and operationalization. Recognized externally for technical innovation in threat intelligence platforms, detection engineering from intel, or threat correlation systems. Drives next-generation capabilities. | Elite CTI engineer with industry-defining influence in intelligence infrastructure and threat operationalization. Operates at the intersection of deep technical expertise and organizational strategy. Shapes how the industry builds and operates intelligence platforms. | Legendary practitioner at the pinnacle of intelligence engineering expertise. Globally recognized authority who defines how the industry builds threat intelligence infrastructure and operationalizes intelligence for defense. May have created foundational tools or platforms used industry-wide. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior CTI engineers. Shadows on platform development and integration work. Expected to achieve platform certifications within first year. Learns how intelligence operationalization works. | Receives guidance from Senior engineers on complex integrations. Expected to begin mentoring Entry-level engineers informally. Contributes to platform documentation. Should be developing expertise in specific platforms or detection development. | Primary mentor for Junior and Entry engineers. Leads training on platform development and detection engineering. Expected to develop team standards and best practices. Establishes reputation as expert in specific platforms or detection domains. | Primary mentor for Mid and Junior engineers. Responsible for team career development. Creates engineering training programs. Industry mentorship through community engagement. Shapes organizational CTI engineering practices. | Mentors Senior engineers and emerging leaders. Shapes organizational CTI engineering talent strategy. Industry-level mentorship. Develops thought leaders in intelligence engineering. | Develops organizational technical leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to intelligence engineering. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor tool development. |
| Impact Scope | Individual contributor on assigned platform tasks. Impact limited to supporting engineering activities. Work is reviewed before deployment. Supports overall intelligence infrastructure. | Directly contributes to intelligence platform capabilities. Responsible for reliable feed integration and data quality. Automation work improves analyst efficiency. Detection content protects the organization. | Shapes intelligence platform capabilities. Detection content directly protects organization. Internal correlation systems identify organizational risk. Automation enables analyst focus on high-value work. | Defines intelligence engineering capabilities. Platform decisions impact long-term intelligence effectiveness. Detection program improves organizational security posture. Team development impacts security maturity. | Industry and organizational transformation. Shapes how intelligence infrastructure is built. Multi-year strategic outcomes. Influences vendor roadmaps and industry tools. | Industry-defining impact. Organizational differentiation through intelligence capabilities. Multi-year strategic transformation. Shapes how intelligence systems are built globally. | Global industry impact. Defines how intelligence systems are built. Organizational transformation. Creates lasting contributions to the field. |
| Autonomy & Decision Authority | Works under close supervision. Follows established procedures for platform operations. Limited authority to make configuration changes independently. Escalates issues to senior engineers. | Works with moderate supervision. Can make routine platform decisions. Authority to implement standard integrations. Escalates architectural changes and complex development. | Works independently with strategic guidance. Makes significant architecture and development decisions. Authority over platform standards and detection strategies. Consulted on intelligence infrastructure investment. | High autonomy with strategic alignment. Makes significant platform and investment decisions. Authority over engineering standards and detection strategies. Trusted to represent organization on technical intelligence matters. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. Significant investment authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. Significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with CTI team. Documents configurations and procedures. Limited direct interaction with consumers of intelligence systems. | Regular interaction with CTI analysts and SOC teams. Participates in platform planning discussions. Documents technical decisions. Coordinates with security tool teams. | Regular communication with CTI and security leadership. Presents technical strategies. Primary engineering contact for intelligence platform decisions. Coordinates across security teams. | Executive-level communication on intelligence infrastructure. Represents engineering in strategic planning. Builds industry relationships with vendors and peers. May speak at conferences. | C-suite engagement on intelligence technology. Industry-wide influence. Vendor and standards relationships. Media engagement on technical topics. | Peer engagement with executives. Industry-defining thought leadership. Media and public presence. Vendor and standards leadership. | Global presence. Government and international engagement. Media thought leadership. Premier technical venues. |
| Degree / Experience | Bachelor's degree in Computer Science, IT, Cybersecurity, or related field, OR 1-2 years of security operations or IT experience, OR SOC background with interest in automation. | Bachelor's degree in relevant field, OR 2-4 years of CTI engineering, detection engineering, or security automation experience. Demonstrated ability to build integrations and automation. | Bachelor's degree in relevant field, OR 4-6 years of CTI engineering, detection engineering, or security automation experience. Demonstrated track record of complex platform development. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of CTI engineering, detection engineering, or security platform experience. Demonstrated program leadership and technical innovation. | Advanced degree often expected, OR 10+ years of elite CTI engineering experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of intelligence platforms or operationalization approaches. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $60,000 - $80,000 (GS-9 to GS-11) | $75,000 - $100,000 (GS-11 to GS-12) | $95,000 - $125,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-13 to GS-14) | $145,000 - $180,000 (GS-15 / SES equivalent) | $170,000 - $215,000 (Senior SES equivalent) | $190,000 - $250,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $70,000 - $95,000 | $90,000 - $125,000 | $120,000 - $160,000 | $155,000 - $205,000 + equity | $190,000 - $260,000 + significant equity | $235,000 - $320,000 + major equity | $280,000 - $400,000+ + founder-level equity |
| Salary: US Corporate | $65,000 - $90,000 | $85,000 - $115,000 | $115,000 - $150,000 | $145,000 - $190,000 | $180,000 - $245,000 | $220,000 - $290,000 | $265,000 - $360,000+ |
| Salary: Big Tech (Mag7) | $110,000 - $170,000 | $155,000 - $250,000 | $225,000 - $360,000 | $315,000 - $495,000 | $450,000 - $720,000 | $630,000 - $1,080,000 | $900,000 - $2,250,000+ |
Cyber Fraud
Fraud detection, investigation, prevention, and fraud platform engineering across financial crime and account security
Fraud Analyst
Professionals who detect, investigate, and prevent cyber-enabled fraud including account takeover, payment fraud, business email compromise, identity theft, and transaction manipulation. Focus on fraud pattern detection, investigation, loss prevention, and working with law enforcement on criminal referrals. Operate at the intersection of cybersecurity, financial crime, and customer protection — balancing friction reduction with loss mitigation. Corporate fraud teams range from small bank operations units to massive trust-and-safety organizations at fintechs and payment processors.
NICE Framework:
IN-FOR-001 Cyber Crime Investigator
partial
NICE's Cyber Crime Investigator is law-enforcement-flavored. Commercial fraud roles focus on detection, prevention, and loss reduction rather than criminal prosecution.
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level fraud analyst learning fraud detection fundamentals, alert triage, and case management procedures. Reviews flagged transactions and accounts using established fraud rules and decision trees. Develops foundational understanding of common fraud typologies, payment systems, and Know Your Customer (KYC) concepts. Works under close supervision and focuses on queue-based alert review. | Junior fraud analyst capable of independently investigating routine fraud cases and identifying common attack patterns. Demonstrates proficiency with fraud detection tools and can differentiate true fraud from false positives with reasonable accuracy. Begins conducting end-to-end investigations for standard case types and contributing to rule tuning through feedback on alert quality. | Experienced fraud analyst who independently handles complex, high-value, and multi-vector fraud investigations. Leads investigations into organized fraud rings, sophisticated BEC schemes, and cross-channel attacks. Produces regulatory filings and works directly with law enforcement on criminal referrals. Identifies systemic fraud trends and recommends detection improvements. Mentors junior team members on investigation methodology. | Senior fraud analyst and subject matter expert who leads the most complex and sensitive fraud investigations. Serves as the primary escalation point for novel fraud schemes, high-loss events, and cross-functional fraud issues. Deep expertise in multiple fraud domains with the ability to connect disparate signals across channels and products. Drives fraud strategy improvements and partners with engineering on detection system enhancements. May lead a small team or functional area within fraud operations. | Staff-level fraud analyst who operates as a force multiplier across the fraud organization. Designs investigation frameworks, defines fraud taxonomies, and builds systems (analytical, procedural, or organizational) that improve detection and response for the entire team. Bridges fraud operations with engineering, data science, and product to ensure fraud intelligence informs technical solutions. Leads cross-functional initiatives and drives measurable improvements in fraud loss rates. | Senior Staff fraud analyst who shapes how the fraud function operates across the organization. Defines fraud risk appetite, establishes operating models, and drives strategic decisions on fraud prevention investment. Operates as a trusted advisor to executive leadership on fraud exposure and mitigation. Leads transformational initiatives — such as standing up new fraud operations for emerging products, redesigning fraud operating models, or leading enterprise-wide fraud technology migrations. Industry-recognized expertise in financial crime. | Principal fraud analyst — an industry-defining expert whose work shapes how organizations and the broader financial ecosystem approach fraud prevention. Creates methodologies, frameworks, and strategies adopted well beyond their own organization. Advises regulators, shapes industry standards, and publishes research that advances the field. Drives innovations in fraud detection that set new benchmarks for the industry. Operates at the intersection of fraud, cybersecurity, and financial regulation with unmatched depth of expertise. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior fraud analysts. Shadows on complex investigations and SAR filings. Expected to complete fraud operations onboarding and learn primary case management tooling within first 3 months. Develops understanding of fraud typologies through guided case review. | Receives guidance from Senior analysts on complex or high-value cases. Expected to begin assisting Entry-level analysts with case review. Contributes to SOPs and decision tree refinements. Should be developing expertise in specific fraud typologies. | Mentors Analyst 1 and 2 on investigation methodology and case quality. Provides feedback on SAR narratives and case documentation. May lead case review sessions. Receives guidance from Staff-level analysts on strategic fraud initiatives and novel attack vectors. | Actively mentors mid-level analysts and develops their expertise. Conducts case reviews and provides strategic guidance on complex investigations. May serve as functional lead for a fraud domain. Receives guidance from Staff-level on organizational strategy and cross-team initiatives. | Mentors Senior analysts and develops future leaders. Drives professional development strategy for the fraud team. Creates learning resources and investigation guides. Engages with external fraud community to bring in industry best practices. | Mentors Staff-level analysts and shapes leadership development across the fraud function. Sponsors cross-functional development opportunities. Serves as an industry mentor through ACFE or similar organizations. Influences hiring standards and career frameworks. | Mentors senior leaders across the industry, not just within the organization. Shapes the profession through conference keynotes, publications, and standards contributions. Sponsors development of next-generation fraud leaders. May serve on ACFE or industry advisory boards. |
| Impact Scope | Individual contributor on alert queue. Impact limited to correctly dispositioning assigned alerts and escalating true positives. All complex findings reviewed before action. Contributes to team throughput and detection rate metrics. | Directly contributes to fraud loss prevention through case investigation. Responsible for accurate case disposition and timely escalation of emerging patterns. SAR narratives support regulatory compliance. Beginning to influence alert rule quality through feedback. | Leads high-impact investigations that directly reduce fraud losses. Rule tuning recommendations affect detection rates across the organization. Law enforcement referrals can result in criminal prosecution of fraud actors. Trend analysis shapes fraud prevention strategy. | Directly responsible for fraud prevention strategy in assigned areas. Investigation outcomes affect organizational loss rates and regulatory standing. Product fraud assessments influence go-to-market decisions. Playbooks and SOPs define how the broader team operates. | Cross-team influence on fraud detection and prevention. Frameworks and methodologies define how fraud investigations are conducted org-wide. Metrics and dashboards shape leadership decision-making. Industry intelligence sharing contributes to broader fraud ecosystem defense. | Organization-wide influence on fraud strategy, risk appetite, and operating model. Decisions directly affect fraud loss rates, customer experience, and regulatory standing. Technology strategy shapes multi-year fraud prevention capabilities. Industry engagement contributes to sector-wide fraud resilience. | Industry-wide influence on fraud prevention strategy and methodology. Frameworks and research shape how organizations across the sector approach fraud. Regulatory engagement influences policy that affects the entire financial ecosystem. Sets the standard for fraud prevention excellence. |
| Autonomy & Decision Authority | Works under close supervision following established decision trees. Authority to approve or decline low-value transactions per policy thresholds. Escalates all high-value, unusual, or ambiguous cases. No authority to file regulatory reports or contact law enforcement. | Works with moderate supervision. Authority to investigate and close standard fraud cases independently. Can approve or decline transactions within defined value thresholds. Escalates high-value cases, novel patterns, and regulatory reporting decisions. | Works independently on most investigations. Authority to file SARs and make account-level fraud decisions within policy. Can recommend rule changes and threshold adjustments. Escalates novel fraud vectors, high-profile cases, and policy exceptions to leadership. | Works with high autonomy on investigations and fraud strategy. Authority to make high-value case decisions within policy. Can approve rule deployments and threshold changes. Escalates policy changes, resource requests, and enterprise-risk-level issues to leadership. | High autonomy in defining fraud strategy and investigation approaches. Authority to set operational standards and approve process changes. Influences technology investment decisions for fraud tooling. Escalates enterprise risk decisions and budget requests to leadership. | Operates with significant strategic autonomy. Authority to set fraud policy and operating standards. Influences enterprise budget allocation for fraud prevention. Escalates board-level risk decisions and regulatory matters to executive leadership. | Operates with full strategic autonomy. Trusted to represent the organization's fraud position to external stakeholders. Authority to commit the organization on fraud-related industry initiatives. Reports to and advises the most senior executive leadership. |
| Communication & Stakeholders | Primarily internal communication with fraud operations team. Documents findings in case management system. Limited interaction with customers for verification callbacks. May participate in shift handoffs. | Regular interaction with fraud operations and risk teams. Presents case findings to team leads. Coordinates with customer support on account actions. May interact with bank partners on chargeback disputes. | Regular interaction with risk leadership, compliance, and product teams. Presents fraud trend reports to management. Direct communication with law enforcement agencies. Coordinates with bank partners and payment networks on fraud cases. | Regular communication with fraud leadership, compliance, product, and engineering. Presents to senior management on fraud trends and program effectiveness. Interacts with regulators during examinations. Represents fraud operations in enterprise risk forums. | Regular communication with VP-level leadership and executive stakeholders. Presents fraud program status and strategy to senior management. Represents the organization in industry fraud forums. Coordinates with peer organizations on fraud intelligence. | Regular communication with C-suite and board risk committees. Represents fraud program to regulators and law enforcement leadership. Engages with industry bodies at the executive level. Advises product and business leadership on fraud-related strategic decisions. | Engages with board members, C-suite executives, regulators, and law enforcement leadership. Keynotes industry conferences. Advises peer organizations and industry bodies. Direct relationships with payment network and consortium leadership. |
| Degree / Experience | Bachelor's degree in Criminal Justice, Finance, Business, or related field, OR 1-2 years of banking, customer service, or financial operations experience, OR completion of fraud analyst training program. | Bachelor's degree in relevant field, OR 2-4 years of fraud operations, banking, or financial crime experience. Demonstrated ability to investigate fraud cases and produce quality documentation. | Bachelor's degree plus 4-6 years of fraud investigation experience, OR 6-8 years of progressive fraud operations experience with demonstrated expertise in complex investigations. | Bachelor's degree plus 6-8 years of fraud investigation experience, OR 8-10 years of progressive fraud experience with demonstrated leadership in complex investigations and strategy development. | Bachelor's or Master's degree plus 8-12 years of fraud experience, OR 10-14 years of progressive fraud and financial crime experience with demonstrated cross-functional leadership and strategic impact. | Master's degree or equivalent plus 12-16 years of fraud and financial crime experience, OR 14-18 years of progressive experience with demonstrated organizational leadership, strategic impact, and industry recognition. | Master's or doctoral degree plus 15+ years of fraud and financial crime experience, OR 18+ years of progressive experience with industry-wide recognition, published contributions, and demonstrated influence on fraud prevention practices beyond a single organization. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $50,000 - $70,000 (GS-7 to GS-9) | $65,000 - $90,000 (GS-9 to GS-11) | $85,000 - $115,000 (GS-12 to GS-13) | $110,000 - $150,000 (GS-14 to GS-15) | $130,000 - $175,000 (GS-14 to GS-15) | $145,000 - $190,000 (GS-15 to SES) | $160,000 - $200,000 (GS-15 to SES) |
| Salary: US Startup | $50,000 - $70,000 | $65,000 - $90,000 | $90,000 - $120,000 | $120,000 - $160,000 | $150,000 - $200,000 | $180,000 - $240,000 | $200,000 - $280,000 |
| Salary: US Corporate | $50,000 - $75,000 | $70,000 - $100,000 | $95,000 - $130,000 | $130,000 - $175,000 | $160,000 - $220,000 | $195,000 - $260,000 | $220,000 - $300,000 |
| Salary: Big Tech (Mag7) | $110,000 - $165,000 | $150,000 - $240,000 | $220,000 - $350,000 | $300,000 - $480,000 | $360,000 - $550,000 | $450,000 - $650,000 | $550,000 - $750,000 |
Fraud Engineer
Technical professionals who build and maintain fraud detection platforms, develop machine learning models for anomaly detection, design rules engines, and create real-time scoring systems. Focus on the technical infrastructure that enables fraud detection at scale. Combine software engineering, data engineering, and applied machine learning to build systems that score millions of transactions in real time while balancing precision and recall to minimize both fraud losses and customer friction.
NICE Framework:
No direct mapping
tenuous
No NICE equivalent. Fraud detection engineering combines data science, software engineering, and security — a discipline NICE does not address.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level fraud engineer learning the fundamentals of fraud detection systems, rules engines, and transaction scoring pipelines. Assists with rule implementation, basic feature engineering, and monitoring of fraud detection system health. Develops foundational understanding of real-time streaming architectures, fraud model concepts, and the business logic behind fraud decisioning. Works under close supervision on well-defined tasks. | Junior fraud engineer who independently develops and deploys fraud detection rules, builds data pipelines for fraud features, and maintains components of the fraud scoring platform. Demonstrates proficiency in at least one area of the fraud tech stack (rules engine, feature store, or model serving) and can implement moderately complex detection logic. Begins contributing to model feature engineering and understands the feedback loop between fraud operations and detection systems. | Experienced fraud engineer who designs and builds significant components of the fraud detection platform. Leads development of fraud scoring services, feature pipelines, or rules engine capabilities. Combines engineering depth with growing fraud domain knowledge to make effective trade-offs between detection performance, latency, and customer experience. Contributes to ML model development and evaluation. Mentors junior engineers on fraud system design patterns. | Senior fraud engineer and technical leader who owns major components or subsystems of the fraud detection platform. Deep expertise in real-time scoring, ML model lifecycle, or fraud rules infrastructure with the ability to make complex trade-offs between competing requirements. Drives technical strategy for their domain and serves as the escalation point for the most challenging production and design problems. Partners closely with fraud analysts, data scientists, and product teams to align platform capabilities with business needs. | Staff fraud engineer who operates as a force multiplier across the fraud engineering organization. Designs systems, frameworks, and technical strategies that other engineers build upon. Defines the fraud platform architecture and drives cross-cutting technical initiatives that improve the entire fraud detection capability. Bridges fraud engineering with broader infrastructure, data platform, and ML platform teams. Recognized as the technical authority on fraud detection systems within the organization. | Senior Staff fraud engineer who shapes how fraud detection engineering operates at the organizational and industry level. Defines the technical vision for fraud platforms that process billions of transactions, designs novel detection architectures, and drives strategic technology decisions that affect the entire fraud function. Operates as a peer to fraud leadership, translating business strategy into technical roadmaps. Recognized externally as a leader in fraud detection engineering. | Principal fraud engineer — an industry-defining technologist whose work advances the state of the art in fraud detection systems. Creates architectures, algorithms, and engineering approaches adopted across the industry. Operates at the frontier of fraud detection technology — pioneering applications of new ML techniques, designing detection systems for novel fraud vectors, and solving problems no existing playbook addresses. Advises industry bodies, publishes influential research, and shapes how the next generation of fraud platforms are built. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior fraud engineers. Pairs on development tasks and code reviews. Expected to complete onboarding on fraud platform architecture and tools within first 3 months. Develops understanding of fraud domain through collaboration with fraud analysts. | Receives guidance from Senior engineers on architecture decisions and complex implementations. Expected to begin reviewing code from Entry-level engineers. Contributes to technical documentation. Should be developing depth in a specific area of the fraud platform. | Mentors Eng 1 and Eng 2 on fraud platform development patterns. Leads code reviews and provides technical design feedback. Receives guidance from Staff engineers on architecture decisions and cross-platform initiatives. Contributes to engineering hiring and onboarding. | Actively mentors mid-level engineers and develops technical leaders. Conducts architecture reviews and provides strategic technical guidance. May serve as tech lead for a fraud engineering squad. Receives strategic guidance from Staff engineers on cross-platform initiatives. | Mentors Senior engineers and develops technical leaders. Shapes engineering culture and technical standards. Drives hiring bar for fraud engineering. Engages with external technical community through publications, conferences, or open-source contributions. | Mentors Staff engineers and shapes technical leadership across the organization. Defines engineering career frameworks and growth expectations. Engages with the external fraud engineering community through thought leadership. Sponsors development of next-generation technical leaders. | Mentors senior leaders across the industry. Shapes the fraud engineering profession through publications, standards, and community leadership. Sponsors research collaborations with academia. May hold adjunct or advisory positions at universities. |
| Impact Scope | Individual contributor on assigned development tasks. Impact limited to implementing and testing specific rules or features. All code reviewed before deployment. Contributes to overall platform stability and rule coverage. | Directly contributes to fraud detection effectiveness through rule and feature development. Pipeline reliability work affects system availability. Rule optimization measurably impacts false positive rates and detection coverage. Beginning to influence technical direction within their component area. | Leads development of platform components that process millions of transactions. Scoring system performance directly affects fraud detection rates and customer experience. Model features and evaluation work shapes detection capability. Technical decisions influence platform scalability. | Owns subsystems that directly determine fraud detection effectiveness and reliability. Architecture decisions affect platform scalability for years. Technology strategy shapes engineering investment and vendor relationships. Standards and practices define how the fraud engineering team builds software. | Cross-team influence on fraud detection infrastructure and architecture. Platform decisions affect engineering productivity and fraud detection capability at scale. Technical strategy shapes multi-year investment. Standards and frameworks define how the entire fraud engineering organization builds and operates systems. | Organization-wide influence on fraud detection technology and architecture. Technical vision shapes multi-year platform evolution. Strategic decisions affect engineering team structure, vendor relationships, and technology investments. Industry engagement influences how fraud detection engineering is practiced more broadly. | Industry-wide influence on fraud detection technology and architecture. Novel approaches and publications shape how organizations across the sector build fraud systems. Regulatory engagement influences technology requirements affecting the entire industry. Defines what excellence looks like in fraud detection engineering. |
| Autonomy & Decision Authority | Works under close supervision on well-scoped tasks. Follows established development practices and deployment procedures. No authority to deploy rules to production independently. Escalates technical decisions and design questions to senior engineers. | Works with moderate supervision. Authority to deploy rules and features following established review processes. Can make implementation decisions within defined patterns. Escalates architecture decisions, production incidents, and cross-system changes. | Works independently on component design and implementation. Authority to make technical decisions within their domain. Can approve and deploy platform changes following established processes. Escalates cross-service architecture decisions and major technology choices. | High autonomy on technical decisions within their domain. Authority to approve architecture designs and technology choices for their subsystems. Can drive vendor selection processes. Escalates cross-platform architecture decisions, major infrastructure investments, and org-level technical strategy. | Significant autonomy on technical strategy and architecture decisions. Authority to set technical direction for fraud engineering. Influences engineering investment and resource allocation. Escalates organizational strategy, major budget decisions, and cross-divisional technical conflicts to engineering leadership. | Operates with broad strategic autonomy on fraud technology decisions. Authority to set technical direction and influence organizational structure. Drives major technology investment decisions. Escalates enterprise strategy and cross-divisional resource allocation to executive leadership. | Full strategic autonomy on fraud technology vision and innovation. Trusted to represent the organization's technical position to any external stakeholder. Authority to commit the organization on industry technology initiatives. Reports to and advises the most senior technical and business leadership. |
| Communication & Stakeholders | Primarily internal communication with fraud engineering team. Participates in standups and sprint ceremonies. Limited interaction with fraud analysts initially. Documents work in engineering ticketing systems. | Regular interaction with fraud analysts and data scientists. Participates in cross-functional fraud reviews. Communicates technical status in sprint ceremonies. May present technical work to the broader fraud team. | Regular interaction with fraud analysts, data scientists, and product managers. Presents technical designs to the engineering team. Communicates with fraud leadership on system capabilities and trade-offs. Participates in cross-team technical reviews. | Regular communication with fraud leadership, product management, and engineering leadership. Presents technical strategy to senior management. Interfaces with fraud technology vendors. Represents fraud engineering in cross-functional technical forums. | Regular communication with engineering leadership and VP-level stakeholders. Presents technical strategy to senior management. Represents fraud engineering to external partners and at industry conferences. Coordinates with ML platform, infrastructure, and data engineering leadership. | Regular communication with VP and C-suite leadership. Presents technology strategy to executive management and board. Represents the organization at major industry and engineering conferences. Advises peer organizations on fraud engineering practices. | Engages with C-suite, board members, regulators, and industry leaders. Keynotes major engineering and financial crime conferences. Advises peer organizations, startups, and academic researchers. Direct relationships with industry body and standards leadership. |
| Degree / Experience | Bachelor's degree in Computer Science, Software Engineering, Data Science, or related field, OR 1-2 years of software development experience, OR completion of software engineering bootcamp with demonstrated backend and data skills. | Bachelor's degree in Computer Science or related field, OR 2-4 years of software engineering or data engineering experience with exposure to fraud or risk systems. | Bachelor's or Master's degree in Computer Science or related field plus 4-6 years of experience, OR 6-8 years of software/data engineering experience with demonstrated expertise in real-time scoring or fraud systems. | Bachelor's or Master's degree plus 7-10 years of experience in software engineering, ML engineering, or data engineering, OR 9-12 years of progressive experience with demonstrated technical leadership in real-time systems or fraud platforms. | Master's degree or equivalent plus 10-14 years of experience, OR 12-16 years of progressive engineering experience with demonstrated technical leadership, architecture expertise, and cross-organizational influence. | Master's or doctoral degree plus 14-18 years of experience, OR 16-20 years of progressive engineering experience with demonstrated industry influence, architectural innovation, and organizational leadership in fraud or real-time systems. | Doctoral degree or equivalent plus 15+ years of experience, OR 18+ years of progressive engineering experience with industry-wide recognition, published contributions, and demonstrated influence on fraud detection technology beyond a single organization. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-12 to GS-13) | $115,000 - $155,000 (GS-14 to GS-15) | $135,000 - $180,000 (GS-15 to SES) | $155,000 - $195,000 (GS-15 to SES) | $170,000 - $210,000 (GS-15 to SES) |
| Salary: US Startup | $70,000 - $100,000 | $90,000 - $130,000 | $120,000 - $170,000 | $155,000 - $210,000 | $180,000 - $250,000 | $220,000 - $300,000 | $250,000 - $350,000 |
| Salary: US Corporate | $65,000 - $95,000 | $85,000 - $120,000 | $110,000 - $155,000 | $145,000 - $195,000 | $175,000 - $240,000 | $210,000 - $280,000 | $240,000 - $320,000 |
| Salary: Big Tech (Mag7) | $130,000 - $185,000 | $175,000 - $275,000 | $250,000 - $400,000 | $340,000 - $520,000 | $400,000 - $600,000 | $500,000 - $700,000 | $600,000 - $800,000 |
Operational Technology Security (OT Security)
ICS/SCADA security, industrial protocol protection, IT/OT convergence, and critical infrastructure defense
OT Security Engineer
Technical professionals who secure industrial control systems (ICS), SCADA systems, PLCs, DCS, HMIs, and operational technology environments. Focus on OT network segmentation, asset discovery, vulnerability management in environments where patching is constrained, safety system integrity, and bridging the IT/OT security gap. Distinct from IT security engineers — OT environments have unique constraints around availability, safety, and legacy protocols. Many practitioners come from control systems engineering or industrial automation backgrounds rather than traditional IT security.
NICE Framework:
PR-INF-001 Cyber Defense Infrastructure Support Specialist
partial
NICE's infrastructure support role is IT-focused. OT security engineering involves unique constraints around safety systems, legacy protocols, and availability requirements that NICE does not address.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level OT security engineer learning the fundamentals of industrial control system security and operational technology environments. Assists with OT asset inventories, network monitoring, and basic vulnerability assessments. Develops foundational understanding of ICS architectures, industrial protocols, and the critical differences between IT and OT security — including why availability and safety always take priority over confidentiality. | Junior OT security engineer capable of performing basic OT security tasks independently. Can operate passive monitoring tools, conduct guided vulnerability assessments in OT environments, and assist with network segmentation projects. Understands why OT patching requires careful coordination with operations and maintenance windows, and can communicate effectively with both IT security and plant operations teams. | Experienced OT security engineer who independently conducts comprehensive ICS security assessments, leads network segmentation projects, and manages OT vulnerability programs. Expert in balancing security controls with operational availability and safety requirements. Understands the operational impact of security decisions on production processes and can design compensating controls when patching is not feasible. Leads coordination between IT security, OT engineering, and plant operations. | Senior OT security engineer and subject matter expert who leads complex, multi-facility OT security programs. Drives IEC 62443 compliance programs, develops OT security standards, and leads incident response in critical infrastructure environments. Deep expertise in industrial control systems enables them to understand the full attack chain from IT network intrusion through to safety system compromise. Trusted advisor to plant operations leadership on cyber-physical risk. | Staff-level OT security engineer with cross-team influence who builds OT security frameworks and methodologies used across the entire organization. Drives convergence of IT and OT security operations while respecting the unique requirements of operational technology. Develops reference architectures, assessment frameworks, and maturity models that standardize OT security practices across diverse facilities, industries, and control system vendors. | Organization-wide OT security authority who defines the strategic direction for operational technology security across the enterprise. Drives enterprise IT/OT convergence strategy while ensuring OT-specific safety and availability requirements are preserved. Recognized internally and externally as a leading authority on ICS/OT security. Shapes the organization's approach to securing critical infrastructure against nation-state and sophisticated threats. | Industry-defining OT security expert whose work shapes how the entire field approaches industrial control system security. Contributions fundamentally advance the state of OT security through novel research, standards development, or transformative security architectures. Known throughout the ICS security community as a top authority. May hold named positions such as Distinguished Engineer or Fellow. Influence extends across industry, government, and academia. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior OT security engineers. Shadows on ICS security assessments and OT network reviews. Expected to develop understanding of industrial processes and safety implications within first 6 months. Must learn why traditional IT security approaches often fail in OT environments. | Receives guidance from Senior OT security engineers on complex assessments and incident response. Expected to begin understanding plant operations workflows and maintenance windows. Should be developing relationships with control system engineers and operators. Begins informal mentoring of Entry-level engineers. | Mentors Junior and Entry-level OT security engineers. Expected to guide others on OT-specific constraints and risk management. Develops training materials on OT security concepts. Serves as a bridge between traditional IT security thinking and OT operational realities. | Mentors Mid and Junior engineers. Develops OT security career paths and training programs. Provides technical leadership across the OT security team. Expected to contribute to industry knowledge sharing through conference presentations or working groups. | Mentors Senior and Mid-level OT security engineers across the organization. Develops organization-wide OT security training curricula. Guides career development for OT security professionals. Expected to contribute to industry through SANS, ISA, or similar organizations. | Mentors Staff and Senior engineers on strategic thinking and leadership. Develops the next generation of OT security leaders within the organization. Expected to actively contribute to the broader OT security community through publications, conference keynotes, and standards development. | Mentors at all levels across the organization and industry. Develops OT security talent pipelines through academic partnerships and training programs. Influences the next generation of OT security professionals through publications, teaching, and community engagement. Expected to give back to the industry at a fundamental level. |
| Impact Scope | Individual contributor on assigned asset inventory and documentation tasks. Impact limited to supporting OT security assessment activities. Work is reviewed before implementation in production OT environments due to safety criticality. | Directly contributes to OT security monitoring and vulnerability management. Responsible for accurate asset inventory and monitoring coverage. Work impacts security posture of specific facilities or production lines. Beginning to influence OT security practices within assigned scope. | Responsible for OT security posture across assigned facilities or regions. Assessment findings directly influence capital investment and remediation priorities. Network segmentation designs protect critical infrastructure processes. Decisions impact production availability and safety. | Impacts OT security strategy and risk posture across multiple facilities or business units. Standards and architectures protect critical infrastructure operations. Incident response actions have direct implications for public safety and operational continuity. Influences capital expenditure decisions for security improvements. | Influences OT security practices across the entire organization. Frameworks and reference architectures adopted across all facilities. IT/OT convergence decisions affect enterprise security operations. Work impacts organizational risk posture for critical infrastructure. | Shapes the entire organization's OT security posture and strategy. Decisions affect critical infrastructure protection at an enterprise scale. IT/OT convergence strategy impacts every business unit. External engagement influences sector-wide security practices. | Industry-wide impact on OT security practices and standards. Research and frameworks adopted across critical infrastructure sectors globally. Influences national and international policy on critical infrastructure protection. Contributions fundamentally advance the field of ICS security. |
| Autonomy & Decision Authority | Works under close supervision. Follows established OT security procedures strictly — OT environments have zero tolerance for unplanned disruptions. No authority to make changes to production OT networks or systems. Escalates all findings to senior engineers. | Works with moderate supervision. Can make routine monitoring and triage decisions. Authority to escalate OT security alerts based on established criteria. Must coordinate with operations before any active assessment activities. Escalates complex vulnerabilities and potential safety impacts. | Works independently on most OT security tasks. Authority to lead assessments, design segmentation architectures, and recommend compensating controls. Makes risk-based decisions on vulnerability prioritization. Escalates decisions that could impact production availability or safety systems. | High autonomy in technical OT security decisions. Authority to define OT security standards and approve compensating controls. Makes risk acceptance recommendations to leadership. Can authorize emergency security measures during OT incidents. Decisions are reviewed for strategic alignment, not technical correctness. | Operates with high autonomy across organizational boundaries. Authority to define enterprise OT security standards and reference architectures. Influences capital budget allocation for OT security programs. Makes strategic technology decisions for OT security tooling. Reports to senior security or operations leadership. | Operates as the organization's highest OT security technical authority. Authority to set enterprise OT security policy and strategy. Influences board-level risk decisions related to operational technology. Can direct emergency response across all OT environments. Strategic decisions are aligned with CISO and CTO. | Fully autonomous in defining OT security technical direction. Authority to commit organizational resources to strategic security initiatives. Decisions shape industry standards and best practices. Peer to senior executives on matters of critical infrastructure security. |
| Communication & Stakeholders | Primarily internal communication with OT security team. Limited interaction with plant operators and control system engineers initially. Documents findings for team review. | Regular interaction with plant operations and control system engineering teams. Presents monitoring findings and vulnerability status. Participates in change management meetings. Communicates with IT security teams on IT/OT boundary issues. | Regular engagement with facility managers, control system engineers, and IT security leadership. Presents risk assessments and remediation plans to plant management. Coordinates with vendors on ICS patches and updates. Communicates with regulatory bodies on compliance matters. | Regular engagement with facility directors, VP of Operations, and CISO. Presents OT risk posture to executive leadership and board committees. Coordinates with government agencies (CISA, ICS-CERT) and sector ISACs. Represents the organization at industry conferences and working groups. | Regular engagement with CISO, CTO, VP Operations, and business unit leaders. Presents OT security strategy to board risk committees. Represents the organization in industry working groups and government advisory bodies. Coordinates across business units and regional operations. | Direct engagement with CISO, CTO, COO, and board of directors. Represents the organization to CISA, DHS, and sector-specific regulators. Keynotes at industry conferences (S4, SANS ICS Summit). Participates in government advisory councils and standards bodies. | Engages with CEOs, boards of directors, government officials, and international standards bodies. Keynotes at premier ICS security conferences (S4, SANS ICS Summit, DEF CON ICS Village). Advises national cybersecurity leadership. Publishes widely cited research and frameworks. |
| Degree / Experience | Bachelor's degree in Electrical Engineering, Control Systems Engineering, Industrial Engineering, Computer Science, Cybersecurity, or related field, OR 1-2 years of OT/ICS experience or IT security experience with demonstrated interest in OT. | Bachelor's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field, OR 2-4 years of OT/ICS experience or IT security experience with OT exposure. Demonstrated understanding of industrial processes. | Bachelor's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field with 4-6 years of OT security or related experience, OR equivalent combination of industrial engineering and security experience. | Bachelor's or Master's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field with 7-10 years of OT security experience, OR extensive industrial control systems experience combined with security expertise. | Bachelor's or Master's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field with 10-14 years of OT security and industrial systems experience, OR equivalent depth from combined engineering and security career. | Master's degree or equivalent in Electrical Engineering, Control Systems, Computer Science, or related field with 14-18 years of OT security and industrial systems experience. Recognized as an authority in OT security. | Master's or Ph.D. in Electrical Engineering, Control Systems, Computer Science, or related field with 18+ years of OT security experience, OR equivalent through exceptional and recognized contributions to ICS security. Industry recognition is paramount. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $60,000 - $85,000 (GS-9 to GS-11) | $75,000 - $100,000 (GS-11 to GS-12) | $95,000 - $125,000 (GS-12 to GS-13) | $120,000 - $160,000 (GS-14 to GS-15) | $140,000 - $175,000 (GS-14 to GS-15) | $150,000 - $191,000 (GS-15 to SES) | $170,000 - $191,000+ (GS-15 Step 10 to SES) |
| Salary: US Startup | $75,000 - $100,000 | $90,000 - $120,000 | $115,000 - $155,000 | $150,000 - $200,000 | $175,000 - $230,000 | $210,000 - $280,000 | $250,000 - $350,000+ |
| Salary: US Corporate | $70,000 - $95,000 | $85,000 - $115,000 | $110,000 - $150,000 | $150,000 - $200,000 | $180,000 - $240,000 | $220,000 - $280,000 | $260,000 - $350,000+ |
| Salary: Big Tech (Mag7) | $130,000 - $200,000 | $170,000 - $270,000 | $250,000 - $400,000 | $350,000 - $530,000 | $400,000 - $600,000 | $500,000 - $720,000 | $600,000 - $1,000,000+ |
OT Security Architect
Strategic technical leaders who design security architectures for converged IT/OT environments. Focus on Purdue Model implementation, IEC 62443 compliance, OT network architecture, secure remote access for industrial environments, and aligning OT security with enterprise security strategy. Architects bridge the gap between traditional enterprise security architecture and the unique safety, availability, and protocol requirements of industrial control systems.
NICE Framework:
SP-ARC-002 Security Architect
partial
NICE's architecture role is IT-focused. OT security architecture requires specialized knowledge of Purdue Model, IEC 62443, and industrial protocol security.
| Attribute | Architect 1 / Entry | Architect 2 / Junior | Architect 3 / Mid | Architect 4 / Senior | Architect 5 / Staff | Architect 6 / Senior Staff | Architect 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level OT security architect learning the principles of industrial control system architecture and security design for operational technology environments. Assists with architecture documentation, Purdue Model assessments, and security design reviews. Develops foundational understanding of how industrial systems are architected and why their security requirements differ fundamentally from IT systems. | Junior OT security architect capable of contributing to OT security design work and conducting Purdue Model assessments with guidance. Demonstrates proficiency in OT network architecture patterns and can participate in design reviews for industrial environments. Understands the critical importance of maintaining safety and availability in all architectural decisions. | Experienced OT security architect who independently designs comprehensive security architectures for industrial environments. Leads Purdue Model implementations, IEC 62443 zone and conduit modeling, and OT network redesign projects. Expert in balancing security architecture decisions with operational constraints — understanding that every architecture change in OT carries safety and availability implications that do not exist in IT environments. | Senior OT security architect and trusted authority who defines OT security architecture strategy for the organization. Leads complex, multi-site architecture programs including IT/OT convergence, IEC 62443 compliance architectures, and secure digital transformation for industrial operations. Deep expertise across multiple industrial sectors and control system platforms enables holistic architecture decisions that protect both cyber and physical domains. | Staff-level OT security architect with cross-organizational influence who develops OT security architecture frameworks, reference architectures, and design principles used enterprise-wide. Drives the architectural vision for secure industrial digital transformation. Ensures that OT security architecture evolves to address emerging threats while maintaining the safety and reliability guarantees that critical infrastructure demands. | Organization-wide OT security architecture authority who sets the architectural vision for securing all operational technology and critical infrastructure across the enterprise. Defines the strategic approach to IT/OT convergence, industrial digital transformation, and critical infrastructure resilience. Recognized internally and externally as a leading authority on OT security architecture. Shapes how the organization thinks about the intersection of cybersecurity, safety, and industrial operations. | Industry-defining OT security architect whose architectural thinking shapes how the entire field approaches securing industrial control systems and critical infrastructure. Contributions fundamentally advance OT security architecture through novel frameworks, transformative reference architectures, or groundbreaking approaches to IT/OT convergence. Known throughout the ICS security community as a top architectural authority. Influence extends across industry, government, and standards bodies worldwide. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior OT security architects. Shadows on architecture reviews and Purdue Model assessments. Expected to develop foundational understanding of industrial processes and safety considerations within first 6 months. Must learn how OT architecture constraints differ from IT. | Receives guidance from Senior OT security architects on complex architecture decisions. Expected to develop expertise in specific industrial sectors or vendor platforms. Should be building relationships with control system engineers and enterprise architects. Begins contributing to architecture review processes. | Mentors Junior and Entry-level architects. Expected to guide others on OT-specific architecture constraints and design patterns. Develops architecture standards and templates. Serves as a bridge between enterprise architecture and OT engineering. | Mentors Mid and Junior architects. Develops OT security architecture career paths and skills frameworks. Provides architectural leadership across the organization. Expected to contribute to industry through standards bodies, publications, and conference presentations. | Mentors Senior and Mid-level architects across the organization. Develops OT security architecture training and skill development programs. Guides career development for OT security architects. Expected to contribute to industry architecture standards through ISA, IEC, or NIST. | Mentors Staff and Senior architects on strategic architectural thinking. Develops the next generation of OT security architecture leaders. Expected to contribute to the broader community through publications, keynotes, and standards leadership. Shapes the architectural profession within OT security. | Mentors at all levels across the organization and industry. Develops OT security architecture talent through academic partnerships and training. Influences the next generation of OT security architects through publications, teaching, and community. Expected to advance the architectural profession in OT security. |
| Impact Scope | Individual contributor on documentation and research tasks. Impact limited to supporting architecture deliverables. Work is reviewed by senior architects before use in design decisions. Contributes to architecture team effectiveness. | Directly contributes to OT security architecture deliverables. Zone and conduit models inform segmentation decisions. Design reviews impact the security of new OT projects. Beginning to influence architecture standards within assigned scope. | Responsible for OT security architecture across assigned facilities or regions. Architecture designs directly shape the security posture of critical infrastructure. Segmentation and DMZ designs protect operational processes. Reference architectures adopted across multiple facilities. | Impacts OT security architecture strategy across the enterprise. Architecture decisions shape security posture of critical infrastructure at scale. IT/OT convergence architecture affects every business unit. Influences multi-year capital investment in OT security. | Influences OT security architecture direction across the entire organization. Reference architectures and frameworks adopted globally. Architecture decisions shape critical infrastructure protection strategy. Vendor partnership architecture impacts industry product direction. | Shapes the entire organization's OT security architecture direction. Architectural decisions affect critical infrastructure protection at enterprise scale. Convergence architecture impacts every business unit and facility. External engagement influences industry-wide architecture practices. | Industry-wide impact on OT security architecture practices and standards. Architectural frameworks adopted across critical infrastructure sectors globally. Influences national and international policy on critical infrastructure architecture. Contributions fundamentally advance how industrial systems are secured. |
| Autonomy & Decision Authority | Works under close supervision. Follows established architecture standards and templates. No authority to make OT architecture decisions independently. Escalates all design questions to senior architects. | Works with moderate supervision. Can conduct assessments and produce architecture documentation independently. Authority to identify gaps and recommend improvements. Escalates significant architecture decisions and anything impacting safety systems. | Works independently on most OT security architecture tasks. Authority to design architectures, select technology approaches, and define standards. Makes risk-based architecture decisions. Escalates decisions with significant safety or availability impact. | High autonomy in OT security architecture decisions. Authority to define enterprise architecture standards and approve designs. Makes strategic technology and vendor architecture decisions. Decisions are reviewed for business alignment, not technical correctness. | Operates with high autonomy across organizational boundaries. Authority to define enterprise OT security architecture principles and standards. Influences major capital investment decisions for OT security infrastructure. Makes strategic architecture decisions that shape multi-year programs. | Operates as the organization's highest OT security architecture authority. Authority to set enterprise OT security architecture policy and direction. Influences board-level decisions on OT technology and security investment. Strategic architecture decisions aligned with CISO, CTO, and COO. | Fully autonomous in defining OT security architecture direction. Authority to commit organizational resources to architectural innovation. Decisions shape industry architecture standards and practices. Peer to senior executives on matters of critical infrastructure architecture. |
| Communication & Stakeholders | Primarily internal communication with OT security architecture team. Documents findings and research. Participates in architecture review meetings as observer. Limited stakeholder interaction outside immediate team. | Regular interaction with OT engineering, plant operations, and IT architecture teams. Presents assessment findings and architecture recommendations. Participates in project design reviews. Communicates with vendors on product architecture. | Regular engagement with facility managers, enterprise architects, and IT/OT leadership. Presents architecture designs to project stakeholders and leadership. Coordinates with ICS vendors on product integration architecture. Communicates with compliance teams on IEC 62443 requirements. | Regular engagement with CISO, CTO, VP Operations, and enterprise architecture leadership. Presents OT security architecture strategy to executive leadership and board committees. Coordinates with government agencies on critical infrastructure architecture guidance. Represents the organization at industry architecture forums. | Regular engagement with CISO, CTO, COO, and enterprise architecture leadership. Presents architecture strategy to board risk and technology committees. Represents the organization at industry standards bodies and architecture forums. Coordinates across business units on architecture alignment. | Direct engagement with CISO, CTO, COO, and board of directors. Represents the organization to government agencies on critical infrastructure architecture. Keynotes at premier industry conferences (S4, SANS ICS Summit, RSA). Leads industry architecture working groups and standards committees. | Engages with CEOs, boards of directors, government officials, and international standards bodies. Keynotes at premier conferences (S4, SANS ICS Summit, RSA, Black Hat). Advises national cybersecurity leadership on architecture. Publishes widely cited architectural research and frameworks. |
| Degree / Experience | Bachelor's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field, OR 3-4 years of OT/ICS experience or IT architecture experience with interest in OT. Understanding of industrial system architecture concepts. | Bachelor's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field, OR 4-6 years of OT/ICS or IT architecture experience with demonstrated OT knowledge. Understanding of industrial processes and safety considerations. | Bachelor's or Master's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field with 6-9 years of OT security architecture or related experience, OR equivalent combination of industrial engineering and security architecture experience. | Bachelor's or Master's degree in Electrical Engineering, Control Systems Engineering, Computer Science, or related field with 10-14 years of OT security architecture or related experience, OR extensive architecture experience across industrial control systems and cybersecurity. | Master's degree in Electrical Engineering, Control Systems, Computer Science, or related field with 14-18 years of OT security architecture and industrial systems experience, OR equivalent depth from combined engineering and security architecture career. | Master's degree or equivalent in Electrical Engineering, Control Systems, Computer Science, or related field with 16-20 years of OT security architecture and industrial systems experience. Recognized as an authority in OT security architecture. | Master's or Ph.D. in Electrical Engineering, Control Systems, Computer Science, or related field with 20+ years of OT security architecture experience, OR equivalent through exceptional and recognized contributions to OT security architecture. Industry recognition is paramount. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $80,000 - $105,000 (GS-11 to GS-12) | $90,000 - $115,000 (GS-12 to GS-13) | $110,000 - $140,000 (GS-13 to GS-14) | $130,000 - $165,000 (GS-14 to GS-15) | $145,000 - $180,000 (GS-15) | $155,000 - $191,000 (GS-15 to SES) | $175,000 - $191,000+ (GS-15 Step 10 to SES) |
| Salary: US Startup | $95,000 - $125,000 | $110,000 - $145,000 | $140,000 - $180,000 | $170,000 - $230,000 | $200,000 - $260,000 | $230,000 - $300,000 | $270,000 - $380,000+ |
| Salary: US Corporate | $90,000 - $120,000 | $105,000 - $140,000 | $135,000 - $175,000 | $170,000 - $225,000 | $200,000 - $260,000 | $240,000 - $300,000 | $280,000 - $380,000+ |
| Salary: Big Tech (Mag7) | $140,000 - $220,000 | $200,000 - $320,000 | $300,000 - $450,000 | $380,000 - $550,000 | $450,000 - $650,000 | $550,000 - $750,000 | $650,000 - $1,100,000+ |
Physical Security
Converged physical-cyber security engineering, access control systems, surveillance, and facility security architecture
Physical Security Engineer
Technical professionals who design, implement, and maintain converged physical-cyber security systems. Focus on access control systems (card readers, biometrics), video surveillance (CCTV/IP cameras, VMS platforms), intrusion detection, visitor management, and the cybersecurity of physical security infrastructure (IoT devices, building automation, security system networks). This is the technical/engineering side where physical security meets cybersecurity — securing the devices, networks, and integrations that protect physical spaces.
NICE Framework:
No direct mapping
tenuous
NICE does not address physical security or converged physical-cyber security. This discipline sits at the intersection of physical security engineering and cybersecurity.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level physical security engineer learning the fundamentals of converged physical-cyber security systems. Assists with installation, configuration, and maintenance of access control, video surveillance, and intrusion detection systems. Develops foundational understanding of how physical security devices operate on IP networks and the cybersecurity implications of connected physical security infrastructure. | Junior physical security engineer capable of independently performing system installations, basic configurations, and troubleshooting for access control and video surveillance systems. Demonstrates proficiency with at least one major access control platform and understands the network security implications of physical security devices on the corporate network. Beginning to assess the cyber-attack surface of physical security infrastructure. | Experienced physical security engineer who independently designs and implements converged physical-cyber security systems for facilities. Expert in multiple access control and VMS platforms with a strong understanding of how physical security devices create cybersecurity risk. Leads installation projects, conducts security assessments of physical security infrastructure, and ensures proper network segmentation and hardening of physical security systems. Bridges the gap between physical security operations and IT/cybersecurity teams. | Senior physical security engineer with deep expertise in converged physical-cyber security systems across enterprise environments. Leads complex multi-facility deployments, architects physical security network infrastructure, and drives the integration of physical security data into the cybersecurity monitoring stack. Serves as the technical authority on physical security system cybersecurity, defining hardening standards and ensuring physical security infrastructure does not become a vector for cyberattack. Recognized subject matter expert bridging physical security operations, facilities engineering, and cybersecurity. | Staff-level physical security engineer with cross-organizational influence on converged physical-cyber security practices. Defines the technical strategy for physical security infrastructure as a component of the overall cybersecurity program. Builds frameworks for assessing and managing cyber risk across physical security systems at enterprise scale. Drives convergence initiatives that break down silos between physical security, IT, and cybersecurity organizations. Recognized internally and beginning to be known externally as a domain expert in physical-cyber convergence. | Senior Staff physical security engineer serving as the organization-wide authority on converged physical-cyber security engineering. Sets the multi-year technical vision for how physical security infrastructure integrates into the broader cybersecurity program. Drives transformational initiatives such as zero-trust physical access, AI-driven surveillance analytics, and fully converged security operations centers. Influences organizational structure and investment priorities at the intersection of physical and cyber security. | Principal physical security engineer operating at the apex of converged physical-cyber security engineering. Defines industry direction for how physical security infrastructure is secured, monitored, and integrated into cybersecurity programs. Shapes standards, frameworks, and technologies adopted across the field. Recognized globally as a defining voice in physical-cyber convergence, influencing vendor product development, government policy, and industry best practices. May hold distinguished engineer or fellow-equivalent titles. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior physical security engineers. Shadows on system installations and commissioning projects. Expected to complete vendor training for primary access control and VMS platforms within first 6 months. Learns the convergence philosophy of treating physical security devices as part of the cybersecurity attack surface. | Receives guidance from Senior engineers on complex system integrations and cybersecurity assessments. Expected to begin mentoring Entry-level engineers informally on installations. Contributes to documentation and training materials. Should be developing expertise in specific platforms or convergence areas. | Mentors junior engineers on system design, installation, and cybersecurity assessment. Expected to develop specialization in either a platform ecosystem or convergence domain. Receives guidance from Staff engineers on enterprise architecture decisions and complex integration challenges. | Mentors Mid and Junior engineers on architecture, convergence, and cybersecurity assessment. Expected to guide team members in developing convergence expertise. Contributes to organizational training on physical-cyber security risks. May mentor across teams (physical security, IT, cybersecurity). | Mentors Senior engineers toward Staff-level technical leadership. Develops convergence expertise across teams. Expected to create mentorship opportunities that span physical security and cybersecurity disciplines. Guides career development for engineers working in the convergence space. | Mentors Staff and Senior engineers on technical vision and strategic thinking. Creates development paths for convergence specialization across the engineering organization. Expected to attract and retain talent in the physical-cyber convergence space. Serves as a career role model for the discipline. | Mentors at all levels across the organization and industry. Creates the intellectual framework that shapes how the next generation of convergence professionals develop. Expected to contribute to academic and professional education in the field. Attracts top talent to the discipline through reputation and vision. |
| Impact Scope | Individual contributor on assigned installation and maintenance tasks. Impact limited to supporting system deployments under supervision. Work is reviewed before systems go live. Supports overall physical security infrastructure uptime. | Directly contributes to physical security system availability and integrity. Responsible for accurate system configurations and device health. Beginning to identify cybersecurity risks in physical security infrastructure. Supports facility security operations. | Leads physical security system implementations for individual facilities or campuses. Design decisions directly impact facility security posture and cybersecurity risk. Defines standard configurations used across the organization. Influences convergence practices between physical security and cybersecurity teams. | Enterprise-wide impact on physical security engineering standards and cybersecurity posture. Architectural decisions affect all facilities and set precedent for future deployments. Directly influences the organization's converged security strategy. Recognized authority on physical security system cybersecurity. | Organization-wide influence on physical security engineering practices and convergence strategy. Frameworks and standards adopted across all facilities. Technical decisions set the direction for multi-year physical security programs. Beginning to influence industry practices through external engagement. | Defines the technical trajectory for physical-cyber convergence across the entire organization. Decisions shape multi-year investment and staffing plans. Influences vendor product roadmaps through strategic partnerships. Recognized as an industry authority in the convergence domain. | Industry-defining impact on physical-cyber security convergence. Standards and architectures influence organizations globally. Technical vision shapes vendor product development and government policy. Recognized as one of the foremost authorities in the field worldwide. |
| Autonomy & Decision Authority | Works under close supervision. Follows established installation procedures and maintenance checklists. Limited authority to make configuration changes independently. Escalates all system issues and access requests to senior engineers. | Works with moderate supervision. Can make routine configuration and maintenance decisions. Authority to troubleshoot and resolve standard system issues. Escalates complex integrations, architectural decisions, and cybersecurity findings. | Works independently on system design and implementation. Makes technical decisions on platform configuration, network architecture, and device hardening. Authority to approve standard deployments. Escalates enterprise-wide architectural changes and significant budget decisions. | Works independently with strategic guidance. Makes architectural decisions for physical security systems. Authority to define technical standards and approve designs. Escalates decisions with significant budget impact or organizational policy implications. | Operates with high autonomy on technical strategy. Makes decisions that affect enterprise physical security architecture. Authority to define standards and approve technology selections. Escalates decisions with significant organizational or budgetary scope. | Operates with near-full autonomy on technical vision. Makes decisions shaping the future of converged security engineering for the organization. Authority to define architecture, standards, and technology direction. Partners with executive leadership on strategic investment. | Full technical autonomy. Operates as the ultimate technical authority on physical-cyber convergence. Decisions influence industry direction. Partners with executive leadership as a co-equal on technical strategy within the convergence domain. |
| Communication & Stakeholders | Primarily internal communication with physical security engineering team. May assist with documenting system configurations. Limited direct interaction with facilities management or security operations initially. | Regular interaction with facilities management and security operations teams. Presents system status and maintenance needs. Participates in project planning meetings. Coordinates with IT networking teams on device connectivity. | Regular interaction with facilities management, security operations, IT networking, and cybersecurity teams. Presents project plans and security assessments to management. Coordinates with vendors and integrators. Communicates convergence risks to both physical security and cyber audiences. | Communicates with Director/VP-level stakeholders on physical security strategy and risk. Presents to CISO and security leadership on convergence initiatives. Coordinates with external vendors, integrators, and industry groups. Translates between physical security, facilities, and cybersecurity audiences. | Regular communication with CISO, VP of Security, and facilities leadership. Presents to executive leadership on convergence strategy and risk. Engages with industry bodies (ASIS International, SIA). Communicates complex convergence concepts to diverse technical and non-technical audiences. | Direct engagement with C-suite (CISO, CTO, COO) on converged security strategy. Represents the organization to board of directors on physical security risk. Keynotes at industry conferences. Engages with government agencies and standards bodies at leadership level. | Engages with CEO, board of directors, and industry leadership. Keynotes at major conferences (ASIS, ISC West, RSA, Black Hat). Advises government agencies and policymakers. Publishes for both industry and academic audiences. Communicates with media as a recognized industry authority. |
| Degree / Experience | Bachelor's degree in Electrical Engineering, Computer Science, Information Technology, or related field, OR 1-2 years of experience in physical security installation, low-voltage systems, or IT infrastructure, OR completion of vendor-specific training programs (Lenel, Genetec, Milestone). | Bachelor's degree in Electrical Engineering, Computer Science, or related field, OR 2-4 years of physical security system installation and maintenance experience. Demonstrated proficiency with at least one major access control or VMS platform. | Bachelor's degree in Electrical Engineering, Computer Science, or related field, OR 4-7 years of physical security engineering experience with demonstrated convergence expertise. Industry certifications in both physical security and cybersecurity. | Bachelor's or Master's degree in Electrical Engineering, Computer Science, Cybersecurity, or related field, OR 7-10 years of progressive physical security engineering experience with demonstrated convergence expertise and technical leadership. | Master's degree in Engineering, Cybersecurity, or related field, OR 10-15 years of progressive physical security engineering and cybersecurity experience with demonstrated cross-organizational impact and thought leadership. | Master's degree or PhD in Engineering, Cybersecurity, or related field, OR 15-20 years of progressive experience in physical security engineering and cybersecurity with demonstrated industry-level thought leadership and organizational transformation. | Advanced degree (Master's or PhD) in Engineering, Computer Science, or related field, OR 20+ years of exceptional experience in physical security engineering and cybersecurity with globally recognized contributions to the field. Demonstrated industry-shaping impact. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $50,000 - $70,000 (GS-7 to GS-9) | $65,000 - $90,000 (GS-9 to GS-11) | $80,000 - $115,000 (GS-12 to GS-13) | $110,000 - $150,000 (GS-14 to GS-15) | $130,000 - $170,000 (GS-14 to GS-15) | $150,000 - $185,000 (GS-15 to SES) | $165,000 - $191,900 (GS-15 step 10 to SES) |
| Salary: US Startup | $55,000 - $75,000 | $70,000 - $95,000 | $90,000 - $120,000 | $120,000 - $160,000 | $140,000 - $185,000 | $170,000 - $230,000 | $200,000 - $280,000 |
| Salary: US Corporate | $55,000 - $80,000 | $70,000 - $100,000 | $90,000 - $130,000 | $130,000 - $175,000 | $160,000 - $220,000 | $200,000 - $280,000 | $250,000 - $350,000 |
| Salary: Big Tech (Mag7) | $110,000 - $175,000 | $150,000 - $250,000 | $220,000 - $360,000 | $300,000 - $500,000 | $380,000 - $580,000 | $500,000 - $700,000 | $600,000 - $900,000 |
Physical Security Architect
Strategic technical leaders who design converged physical-cyber security architectures for facilities, campuses, and enterprise environments. Focus on physical security information management (PSIM), security operations center design (converged SOC), physical access control architecture, and integrating physical security data into the cybersecurity monitoring stack. Define how organizations approach the convergence of physical and logical security at the architectural level.
NICE Framework:
SP-ARC-002 Security Architect
tenuous
NICE's architecture role is purely cyber-focused. Converged physical-cyber security architecture is not addressed in the framework.
| Attribute | Architect 1 / Entry | Architect 2 / Junior | Architect 3 / Mid | Architect 4 / Senior | Architect 5 / Staff | Architect 6 / Senior Staff | Architect 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level physical security architect learning the fundamentals of physical security system design and convergence architecture. Assists with documenting existing physical security architectures, creating system diagrams, and understanding how physical security systems integrate with IT and cybersecurity infrastructure. Develops foundational knowledge of access control architectures, video surveillance system design, and the principles of physical-cyber convergence. | Junior physical security architect capable of producing architectural documentation and contributing to system designs for physical security deployments. Demonstrates understanding of how physical security systems are architected at the facility level and can identify integration points with IT and cybersecurity infrastructure. Develops competency in translating security requirements into physical security system designs. | Experienced physical security architect who independently designs converged physical-cyber security architectures for facilities and campuses. Expert in translating organizational security requirements into comprehensive physical security system designs that integrate with the cybersecurity infrastructure. Leads design projects, defines integration architectures between physical security and IT systems, and ensures that architectural decisions support both physical protection and cybersecurity objectives. | Senior physical security architect with deep expertise in enterprise-scale converged physical-cyber security architecture. Designs end-to-end convergence strategies spanning physical access control, surveillance, building automation, and cybersecurity monitoring. Leads architectural programs across multiple facilities and regions, defines enterprise standards, and architects the integration layer between physical security operations and cybersecurity programs. Serves as the go-to authority on how physical security architecture supports and integrates with the broader security architecture. | Staff-level physical security architect with cross-organizational influence on converged security architecture strategy. Defines the architectural vision for how physical security integrates into the enterprise security architecture. Builds convergence frameworks, reference architectures, and architectural governance that are adopted across the organization. Bridges organizational silos between physical security, cybersecurity, IT, and facilities to create unified architectural approaches. Recognized internally as the definitive authority on physical-cyber convergence architecture. | Senior Staff physical security architect serving as the organization-wide authority on converged physical-cyber security architecture. Defines the long-term architectural strategy for physical-cyber convergence that fundamentally shapes how the organization protects its people, assets, and information. Drives transformational architectural initiatives including fully converged security operations, unified identity architectures spanning physical and logical access, and AI-driven physical security platforms. Influences organizational structure, investment strategy, and industry standards at the highest levels. | Principal physical security architect operating at the pinnacle of converged physical-cyber security architecture. Defines the future of how physical and cyber security converge at the architectural level, shaping standards, frameworks, and design paradigms adopted across the industry. Recognized globally as a preeminent authority on convergence architecture whose work influences how organizations worldwide approach the unification of physical and cyber security. May hold distinguished architect, fellow, or chief architect equivalent titles. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior physical security architects. Shadows on design reviews and architectural assessments. Expected to develop proficiency in architecture documentation and diagramming within first 6 months. Learns the principles of converged security architecture. | Receives guidance from Senior architects on complex design decisions and enterprise-scale architecture. Expected to begin mentoring Entry-level architects on documentation and design methods. Contributes to standards development and design template maintenance. Should be developing expertise in specific architectural domains. | Mentors Junior architects on design methodology, integration architecture, and convergence principles. Expected to develop specialization in a convergence domain. Receives guidance from Staff architects on enterprise-scale strategy and emerging technology assessment. | Mentors Mid and Junior architects on enterprise architecture thinking and convergence strategy. Expected to develop architectural leaders who can operate independently on facility-level design. Contributes to the profession through publishing, presenting, or standards committee participation. | Mentors Senior architects toward Staff-level strategic thinking. Develops architectural talent across organizational boundaries. Expected to create mentorship programs that bridge physical security and cybersecurity architecture disciplines. Guides the professional development of the convergence architecture community. | Mentors Staff and Senior architects on strategic architectural vision. Creates development pathways for convergence architecture specialization across the organization. Expected to attract and develop top architectural talent. Serves as a career exemplar for the convergence architecture discipline. | Mentors at all levels across the organization and industry. Creates the intellectual and architectural frameworks that define how convergence architects develop professionally. Expected to contribute to academic and professional education in convergence architecture. Attracts top architectural talent globally through reputation and vision. |
| Impact Scope | Individual contributor on documentation and design support tasks. Impact limited to supporting architectural activities under direct guidance. Work is reviewed by senior architects before incorporation into designs. Supports overall architecture documentation quality. | Contributes to facility-level physical security designs. Responsible for accurate architectural documentation. Design work impacts individual facility security posture and IT integration. Beginning to influence design standards and templates. | Leads architectural design for multi-facility physical security programs. Design decisions define the convergence approach for facility types across the organization. Influences technology standards and vendor relationships. Shapes how physical security data flows into the cybersecurity monitoring stack. | Enterprise-wide architectural impact across all facilities and regions. Defines the convergence blueprint that shapes multi-year investment and deployment. Architecture decisions set technology direction for the physical security program. Influences vendor product direction through strategic engagement. | Organization-wide impact on convergence architecture strategy and direction. Frameworks and standards define how all facilities approach physical-cyber integration. Architectural vision shapes multi-year investment priorities. Beginning to influence industry architectural approaches through external engagement. | Defines the architectural trajectory for physical-cyber convergence at the organizational level. Decisions shape multi-year investment, organizational design, and technology direction. Influences vendor product architecture and industry standards. Recognized as an industry authority on convergence architecture. | Industry-defining impact on physical-cyber convergence architecture. Frameworks and design paradigms influence organizations and governments worldwide. Architectural vision shapes vendor platforms, industry standards, and regulatory approaches. Recognized as one of the foremost convergence architecture authorities globally. |
| Autonomy & Decision Authority | Works under close supervision. Follows established documentation standards and templates. Limited authority to make design decisions independently. Escalates all architectural questions to senior architects. | Works with moderate supervision. Can make design decisions for standard facility deployments. Authority to produce architectural documentation independently. Escalates novel design challenges, enterprise-scope decisions, and significant vendor selections. | Works independently on facility and campus-level architectural design. Makes technology selection and integration decisions within established standards. Authority to approve designs and lead architectural reviews. Escalates enterprise-wide platform changes and significant strategic shifts. | Works independently with strategic alignment. Makes enterprise-level architectural decisions for physical security systems. Authority to define standards, select platforms, and approve designs. Escalates decisions with organization-wide policy or significant financial implications. | Operates with high autonomy on architectural strategy. Makes decisions shaping enterprise convergence architecture direction. Authority to define frameworks, governance, and technology standards. Escalates decisions with significant organizational restructuring or strategic implications. | Operates with near-full autonomy on architectural strategy. Makes decisions that define the future of converged security architecture for the organization. Authority to set architectural vision, governance, and technology direction. Partners with C-suite on strategic investment decisions. | Full architectural autonomy. Operates as the ultimate authority on convergence architecture. Decisions influence industry direction and standards. Partners with executive leadership as a co-equal on architectural strategy within the convergence domain. |
| Communication & Stakeholders | Primarily internal communication with architecture and engineering teams. May assist with preparing presentation materials for design reviews. Limited direct interaction with stakeholders outside the physical security team. | Regular interaction with engineering teams, facilities management, and IT architecture. Presents design options to project stakeholders. Participates in vendor demonstrations and evaluations. Coordinates with cybersecurity architecture on integration designs. | Regular interaction with security leadership, facilities management, IT architecture, and cybersecurity teams. Presents architectural designs and recommendations to Director-level stakeholders. Coordinates with external integrators and vendors on solution architecture. Leads design review meetings. | Communicates with VP/CISO-level stakeholders on architecture strategy and investment. Presents to executive leadership on convergence architecture and roadmaps. Engages with major vendors at executive level. Coordinates across physical security, cybersecurity, IT, and facilities organizations. | Regular engagement with CISO, CTO, and VP-level leadership on architecture strategy. Presents to executive committees on convergence architecture and investment. Engages with industry bodies and standards organizations. Communicates architectural vision to diverse audiences across the organization. | Direct engagement with C-suite and board-level stakeholders on convergence architecture strategy. Keynotes at major industry conferences. Engages with government and standards bodies at leadership level. Communicates architectural vision and risk to the broadest organizational and industry audiences. | Engages with CEO, board of directors, and global industry leadership. Keynotes at the most prestigious security conferences (RSA, ASIS Global, ISC West). Advises government agencies and international standards bodies. Publishes for industry, academic, and policy audiences. Recognized as a global thought leader. |
| Degree / Experience | Bachelor's degree in Computer Science, Electrical Engineering, Architecture, or related field, OR 1-2 years of experience in physical security design, IT architecture, or systems engineering, OR completion of relevant vendor architecture certification programs. | Bachelor's degree in Computer Science, Electrical Engineering, or related field, OR 2-4 years of physical security design or IT architecture experience. Demonstrated ability to produce quality architectural documentation and designs. | Bachelor's or Master's degree in Computer Science, Engineering, or related field, OR 5-8 years of physical security design or enterprise architecture experience with demonstrated convergence expertise. | Bachelor's or Master's degree in Computer Science, Engineering, or related field, OR 8-12 years of progressive experience in physical security architecture and cybersecurity with demonstrated enterprise-scale design leadership. | Master's degree in Computer Science, Engineering, or related field, OR 12-16 years of progressive experience in security architecture with demonstrated enterprise-scale convergence leadership and thought leadership. | Master's degree or PhD in Computer Science, Engineering, or related field, OR 16-20 years of progressive experience in security architecture with demonstrated industry-level thought leadership and organizational transformation in physical-cyber convergence. | Advanced degree (Master's or PhD) in Computer Science, Engineering, or related field, OR 20+ years of exceptional experience in security architecture with globally recognized contributions to convergence architecture. Demonstrated industry-defining impact. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-12 to GS-13) | $115,000 - $155,000 (GS-14 to GS-15) | $135,000 - $175,000 (GS-14 to GS-15) | $155,000 - $191,900 (GS-15 to SES) | $170,000 - $191,900 (GS-15 step 10 to SES) |
| Salary: US Startup | $60,000 - $80,000 | $75,000 - $100,000 | $100,000 - $135,000 | $130,000 - $170,000 | $150,000 - $200,000 | $180,000 - $250,000 | $220,000 - $300,000 |
| Salary: US Corporate | $60,000 - $85,000 | $75,000 - $110,000 | $100,000 - $145,000 | $140,000 - $190,000 | $175,000 - $240,000 | $220,000 - $300,000 | $270,000 - $380,000 |
| Salary: Big Tech (Mag7) | $120,000 - $185,000 | $165,000 - $270,000 | $240,000 - $380,000 | $320,000 - $520,000 | $400,000 - $600,000 | $520,000 - $720,000 | $650,000 - $950,000 |