Specialized Security Professional Titles
This page provides standardized job titles, responsibilities, and expectations for specialized and cross-functional security professionals. These roles often span traditional offensive/defensive boundaries or focus on specific security domains.
How to use these tables:
- Levels are displayed as columns for easy vertical comparison
- The attribute column stays fixed while you scroll horizontally
- Scroll horizontally to compare across all levels
š Enterprise Vulnerability Management (EVM)
Strategic vulnerability identification, risk-based prioritization, and remediation enablement
EVM Analyst
Professionals who identify, assess, and drive remediation of security vulnerabilities across the enterprise. Focus on risk-based prioritization, threat intelligence integration, and enabling systemic remediation rather than transactional ticket management. Partner with asset owners to address root causes and improve organizational security posture.
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior / Lead | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level EVM analyst learning vulnerability assessment fundamentals and remediation workflows. Assists with scan execution, finding validation, and remediation tracking. Develops foundational understanding of vulnerability types, risk rating methodologies, and the importance of context-driven prioritization. | Junior EVM analyst capable of independently executing vulnerability assessments and facilitating remediation efforts. Demonstrates proficiency in risk-based prioritization and can effectively communicate findings to technical stakeholders. Beginning to understand the importance of addressing root causes over individual findings. | Experienced EVM analyst who drives strategic remediation initiatives and identifies systemic vulnerability patterns. Expert in risk-based prioritization integrating threat intelligence, business context, and exploitability data. Focuses on enabling root-cause remediation rather than individual ticket management. Mentors junior analysts and shapes program processes. | Senior EVM analyst and program leader who defines vulnerability management strategy and drives organizational security improvement. Champions the philosophy that effective vulnerability management enables systemic remediation through automation, threat intelligence, and root-cause analysis rather than overwhelming teams with tickets. Leads major initiatives and represents the program to executive stakeholders. | Distinguished EVM strategist who shapes organizational and industry approaches to vulnerability management. Recognized externally as thought leader in risk-based vulnerability prioritization and strategic remediation. Drives innovation in vulnerability intelligence, automation, and program effectiveness measurement. | Elite EVM strategist with industry-defining influence in vulnerability management and risk prioritization. Operates at the intersection of deep expertise and organizational strategy. Shapes not only practice direction but industry approaches to vulnerability risk management. | Legendary practitioner at the pinnacle of vulnerability management expertise. Globally recognized authority who defines how the industry approaches vulnerability risk identification, prioritization, and remediation. Combines unparalleled expertise with strategic vision. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior EVM analysts. Shadows on remediation discussions with asset owners. Expected to complete scanner training and certification within first 6 months. Learns risk-based prioritization philosophy. | Receives guidance from Senior analysts on complex prioritization decisions. Expected to begin mentoring Entry-level analysts informally. Contributes to process documentation and training materials. Should be developing expertise in specific asset types or vulnerability classes. | Primary mentor for Junior and Entry analysts. Leads training on risk-based prioritization methodology. Expected to develop program procedures and best practices. Establishes reputation as expert in vulnerability intelligence and prioritization. | Primary mentor for Mid and Junior analysts. Responsible for analyst career development. Creates program training and development curriculum. Industry mentorship through community engagement. Shapes EVM best practices. | Mentors Senior analysts and emerging leaders. Shapes organizational vulnerability management talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives. |
| Impact Scope | Individual contributor on scan execution and finding validation. Impact limited to assigned scan segments and documentation. Work is reviewed before stakeholder communication. Supports overall program metrics and coverage. | Directly contributes to remediation outcomes. Responsible for accurate prioritization affecting asset owner workload. Analytics inform program decisions. Beginning to influence remediation strategies. | Shapes program strategy and remediation outcomes. Root cause identification prevents future vulnerabilities. Analytics drive organizational security investment. Influences technology and process decisions. | Defines program capabilities and strategic direction. Program effectiveness directly impacts organizational risk posture. Team development impacts security maturity. Executive relationships enable resource allocation. | Industry and organizational transformation. Shapes how vulnerability management is practiced. Multi-year strategic outcomes. Influences industry standards and vendor roadmaps. | Industry-defining impact. Organizational competitive differentiation through security posture. Multi-year strategic transformation. Shapes how vulnerability risk is understood and managed. | Global industry impact. Defines how vulnerability management is practiced. Organizational transformation. Lasting contributions to cybersecurity risk management. |
| Autonomy & Decision Authority | Works under close supervision. Follows established scan procedures and triage guidelines. Limited authority to close or disposition findings independently. Escalates prioritization questions to senior analysts. | Works with moderate supervision. Can make routine prioritization decisions. Authority to facilitate remediation discussions. Escalates risk acceptance and exception requests. | Works independently with strategic guidance. Makes significant prioritization and process decisions. Authority to approve risk acceptances within defined criteria. Consulted on program strategy and tooling decisions. | High autonomy with strategic alignment. Makes significant program and investment decisions. Authority over EVM processes and standards. Trusted to represent program to executives and externally. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with EVM team. May assist with remediation ticket creation. Documents findings in tracking systems. Limited direct interaction with asset owners. | Regular interaction with asset owners and IT teams. Presents findings in remediation meetings. Participates in risk discussions. Documents decisions for audit purposes. | Regular communication with security leadership. Presents to technical and management audiences. Primary analyst contact for major remediation initiatives. Builds relationships with senior asset owners. | Executive and board-level communication on risk posture. Represents program to organizational leadership. Industry conference presentations. Builds relationships with peers at other organizations. | C-suite engagement on risk strategy. Industry-wide influence through publications and speaking. Vendor and standards body relationships. Media and analyst engagement. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry venues. |
| Degree / Experience | Bachelor's degree in IT, Cybersecurity, Computer Science, or related field, OR 1-2 years of IT support or security operations experience, OR completion of vulnerability management training program. | Bachelor's degree in IT, Cybersecurity, or related field, OR 2-4 years of vulnerability management or security operations experience. Demonstrated ability to drive remediation outcomes. | Bachelor's degree in IT, Cybersecurity, or related field, OR 4-6 years of vulnerability management experience. Demonstrated track record of driving strategic remediation outcomes. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of vulnerability management experience. Demonstrated program leadership and strategic impact. Industry recognition through speaking or publications. | Advanced degree often expected, OR 10+ years of elite vulnerability management experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major vulnerability frameworks or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-12 to GS-13) | $115,000 - $150,000 (GS-14 to GS-15) | $145,000 - $180,000 (GS-15 / SES equivalent) | $165,000 - $200,000 (Senior SES equivalent) | $180,000 - $220,000+ (Senior SES / Political appointee) |
| Salary: US Startup | $60,000 - $80,000 | $75,000 - $100,000 | $100,000 - $140,000 | $140,000 - $185,000 + equity | $175,000 - $240,000 + significant equity | $210,000 - $290,000 + major equity | $260,000 - $380,000+ + founder-level equity |
| Salary: US Corporate | $55,000 - $75,000 | $70,000 - $95,000 | $95,000 - $130,000 | $130,000 - $175,000 | $165,000 - $220,000 | $195,000 - $260,000 | $240,000 - $330,000+ |
EVM Engineer
Technical professionals who build, deploy, and maintain enterprise vulnerability management platforms and infrastructure. Focus on scanner deployment, platform integration, automation development, and enabling analyst effectiveness through tooling and dashboards. Serve as architects for scanning infrastructure and the technical bridge to vendors.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level EVM engineer learning vulnerability scanning platform administration and deployment. Assists with scanner maintenance, agent deployments, and basic platform configuration. Develops foundational understanding of scanning technologies, network architecture requirements, and platform capabilities. | Junior EVM engineer capable of independently managing scanner deployments and platform administration. Demonstrates proficiency in scanning infrastructure and can troubleshoot complex scanning issues. Beginning to develop automation skills and expertise in specific platform capabilities. | Experienced EVM engineer who architects scanning infrastructure and develops platform integrations. Expert in scanner deployment strategies, API integrations, and automation development. Leads platform projects including M&A integrations and capability expansions. Mentors junior engineers and shapes platform standards. | Senior EVM engineer and technical leader who defines platform strategy and architecture for enterprise vulnerability management. Leads complex platform initiatives, M&A integrations, and capability development. Serves as the escalation point for critical platform issues and the primary technical interface with scanning vendors. | Distinguished EVM platform architect who defines organizational platform strategy and drives innovation. Recognized externally as expert in vulnerability management platform architecture and integration. Shapes how scanning infrastructure enables strategic vulnerability management programs. | Elite EVM platform architect with industry-defining technical influence. Operates at the frontier of vulnerability scanning and assessment technology. Shapes how the industry approaches vulnerability detection infrastructure and data platforms. | Legendary EVM platform engineer at the pinnacle of vulnerability scanning and assessment platform expertise. Globally recognized for transformational contributions to vulnerability detection technology. Defines how the industry approaches vulnerability scanning infrastructure. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior EVM engineers. Shadows on platform deployments and integrations. Expected to complete vendor platform training and certification. Learns scanning architecture principles. | Receives guidance from Senior engineers on complex deployments. Expected to begin mentoring Entry-level engineers informally. Contributes to platform documentation and procedures. Should be developing expertise in specific platform capabilities. | Primary mentor for Junior and Entry engineers. Leads training on platform capabilities and architecture. Expected to develop platform standards and patterns. Establishes reputation as expert in scanning infrastructure. | Primary mentor for multiple engineers. Responsible for engineering career development. Creates platform engineering development programs. Industry mentorship through vendor community engagement. | Mentors Senior engineers and emerging technical leaders. Shapes platform engineering career paths. Industry-level mentorship through vendor communities. | Develops technical leadership pipeline. Mentors future industry platform leaders. Legacy through platform innovations and people developed. | Develops generational technical talent. Mentors future industry pioneers. Legacy through lasting technical contributions. |
| Impact Scope | Individual contributor on platform maintenance tasks. Impact limited to assigned infrastructure components. Work is reviewed before production changes. Supports overall scanner coverage and reliability. | Directly maintains scanning infrastructure reliability. Responsible for scanner coverage and health. Platform decisions impact analyst effectiveness. Beginning to influence platform architecture. | Shapes scanning platform capabilities. Architecture decisions impact coverage and effectiveness. Integrations enable program automation. Influences technology investment decisions. | Defines platform capabilities for organization. Strategic decisions impact long-term program effectiveness. Team development impacts engineering maturity. Vendor relationships affect cost and capability. | Organizational platform differentiation. Industry-level impact through vendor relationships. Defines state-of-the-art in vulnerability scanning infrastructure. | Industry-defining platform impact. Shapes how vulnerability scanning is practiced. Organizational competitive differentiation. | Global technical impact. Defines vulnerability scanning capabilities. Lasting contributions to the field. |
| Autonomy & Decision Authority | Works under close supervision. Follows established deployment and maintenance procedures. Limited authority to make platform changes independently. Escalates technical issues to senior engineers. | Works with moderate supervision. Can make routine platform decisions. Authority to deploy standard configurations. Escalates architectural changes and integrations. | Works independently with strategic guidance. Makes significant architecture and integration decisions. Authority over platform configuration standards. Consulted on platform roadmap and vendor selection. | High autonomy with strategic alignment. Makes significant platform and investment decisions. Authority over platform standards and architecture. Trusted to represent organization with vendors. | Near-complete technical autonomy. Strategic influence on platform direction. Shapes investment priorities. Makes decisions with significant organizational impact. | Full technical autonomy. Strategic authority over platform direction. May have significant R&D budget authority. Shapes organizational strategy. | Complete technical autonomy. Executive authority over platform domain. Shapes organizational and industry direction. |
| Communication & Stakeholders | Primarily internal communication with EVM team. Documents work in ticketing systems. Participates in team meetings. Limited interaction with vendor support under guidance. | Regular interaction with EVM analysts and IT teams. Coordinates with network and infrastructure teams. Engages vendor support on technical issues. Documents changes for team consumption. | Regular communication with security leadership. Presents technical recommendations to stakeholders. Primary technical contact for vendor relationships. Coordinates with enterprise architecture. | Executive-level communication on platform strategy. Represents engineering to organizational leadership. Vendor executive relationships. Industry event participation. | C-level technical engagement. Vendor executive relationships. Industry conference keynotes. Shapes vendor product roadmaps. | Industry-defining technical presence. Vendor strategic engagement. Premier conference keynotes. Media thought leadership. | Global technical authority. Premier industry venues. Vendor and government engagement. Media presence. |
| Degree / Experience | Bachelor's degree in IT, Computer Science, Cybersecurity, or related field, OR 1-2 years of system administration or IT operations experience, OR completion of relevant technical training program. | Bachelor's degree in IT, Computer Science, or related field, OR 2-4 years of vulnerability management platform or security infrastructure experience. Demonstrated platform administration skills. | Bachelor's degree in Computer Science, IT, or related field, OR 4-6 years of vulnerability management platform engineering experience. Demonstrated track record of successful platform implementations. | Bachelor's or Master's degree in relevant field, OR 6-10 years of vulnerability management platform engineering experience. Demonstrated team leadership and strategic impact. | Advanced degree often expected, OR 10+ years of elite vulnerability platform engineering with demonstrated industry impact. Recognition is essential. | Advanced degree often present, but recognition is primary qualification. 12+ years of elite experience with transformational platform impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major scanning platforms or techniques. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $60,000 - $80,000 (GS-9 to GS-11) | $75,000 - $100,000 (GS-11 to GS-12) | $95,000 - $125,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-14 to GS-15) | $150,000 - $185,000 (GS-15 / SES equivalent) | $170,000 - $210,000 (Senior SES equivalent) | $185,000 - $230,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $70,000 - $90,000 | $85,000 - $115,000 | $115,000 - $155,000 | $150,000 - $200,000 + equity | $185,000 - $255,000 + significant equity | $225,000 - $310,000 + major equity | $275,000 - $400,000+ + founder-level equity |
| Salary: US Corporate | $65,000 - $85,000 | $80,000 - $110,000 | $105,000 - $145,000 | $140,000 - $185,000 | $175,000 - $230,000 | $205,000 - $280,000 | $250,000 - $350,000+ |
š Application Security (AppSec / Product Security)
Secure software development, security testing, threat modeling, and developer enablement
AppSec Engineer
Technical professionals who secure applications throughout the software development lifecycle. Focus on code review, security testing, DevSecOps integration, and developer enablement. Combine defensive expertise (secure coding guidance, SAST/DAST tooling) with offensive skills (manual testing, proof-of-concept development) to identify and help remediate application vulnerabilities. Prioritize enablement over gatekeeping, helping developers build secure code rather than just finding problems.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level AppSec engineer learning application security fundamentals and secure development practices. Assists with security assessments, tool operation, and developer support. Develops foundational understanding of common vulnerabilities, secure coding principles, and application security testing methodologies. | Junior AppSec engineer capable of independently conducting security assessments and supporting development teams. Demonstrates proficiency with security testing tools and can identify vulnerabilities through both automated and manual techniques. Can use Burp Suite or ZAP to validate findings and demonstrate basic proof-of-concepts to developers. | Experienced AppSec engineer who independently conducts comprehensive application security assessments and drives secure development practices. Expert in both automated tooling and manual testing techniques, able to develop sophisticated proof-of-concepts that clearly demonstrate risk. Leads threat modeling sessions, mentors junior engineers, and builds relationships with development teams as a trusted security partner. | Senior AppSec engineer and team leader who defines application security strategy and leads high-impact initiatives. Expert in sophisticated attack techniques, able to identify and demonstrate complex vulnerability chains. Champions the enablement philosophy, building programs that scale security through developer education and tooling rather than creating bottlenecks. Represents AppSec to executive stakeholders. | Distinguished AppSec engineer who shapes organizational and industry approaches to application security. Recognized externally as thought leader in secure development, application testing, or DevSecOps. Drives innovation in assessment methodologies, tooling, and developer enablement programs. | Elite AppSec engineer with industry-defining influence in application security and secure development. Operates at the intersection of deep technical expertise and organizational strategy. Shapes not only practice direction but industry approaches to building secure software. | Legendary practitioner at the pinnacle of application security expertise. Globally recognized authority who defines how the industry approaches secure software development, application testing, and DevSecOps. Combines unparalleled technical expertise with strategic vision. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior AppSec engineers. Shadows on security assessments and code reviews. Expected to complete secure coding training and tool certifications within first 6 months. Learns the enablement-focused philosophy of helping developers. | Receives guidance from Senior engineers on complex assessments. Expected to begin mentoring Entry-level engineers informally. Contributes to documentation and training materials. Should be developing expertise in specific languages or vulnerability classes. | Primary mentor for Junior and Entry engineers. Leads training on assessment methodologies and tools. Expected to develop team procedures and best practices. Establishes reputation as expert in specific application types or vulnerability classes. | Primary mentor for Mid and Junior engineers. Responsible for team career development. Creates assessment methodology training programs. Industry mentorship through community engagement. Shapes AppSec engineering practices. | Mentors Senior engineers and emerging leaders. Shapes organizational AppSec talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives. |
| Impact Scope | Individual contributor on assigned triage and documentation tasks. Impact limited to supporting assessment activities. Work is reviewed before developer communication. Supports overall application security coverage. | Directly contributes to application security outcomes. Responsible for accurate finding validation and prioritization. Remediation guidance impacts developer productivity. Beginning to influence security practices. | Shapes application security practices for assigned products or teams. Assessment quality directly impacts product security. Threat models influence architectural decisions. Developer enablement improves security culture. | Defines AppSec capabilities and strategic direction. Program effectiveness directly impacts product security posture. Team development impacts security organization maturity. Executive relationships enable security investment. | Industry and organizational transformation. Shapes how application security is practiced. Multi-year strategic outcomes. Influences industry standards and vendor roadmaps. | Industry-defining impact. Organizational competitive differentiation through secure software practices. Multi-year strategic transformation. Shapes how application security is understood and practiced. | Global industry impact. Defines how application security is practiced. Organizational transformation. Lasting contributions to secure software development. |
| Autonomy & Decision Authority | Works under close supervision. Follows established assessment procedures and triage guidelines. Limited authority to disposition findings independently. Escalates vulnerability questions to senior engineers. | Works with moderate supervision. Can make routine triage decisions. Authority to validate and close false positives. Escalates complex vulnerabilities and architectural concerns. | Works independently with strategic guidance. Makes significant assessment and prioritization decisions. Authority over tool configuration and scanning policies. Consulted on security architecture and tool selection. | High autonomy with strategic alignment. Makes significant program and investment decisions. Authority over AppSec processes and standards. Trusted to represent program to executives and externally. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with AppSec team. May assist with documenting remediation guidance. Limited direct interaction with development teams initially. | Regular interaction with development teams. Presents findings and remediation guidance. Participates in security review meetings. Documents findings for developer consumption. | Regular communication with development leadership. Presents to technical and management audiences. Primary AppSec contact for assigned development teams. Builds relationships with engineering managers. | Executive-level communication on application risk. Represents AppSec to organizational leadership. Industry conference presentations. Builds relationships with peers at other organizations. | C-suite engagement on application risk strategy. Industry-wide influence through publications and speaking. Vendor and standards body relationships. Media and analyst engagement. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry venues. |
| Degree / Experience | Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or related field, OR 1-2 years of software development or security experience, OR completion of application security training program. | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 2-4 years of application security or software development experience. Demonstrated ability to find and validate vulnerabilities. | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 4-6 years of application security experience. Demonstrated track record of comprehensive security assessments. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of application security experience. Demonstrated program leadership and strategic impact. Industry recognition through research or speaking. | Advanced degree often expected, OR 10+ years of elite application security experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major application security methodologies or tools. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $65,000 - $85,000 (GS-9 to GS-11) | $80,000 - $105,000 (GS-11 to GS-12) | $100,000 - $130,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-14 to GS-15) | $150,000 - $185,000 (GS-15 / SES equivalent) | $170,000 - $210,000 (Senior SES equivalent) | $185,000 - $230,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $75,000 - $100,000 | $95,000 - $130,000 | $125,000 - $165,000 | $155,000 - $205,000 + equity | $190,000 - $260,000 + significant equity | $230,000 - $320,000 + major equity | $280,000 - $400,000+ + founder-level equity |
| Salary: US Corporate | $70,000 - $95,000 | $90,000 - $120,000 | $115,000 - $155,000 | $145,000 - $190,000 | $180,000 - $240,000 | $215,000 - $290,000 | $260,000 - $360,000+ |
AppSec Architect
Strategic technical leaders who design secure application architectures, develop security standards, and build frameworks for secure software development. Focus on threat modeling, secure design patterns, SSDLC program development, and enterprise-wide application security strategy. Enable development organizations to build security into applications from design through deployment.
| Attribute | Architect 1 / Entry | Architect 2 / Junior | Architect 3 / Mid | Architect 4 / Senior / Lead | Architect 5 / Staff | Architect 6 / Senior Staff | Architect 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level AppSec architect learning secure design principles and application security architecture. Assists with threat modeling, security design reviews, and documentation. Develops foundational understanding of secure architecture patterns, SSDLC frameworks, and application security standards. | Junior AppSec architect capable of contributing to secure design work and conducting threat modeling with guidance. Demonstrates proficiency in security architecture patterns and can participate in design reviews. Understands the importance of enabling secure development without creating friction. | Experienced AppSec architect who independently leads secure design initiatives and threat modeling programs. Expert in security architecture patterns across multiple technology stacks. Develops security standards and frameworks that enable developers to build secure applications efficiently. Mentors junior architects and shapes organizational security design practices. | Senior AppSec architect who sets direction for enterprise application security architecture. Leads complex, high-impact architecture initiatives and serves as the escalation point for difficult design challenges. Drives security architecture strategy and builds frameworks that scale secure development across the organization. | Distinguished AppSec architect who defines organizational application security architecture vision and strategy. Recognized externally as industry expert in secure design, threat modeling, or SSDLC frameworks. Shapes how secure software architecture is practiced and drives innovation in security-by-design approaches. | Elite AppSec architect with industry-defining influence in application security architecture and secure design. Operates at the intersection of deep architectural expertise and organizational strategy. Shapes not only practice direction but industry approaches to building secure software at scale. | Legendary practitioner at the pinnacle of application security architecture expertise. Globally recognized authority who defines how the industry approaches secure software design, SSDLC, and security-by-design. Combines unparalleled architectural depth with strategic vision and transformational leadership. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior AppSec architects. Shadows on threat modeling and design reviews. Expected to complete secure architecture training. Learns to balance security with developer experience. | Receives guidance from Senior architects on complex designs. Expected to begin mentoring Entry-level team members. Contributes to architecture standards and patterns. Should be developing expertise in specific architecture domains. | Primary mentor for Junior and Entry architects. Leads architecture training and knowledge sharing. Expected to develop architecture patterns and standards. Establishes reputation as expert in specific architecture domains. | Primary mentor for Mid and Junior architects. Responsible for architecture team development. Creates architecture career paths and programs. Industry mentorship through community engagement. | Mentors Senior architects and emerging leaders. Shapes architecture career paths organization-wide. Industry-level mentorship through community engagement. Develops architecture thought leaders. | Develops organizational architecture leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry architecture leadership pipeline. Mentors future industry leaders. Legacy-building through generational impact. May sponsor architecture education initiatives. |
| Impact Scope | Individual contributor on documentation and research. Impact limited to supporting architecture deliverables. Work is reviewed by senior architects. Contributes to architecture team effectiveness. | Directly contributes to secure design quality. Responsible for specific architecture components. Design decisions impact application security posture. Beginning to influence architecture standards. | Shapes security architecture for major applications and platforms. Standards and patterns improve organizational security posture. Influences technology strategy and investment. Developer enablement improves security culture. | Defines application security architecture for organization. Strategic decisions impact long-term security posture. Team development impacts organizational maturity. Architecture standards enable secure development at scale. | Organizational and industry-level impact. Defines how application security architecture is practiced. Shapes organizational security transformation. Influences industry standards and practices. | Industry-defining architecture impact. Organizational competitive differentiation through secure design practices. Multi-year strategic transformation. Shapes how secure software is designed. | Global industry architecture impact. Defines how secure software is designed. Organizational transformation and long-term success. Creates lasting contributions to the profession. |
| Autonomy & Decision Authority | Works under close supervision. Follows established architecture standards and templates. Limited authority to make design decisions independently. Escalates architecture questions to senior team. | Works with moderate supervision. Can make design decisions within defined scope. Authority to approve standard patterns. Escalates novel or high-risk design decisions. | Works independently with strategic guidance. Makes significant architecture and design decisions. Authority over security standards and patterns. Consulted on major technology and security decisions. | High autonomy with strategic alignment. Makes significant architecture and strategy decisions. Authority over architecture standards and governance. Trusted to represent organization on architecture matters. | Near-complete architecture autonomy. Strategic decision-making authority. Influences organizational direction. Authority over architecture vision. Trusted advisor to executive leadership. | Full autonomy over architecture strategic domain. Executive-level decision authority. May have significant investment authority. Shapes organizational direction. | Complete autonomy over architecture domain. Executive-level decision authority. Shapes organizational and industry direction. May have significant influence over standards and regulations. |
| Communication & Stakeholders | Primarily internal communication with architecture team. Documents findings and research. Participates in design review meetings as observer. Limited stakeholder interaction outside immediate team. | Regular interaction with development teams and architects. Presents design recommendations. Participates in architecture review boards. Documents designs for developer consumption. | Regular communication with development and security leadership. Presents to executive stakeholders. Engages with enterprise architecture. Documents standards for organization. | Executive-level communication on architecture strategy. Presents to steering committees and governance boards. Represents architecture to organizational leadership. Builds relationships with industry peers. | C-suite and board-level engagement. Industry-wide influence through publications. Standards body and industry forum participation. Media and analyst engagement. | Peer engagement with executives and CTOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global industry presence. Regulatory and government engagement. Media thought leadership. Premier industry and academic venues. |
| Degree / Experience | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 3-4 years of software development experience with security exposure. Understanding of application architecture concepts. | Bachelor's degree in Computer Science, Software Engineering, or related field, OR 4-6 years of software architecture or application security experience. Demonstrated ability to contribute to secure designs. | Bachelor's degree in relevant field with strong experience, OR Master's degree with moderate experience, OR 6-8 years of application security architecture experience. Demonstrated track record of successful architecture initiatives. | Master's degree preferred, OR Bachelor's with 8-12 years of application security architecture experience. Demonstrated strategic impact and team leadership. Industry recognition through publications or speaking. | Master's degree or higher often expected, OR 12+ years of application security architecture experience with demonstrated industry impact. Industry recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 14+ years of elite experience with transformational impact. | Advanced degree often present, but industry recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders of major secure design frameworks or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $85,000 - $110,000 (GS-11 to GS-12) | $100,000 - $130,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-13 to GS-14) | $145,000 - $180,000 (GS-14 to GS-15) | $170,000 - $215,000 (GS-15 / SES equivalent) | $190,000 - $240,000 (Senior SES equivalent) | $210,000 - $270,000+ (Senior SES equivalent) |
| Salary: US Startup | $100,000 - $135,000 | $120,000 - $160,000 | $150,000 - $200,000 | $185,000 - $250,000 + equity | $220,000 - $300,000 + significant equity | $270,000 - $370,000 + major equity | $320,000 - $450,000+ + major equity |
| Salary: US Corporate | $95,000 - $125,000 | $115,000 - $150,000 | $140,000 - $185,000 | $175,000 - $230,000 | $210,000 - $280,000 | $250,000 - $340,000 | $300,000 - $400,000+ |
āļø Cloud Security (CloudSec)
Multi-cloud security architecture, IAM, DevSecOps, and enabling secure cloud adoption
Cloud Security Engineer
Technical professionals who implement, configure, and maintain security controls in cloud environments. Focus on IAM, network security, CSPM/CWPP tooling, container and Kubernetes security, and infrastructure as code security. Combine deep platform expertise with automation skills to secure cloud workloads at scale. Prioritize enablement over blocking, helping organizations adopt cloud securely rather than slowing them down.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level cloud security engineer learning cloud security fundamentals and platform-specific controls. Assists with security configurations, policy implementation, and monitoring. Develops foundational understanding of shared responsibility, IAM, network security, and cloud-native security services in one major cloud platform. | Junior cloud security engineer capable of independently implementing security controls and managing cloud security tooling. Demonstrates proficiency in one major cloud platform with developing knowledge of another. Can configure IAM policies, network security, and operate CSPM/CWPP tools effectively. | Experienced cloud security engineer who independently designs and implements comprehensive cloud security solutions. Deep expertise in primary platform with working knowledge of another. Expert in IAM, network security, container security, and security automation. Leads cloud security initiatives, mentors junior engineers, and partners with DevOps teams to enable secure cloud adoption. | Senior cloud security engineer and team leader who defines cloud security strategy and leads high-impact initiatives. Multi-cloud expertise with deep knowledge across platforms. Champions automation-first approaches and builds security programs that enable rather than block cloud adoption. Represents cloud security to executive stakeholders and drives organizational cloud security maturity. | Distinguished cloud security engineer who shapes organizational and industry approaches to cloud security. Recognized externally as thought leader in cloud-native security, multi-cloud architecture, or DevSecOps. Drives innovation in cloud security automation, tooling, and enabling secure cloud adoption at enterprise scale. | Elite cloud security engineer with industry-defining influence in cloud security and DevSecOps. Operates at the intersection of deep technical expertise and organizational strategy. Shapes not only practice direction but industry approaches to securing cloud infrastructure at scale. | Legendary practitioner at the pinnacle of cloud security expertise. Globally recognized authority who defines how the industry approaches cloud security, DevSecOps, and securing cloud-native infrastructure. Combines unparalleled technical expertise with strategic vision. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior cloud security engineers. Shadows on security implementations and reviews. Expected to achieve cloud platform certification within first 6 months. Learns enablement-focused philosophy of accelerating secure cloud adoption. | Receives guidance from Senior engineers on complex implementations. Expected to begin mentoring Entry-level engineers informally. Contributes to documentation and procedures. Should be developing deep expertise in primary platform. | Primary mentor for Junior and Entry engineers. Leads training on cloud security practices. Expected to develop team procedures and automation. Establishes reputation as expert in specific cloud security domains. | Primary mentor for Mid and Junior engineers. Responsible for team career development. Creates cloud security training programs. Industry mentorship through community engagement. Shapes cloud security engineering practices. | Mentors Senior engineers and emerging leaders. Shapes organizational cloud security talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor research initiatives. |
| Impact Scope | Individual contributor on assigned configuration tasks. Impact limited to supporting security operations. Work is reviewed before implementation. Supports overall cloud security coverage. | Directly implements security controls protecting cloud workloads. Responsible for configuration accuracy and policy effectiveness. Beginning to influence cloud security practices. | Shapes cloud security practices for organization. Security implementations directly impact cloud posture. Automation improves team efficiency. Enables secure cloud adoption at scale. | Defines cloud security capabilities and strategic direction. Program effectiveness directly impacts organizational cloud posture. Team development impacts security maturity. Executive relationships enable security investment. | Industry and organizational transformation. Shapes how cloud security is practiced. Multi-year strategic outcomes. Influences CSP security roadmaps. | Industry-defining impact. Organizational competitive differentiation through cloud security capabilities. Multi-year strategic transformation. Shapes how cloud security is practiced. | Global industry impact. Defines how cloud security is practiced. Organizational transformation. Lasting contributions to securing cloud infrastructure. |
| Autonomy & Decision Authority | Works under close supervision. Follows established procedures and security baselines. Limited authority to make configuration changes independently. Escalates security decisions to senior engineers. | Works with moderate supervision. Can make routine security configuration decisions. Authority to implement approved baselines. Escalates architectural changes and exceptions. | Works independently with strategic guidance. Makes significant security design decisions. Authority over security tooling and automation. Consulted on cloud security architecture decisions. | High autonomy with strategic alignment. Makes significant program and investment decisions. Authority over cloud security standards and tooling. Trusted to represent organization externally. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. May have significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with cloud security team. Documents configurations and procedures. Limited direct interaction with cloud platform teams initially. | Regular interaction with cloud platform and DevOps teams. Participates in security reviews. Documents findings and recommendations for stakeholders. | Regular communication with cloud platform and security leadership. Presents to technical and management audiences. Primary cloud security contact for assigned platforms or projects. | Executive-level communication on cloud security. Represents cloud security to organizational leadership. Industry conference presentations. Builds relationships with CSP security teams. | C-suite engagement on cloud risk strategy. Industry-wide influence through publications and speaking. CSP executive relationships. Media and analyst engagement. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry venues. |
| Degree / Experience | Bachelor's degree in Computer Science, IT, Cybersecurity, or related field, OR 1-2 years of cloud operations or IT experience, OR completion of cloud security training program. | Bachelor's degree in relevant field, OR 2-4 years of cloud security or cloud engineering experience. Demonstrated ability to implement cloud security controls. | Bachelor's degree in relevant field, OR 4-6 years of cloud security experience. Demonstrated track record of complex cloud security implementations. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of cloud security experience. Demonstrated program leadership and strategic impact. Industry recognition through research or speaking. | Advanced degree often expected, OR 10+ years of elite cloud security experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of major cloud security tools or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $65,000 - $85,000 (GS-9 to GS-11) | $80,000 - $110,000 (GS-11 to GS-12) | $105,000 - $140,000 (GS-12 to GS-13) | $130,000 - $165,000 (GS-14 to GS-15) | $155,000 - $195,000 (GS-15 / SES equivalent) | $175,000 - $220,000 (Senior SES equivalent) | $195,000 - $250,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $80,000 - $105,000 | $100,000 - $140,000 | $135,000 - $180,000 | $170,000 - $225,000 + equity | $210,000 - $285,000 + significant equity | $250,000 - $340,000 + major equity | $300,000 - $420,000+ + founder-level equity |
| Salary: US Corporate | $75,000 - $100,000 | $95,000 - $130,000 | $125,000 - $165,000 | $160,000 - $210,000 | $195,000 - $260,000 | $235,000 - $310,000 | $280,000 - $380,000+ |
Cloud Security Architect
Strategic technical leaders who design cloud security architectures, develop security frameworks, and build strategies for securing cloud infrastructure at enterprise scale. Focus on landing zone design, multi-cloud strategy, zero trust architecture, and enabling secure cloud adoption. Partner with enterprise architecture and cloud platform teams to embed security into cloud foundations.
| Attribute | Architect 1 / Entry | Architect 2 / Junior | Architect 3 / Mid | Architect 4 / Senior / Lead | Architect 5 / Staff | Architect 6 / Senior Staff | Architect 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level cloud security architect learning cloud security architecture principles and framework development. Assists with security design reviews, documentation, and reference architecture development. Develops foundational understanding of cloud security patterns, shared responsibility implementation, and enterprise cloud strategy. | Junior cloud security architect capable of contributing to security design work and conducting architecture reviews with guidance. Demonstrates proficiency in cloud security patterns and can participate in landing zone and security framework development. Understands the importance of enabling secure cloud adoption. | Experienced cloud security architect who independently leads cloud security design initiatives and develops enterprise security frameworks. Expert in multi-cloud security patterns with deep knowledge of landing zones, identity architecture, and zero trust implementation. Mentors junior architects and shapes organizational cloud security architecture practices. | Senior cloud security architect who sets direction for enterprise cloud security architecture. Leads complex, high-impact architecture initiatives across multi-cloud environments. Drives cloud security strategy and builds frameworks that enable secure cloud adoption at enterprise scale. Represents cloud security architecture to executive stakeholders. | Distinguished cloud security architect who defines organizational cloud security architecture vision and strategy. Recognized externally as industry expert in cloud security architecture, multi-cloud strategy, or zero trust. Shapes how cloud security architecture is practiced and drives innovation in securing cloud infrastructure at scale. | Elite cloud security architect with industry-defining influence in cloud security architecture and strategy. Operates at the intersection of deep architectural expertise and organizational strategy. Shapes not only practice direction but industry approaches to securing cloud infrastructure at enterprise scale. | Legendary practitioner at the pinnacle of cloud security architecture expertise. Globally recognized authority who defines how the industry approaches cloud security architecture, multi-cloud strategy, and securing cloud-native infrastructure. Combines unparalleled architectural depth with strategic vision and transformational leadership. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior cloud security architects. Shadows on architecture reviews and design sessions. Expected to complete cloud architecture training. Learns to balance security with cloud adoption enablement. | Receives guidance from Senior architects on complex designs. Expected to begin mentoring Entry-level team members. Contributes to architecture standards and patterns. Should be developing expertise in specific cloud security domains. | Primary mentor for Junior and Entry architects. Leads architecture training and knowledge sharing. Expected to develop architecture patterns and standards. Establishes reputation as expert in specific cloud security domains. | Primary mentor for Mid and Junior architects. Responsible for architecture team development. Creates architecture career paths and programs. Industry mentorship through community engagement. | Mentors Senior architects and emerging leaders. Shapes architecture career paths organization-wide. Industry-level mentorship through community engagement. Develops architecture thought leaders. | Develops organizational architecture leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field. | Develops organizational and industry architecture leadership pipeline. Mentors future industry leaders. Legacy-building through generational impact. May sponsor architecture education initiatives. |
| Impact Scope | Individual contributor on documentation and research. Impact limited to supporting architecture deliverables. Work is reviewed by senior architects. Contributes to architecture team effectiveness. | Directly contributes to security design quality. Responsible for specific architecture components. Design decisions impact cloud security posture. Beginning to influence architecture standards. | Shapes cloud security architecture for major initiatives. Standards and patterns improve organizational cloud security posture. Influences technology strategy and investment. Enables secure cloud adoption at scale. | Defines cloud security architecture for organization. Strategic decisions impact long-term cloud security posture. Team development impacts organizational maturity. Architecture standards enable secure cloud at scale. | Organizational and industry-level impact. Defines how cloud security architecture is practiced. Shapes organizational cloud transformation. Influences industry standards and CSP roadmaps. | Industry-defining architecture impact. Organizational competitive differentiation through cloud security architecture. Multi-year strategic transformation. Shapes how cloud security is designed. | Global industry architecture impact. Defines how cloud security is designed. Organizational transformation and long-term success. Creates lasting contributions to the profession. |
| Autonomy & Decision Authority | Works under close supervision. Follows established architecture standards and templates. Limited authority to make design decisions independently. Escalates architecture questions to senior team. | Works with moderate supervision. Can make design decisions within defined scope. Authority to approve standard patterns. Escalates novel or high-risk design decisions. | Works independently with strategic guidance. Makes significant architecture and design decisions. Authority over cloud security standards and patterns. Consulted on major technology and cloud security decisions. | High autonomy with strategic alignment. Makes significant architecture and strategy decisions. Authority over architecture standards and governance. Trusted to represent organization on architecture matters. | Near-complete architecture autonomy. Strategic decision-making authority. Influences organizational direction. Authority over architecture vision. Trusted advisor to executive leadership. | Full autonomy over architecture strategic domain. Executive-level decision authority. May have significant investment authority. Shapes organizational direction. | Complete autonomy over architecture domain. Executive-level decision authority. Shapes organizational and industry direction. May have significant influence over standards and CSP roadmaps. |
| Communication & Stakeholders | Primarily internal communication with architecture team. Documents findings and research. Participates in design review meetings as observer. Limited stakeholder interaction outside immediate team. | Regular interaction with cloud platform and enterprise architecture teams. Presents design recommendations. Participates in architecture review boards. Documents designs for stakeholder consumption. | Regular communication with cloud platform and security leadership. Presents to executive stakeholders. Engages with enterprise architecture. Documents standards for organization. | Executive-level communication on architecture strategy. Presents to steering committees and governance boards. Represents architecture to organizational leadership. Builds relationships with CSP architecture teams. | C-suite and board-level engagement. Industry-wide influence through publications. Standards body and industry forum participation. Media and analyst engagement. | Peer engagement with executives and CTOs. Industry-defining thought leadership. Media and public presence. Board-level engagement. | Global industry presence. Regulatory and government engagement. Media thought leadership. Premier industry and academic venues. |
| Degree / Experience | Bachelor's degree in Computer Science, IT, or related field, OR 3-4 years of cloud engineering or architecture experience with security exposure. Understanding of cloud architecture concepts. | Bachelor's degree in relevant field, OR 4-6 years of cloud architecture or security experience. Demonstrated ability to contribute to cloud security designs. | Bachelor's degree with strong experience, OR Master's degree with moderate experience, OR 6-8 years of cloud security architecture experience. Demonstrated track record of successful architecture initiatives. | Master's degree preferred, OR Bachelor's with 8-12 years of cloud security architecture experience. Demonstrated strategic impact and team leadership. Industry recognition through publications or speaking. | Master's degree or higher often expected, OR 12+ years of cloud security architecture experience with demonstrated industry impact. Industry recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 14+ years of elite experience with transformational impact. | Advanced degree often present, but industry recognition is primary qualification. 15+ years of elite experience with transformational impact. May be founders of major cloud security frameworks or methodologies. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $90,000 - $115,000 (GS-11 to GS-12) | $110,000 - $140,000 (GS-12 to GS-13) | $130,000 - $165,000 (GS-13 to GS-14) | $155,000 - $195,000 (GS-14 to GS-15) | $180,000 - $230,000 (GS-15 / SES equivalent) | $205,000 - $260,000 (Senior SES equivalent) | $230,000 - $300,000+ (Senior SES equivalent) |
| Salary: US Startup | $110,000 - $145,000 | $135,000 - $175,000 | $165,000 - $220,000 | $200,000 - $270,000 + equity | $245,000 - $330,000 + significant equity | $295,000 - $400,000 + major equity | $350,000 - $480,000+ + major equity |
| Salary: US Corporate | $105,000 - $135,000 | $125,000 - $165,000 | $155,000 - $200,000 | $190,000 - $250,000 | $230,000 - $300,000 | $275,000 - $360,000 | $320,000 - $430,000+ |
š¬ Digital Forensics
Evidence acquisition, artifact analysis, incident response forensics, and legal proceedings support
Forensic Analyst
Technical professionals who conduct digital forensic examinations to support incident response, insider threat investigations, HR matters, and legal proceedings. Focus on evidence acquisition, artifact analysis, timeline reconstruction, and producing court-ready documentation. Maintain strict chain of custody and apply scientific methodology to ensure defensible, reproducible findings. Corporate forensics teams are typically small, requiring practitioners to be versatile across disk, memory, mobile, and cloud forensics as they advance.
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior / Lead | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level forensic analyst learning digital forensics fundamentals and evidence handling procedures. Assists with evidence acquisition, basic analysis, and documentation under direct supervision. Develops foundational understanding of file systems, forensic artifacts, chain of custody requirements, and forensic tool operation. Focuses primarily on Windows disk forensics with exposure to other platforms. | Junior forensic analyst capable of independently conducting routine forensic examinations with guidance on complex matters. Demonstrates proficiency in Windows forensics and developing skills in memory analysis. Can perform complete acquisitions, analyze common artifacts, and produce examination reports. Begins exposure to macOS and Linux forensics. | Experienced forensic analyst who independently conducts complex forensic examinations across multiple platforms. Expert in Windows forensics with strong capabilities in memory analysis, macOS, and developing Linux skills. Leads forensic support for major incidents and produces reports suitable for legal proceedings. May provide testimony in depositions or HR hearings. Begins developing mobile forensics capabilities. | Senior forensic analyst and team leader who defines forensic capabilities and leads high-profile investigations. Expert across disk, memory, mobile, and cloud forensics. Handles the most sensitive investigations including executive matters, major breaches, and cases with significant legal exposure. Provides expert testimony in legal proceedings. Represents forensics to executive stakeholders and external parties. | Distinguished forensic analyst who shapes organizational and industry forensic practices. Recognized externally as thought leader in digital forensics, incident response forensics, or emerging forensic domains. Handles investigations with existential organizational risk. Drives innovation in forensic methodology and tooling. | Elite forensic practitioner with industry-defining influence in digital forensics. Operates at the intersection of deep forensic expertise and organizational strategy. Shapes not only practice direction but industry approaches to digital investigations, evidence handling, and forensic methodology. | Legendary practitioner at the pinnacle of digital forensics expertise. Globally recognized authority who defines how the industry approaches digital investigations, evidence handling, and forensic science. Combines unparalleled technical expertise with strategic vision. May have pioneered forensic methodologies or tools used industry-wide. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior forensic analysts. Shadows on all examinations initially. Expected to complete forensic tool training and achieve foundational certification within first year. Learns the critical importance of evidence integrity and defensible processes. | Receives guidance from Senior analysts on complex cases. Expected to begin assisting Entry-level analysts. Contributes to procedure documentation. Should be developing expertise in specific artifact types or investigation categories. | Primary mentor for Junior and Entry analysts. Leads training on examination techniques. Expected to develop team procedures and playbooks. Establishes reputation as expert in specific forensic domains or investigation types. | Primary mentor for Mid and Junior analysts. Responsible for team career development. Creates forensic training programs and certification paths. Industry mentorship through community engagement. Shapes organizational forensic practices. | Mentors Senior analysts and emerging leaders. Shapes organizational forensic talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the forensics space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the field of digital forensics. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact on digital forensics. May fund or sponsor forensic research. |
| Impact Scope | Individual contributor on assigned acquisition and documentation tasks. Impact limited to supporting examination activities. All findings reviewed before inclusion in reports. Supports overall forensic team capacity. | Directly contributes to investigation outcomes. Responsible for accurate analysis and documentation. Reports may be used in HR actions or legal proceedings. Beginning to influence forensic procedures. | Shapes forensic practices for the organization. Complex examination findings directly impact legal outcomes and incident response. Procedural improvements enhance team capabilities. May influence security detection through forensic insights. | Defines forensic capabilities and strategic direction. Investigation outcomes directly impact organizational risk and legal exposure. Team development impacts security maturity. Expert testimony can determine case outcomes. | Industry and organizational transformation. Shapes how digital forensics is practiced. Multi-year strategic outcomes. Influences forensic tool development and standards. | Industry-defining impact. Organizational competitive differentiation through forensic capabilities. Multi-year strategic transformation. Shapes how digital forensics is practiced globally. | Global industry impact. Defines how digital forensics is practiced worldwide. Shapes legal frameworks for digital evidence. Creates lasting contributions to investigative science. |
| Autonomy & Decision Authority | Works under close supervision. Follows established forensic procedures strictly. No authority to make independent evidentiary decisions. Escalates all findings and anomalies to senior analysts. | Works with moderate supervision. Can make routine analytical decisions. Authority to conduct standard examinations independently. Escalates complex findings, legal matters, and scope decisions. | Works independently with strategic guidance. Makes significant analytical and procedural decisions. Authority over examination methodology. Consulted on case strategy and legal coordination. | High autonomy with strategic alignment. Makes significant program and investigation decisions. Authority over forensic standards and procedures. Trusted to handle the most sensitive matters independently. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational and legal impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction on investigative matters. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. Significant influence over industry direction and legal standards. |
| Communication & Stakeholders | Primarily internal communication with forensic team. Documents activities in case management systems. Limited direct interaction with IR team or legal initially. May assist with evidence handoffs. | Regular interaction with IR team and security operations. Presents findings to technical audiences. Coordinates with HR on employee investigations. May interact with legal counsel on case requirements. | Regular communication with legal, HR, and security leadership. Presents findings to executive stakeholders. Primary forensic contact for IR team. Coordinates with external counsel on litigation matters. May interface with law enforcement. | Executive-level communication on investigations and capabilities. Represents forensics to legal leadership and external counsel. Coordinates with law enforcement agencies. May present to board on significant matters. | C-suite engagement on investigative strategy. Industry-wide influence through publications and speaking. Law enforcement and regulatory relationships. Media engagement on forensic matters. | Peer engagement with executives and general counsel. Industry-defining thought leadership. Media and public presence on forensic matters. Government and regulatory engagement. | Global presence. Government and international engagement. Media thought leadership. Premier industry and legal venues. Congressional or parliamentary testimony. |
| Degree / Experience | Bachelor's degree in Computer Science, Digital Forensics, Criminal Justice, or related field, OR 1-2 years of IT experience with forensics exposure, OR completion of digital forensics training program. | Bachelor's degree in relevant field, OR 2-4 years of digital forensics or IT security experience. Demonstrated ability to conduct forensic examinations and produce quality reports. | Bachelor's degree in relevant field, OR 4-6 years of digital forensics experience. Demonstrated track record of complex examinations and legal proceedings support. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of digital forensics experience. Demonstrated program leadership and expert testimony experience. Industry recognition through research or speaking. | Advanced degree often expected, OR 10+ years of elite forensic experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of foundational forensic methodologies or tools. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-11 to GS-13) | $115,000 - $150,000 (GS-13 to GS-14) | $140,000 - $175,000 (GS-15 / SES equivalent) | $165,000 - $210,000 (Senior SES equivalent) | $185,000 - $240,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $65,000 - $90,000 | $85,000 - $115,000 | $110,000 - $150,000 | $145,000 - $195,000 + equity | $180,000 - $245,000 + significant equity | $220,000 - $300,000 + major equity | $270,000 - $380,000+ + founder-level equity |
| Salary: US Corporate | $60,000 - $85,000 | $80,000 - $110,000 | $105,000 - $140,000 | $135,000 - $180,000 | $170,000 - $230,000 | $205,000 - $275,000 | $250,000 - $340,000+ |
šÆ Cyber Threat Intelligence (CTI)
Threat actor tracking, organization-specific risk analysis, and intelligence-driven defense
CTI Analyst
Intelligence professionals who produce actionable threat intelligence tailored to their organization's specific risk landscape. Focus on threat actor tracking, campaign analysis, and intelligence products (strategic, operational, tactical) that inform security decisions. Go beyond republishing external reports by correlating internal data sources to identify organization-specific threatsāunderstanding who the real targets are based on access, exposure, and observed targeting patterns, not just titles. Intelligence serves decisions; if it doesn't inform action, it's just information.
| Attribute | Analyst 1 / Entry | Analyst 2 / Junior | Analyst 3 / Mid | Analyst 4 / Senior / Lead | Analyst 5 / Staff | Analyst 6 / Senior Staff | Analyst 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level CTI analyst learning intelligence fundamentals and collection techniques. Assists with open-source intelligence gathering, indicator processing, and report development. Develops foundational understanding of threat actors, attack frameworks, and analytic tradecraft. Begins learning how to correlate external threats with internal organizational context. | Junior CTI analyst capable of independently producing tactical intelligence products and conducting structured analysis. Demonstrates proficiency in OSINT collection and threat actor research. Begins correlating external threat data with internal telemetry to identify organization-specific risks. Can produce indicator-focused intelligence and contribute to operational reporting. | Experienced CTI analyst who independently produces comprehensive intelligence assessments across strategic, operational, and tactical levels. Expert at correlating internal organizational data with external threat intelligence to identify true riskāunderstanding that the person with 80% of patent access who receives 30% of phishing attempts may be a higher-value target than the CEO. Leads threat actor tracking and provides intelligence that directly informs security investment and defensive priorities. | Senior CTI analyst and team leader who defines intelligence strategy and leads high-impact analysis. Expert at thinking like an attacker to identify organizational riskācorrelating access patterns, targeting data, business context, and threat actor capabilities to produce intelligence that truly reflects threats to the specific organization. Builds intelligence programs that go beyond external report aggregation to deliver unique, actionable organizational insight. | Distinguished CTI analyst who shapes organizational and industry intelligence practices. Recognized externally as thought leader in threat intelligence, threat actor research, or specific threat domains. Produces intelligence that transforms how the organization understands and responds to threats. Drives innovation in threat correlation and organization-specific risk identification. | Elite CTI practitioner with industry-defining influence in threat intelligence. Operates at the intersection of deep intelligence expertise and organizational strategy. Shapes not only practice direction but industry approaches to understanding and responding to sophisticated threats. | Legendary practitioner at the pinnacle of threat intelligence expertise. Globally recognized authority who defines how the industry understands sophisticated threats, threat actors, and adversary operations. Combines unparalleled intelligence expertise with strategic vision. May have named major threat actors or developed foundational intelligence methodologies. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior CTI analysts. Shadows on intelligence production and stakeholder briefings. Expected to complete analytic tradecraft training. Learns the organization's business, assets, and threat landscape to ground intelligence in internal context. | Receives guidance from Senior analysts on complex analysis. Expected to begin mentoring Entry-level analysts informally. Contributes to collection plans and procedures. Should be developing expertise in specific threat actors or industry threats. | Primary mentor for Junior and Entry analysts. Leads training on analytic tradecraft and internal correlation. Expected to develop team procedures and intelligence standards. Establishes reputation as expert in specific threat actors or threat domains. | Primary mentor for Mid and Junior analysts. Responsible for team career development. Creates analytic training programs. Industry mentorship through community engagement. Shapes organizational intelligence practices. | Mentors Senior analysts and emerging leaders. Shapes organizational CTI talent strategy. Industry-level mentorship through community engagement. Develops thought leaders in the intelligence space. | Develops organizational leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to the threat intelligence field. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact on threat intelligence. May fund or sponsor research. |
| Impact Scope | Individual contributor on collection and processing tasks. Impact limited to supporting intelligence production. Work is reviewed before dissemination. Supports overall intelligence coverage. | Directly contributes to organizational threat awareness. Responsible for accurate tactical intelligence. Analysis informs detection and hunting activities. Beginning to influence security priorities based on threat landscape. | Shapes organizational threat understanding. Intelligence directly informs security strategy and investment. Targeting analysis identifies organizational risk beyond obvious assumptions. Intelligence products drive defensive priorities. | Defines intelligence capabilities and strategic direction. Program effectiveness directly impacts organizational threat posture. Team development impacts security maturity. Executive relationships enable threat-informed investment. | Industry and organizational transformation. Shapes how threat intelligence is practiced. Multi-year strategic outcomes. Influences how threats are understood industry-wide. | Industry-defining impact. Organizational competitive differentiation through intelligence capabilities. Multi-year strategic transformation. Shapes how threats are understood globally. | Global industry impact. Defines how threats are understood worldwide. Shapes government and industry response to threats. Creates lasting contributions to intelligence practice. |
| Autonomy & Decision Authority | Works under close supervision. Follows established collection and processing procedures. Limited authority to make analytic judgments independently. Escalates potential threats and findings to senior analysts. | Works with moderate supervision. Can make routine analytic judgments. Authority to produce tactical intelligence products. Escalates strategic assessments and high-confidence attributions. | Works independently with strategic guidance. Makes significant analytic judgments including attribution assessments. Authority over collection priorities and intelligence standards. Consulted on threat-informed defense strategy. | High autonomy with strategic alignment. Makes significant program and analytic decisions. Authority over intelligence standards and priorities. Trusted to represent organization on intelligence matters. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment and capability priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. May have significant budget authority. Shapes organizational direction on threat matters. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. Significant influence over industry and government threat understanding. |
| Communication & Stakeholders | Primarily internal communication with CTI team. Documents collection and findings. Limited direct interaction with intelligence consumers initially. May assist with indicator sharing. | Regular interaction with SOC and detection teams. Briefs technical audiences on threats. Participates in intelligence sharing. Documents analysis for internal consumption. | Regular communication with security and business leadership. Briefs executives on strategic threats. Primary CTI contact for stakeholder groups. Represents organization in intelligence sharing communities. | Executive-level communication on threat landscape. Board briefings on strategic threats. Represents organization in senior intelligence sharing forums. Media engagement on threat topics. | C-suite engagement on threat strategy. Industry-wide influence through publications and speaking. Government and law enforcement relationships. Media engagement on major threats. | Peer engagement with executives and CISOs. Industry-defining thought leadership. Government and international engagement. Media presence on major threats. | Global presence. Government and international engagement. Media thought leadership. Premier intelligence and national security venues. |
| Degree / Experience | Bachelor's degree in Intelligence Studies, International Relations, Computer Science, Cybersecurity, or related field, OR 1-2 years of SOC or security operations experience, OR military/IC intelligence background transitioning to private sector. | Bachelor's degree in relevant field, OR 2-4 years of CTI, SOC, or intelligence experience. Demonstrated ability to produce finished intelligence products. | Bachelor's degree in relevant field, OR 4-6 years of CTI or intelligence experience. Demonstrated track record of high-quality finished intelligence. May have Master's degree or IC background with less corporate experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of CTI or intelligence experience. Demonstrated program leadership and thought leadership. IC senior analyst background highly valued. | Advanced degree often expected, OR 10+ years of elite CTI or IC experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but industry recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of threat intelligence discipline or major discoveries. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $55,000 - $75,000 (GS-7 to GS-9) | $70,000 - $95,000 (GS-9 to GS-11) | $90,000 - $120,000 (GS-11 to GS-13) | $115,000 - $150,000 (GS-13 to GS-14) | $140,000 - $175,000 (GS-15 / SES equivalent) | $165,000 - $210,000 (Senior SES equivalent) | $185,000 - $240,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $65,000 - $90,000 | $85,000 - $115,000 | $110,000 - $150,000 | $145,000 - $195,000 + equity | $180,000 - $245,000 + significant equity | $220,000 - $300,000 + major equity | $270,000 - $380,000+ + founder-level equity |
| Salary: US Corporate | $60,000 - $85,000 | $80,000 - $110,000 | $105,000 - $140,000 | $135,000 - $180,000 | $170,000 - $230,000 | $205,000 - $275,000 | $250,000 - $340,000+ |
CTI Engineer
Technical professionals who build and maintain the infrastructure that enables threat intelligence operations. Focus on TIP deployment, feed integration, enrichment automation, MITRE ATT&CK operationalization, and detection content development. Bridge the gap between raw intelligence and defensive action by building systems that correlate internal telemetry with external threats. Skills overlap significantly with Detection Engineering; some organizations combine these functions.
| Attribute | Eng 1 / Entry | Eng 2 / Junior | Eng 3 / Mid | Eng 4 / Senior / Lead | Eng 5 / Staff | Eng 6 / Senior Staff | Eng 7 / Principal |
|---|---|---|---|---|---|---|---|
| General Description | Entry-level CTI engineer learning intelligence platform operations and automation fundamentals. Assists with feed integration, indicator processing, and basic platform administration. Develops foundational understanding of TIPs, indicator formats, and how intelligence flows into defensive systems. | Junior CTI engineer capable of independently managing feed integrations and developing basic automation. Demonstrates proficiency with TIP administration and can build enrichment workflows. Begins developing detection content from intelligence and understands the connection between intel and defensive action. | Experienced CTI engineer who independently designs and implements intelligence infrastructure and automation. Expert at building systems that correlate internal organizational data with external threat intelligence. Strong detection engineering capabilitiesācan translate threat actor TTPs into high-fidelity detections. Mentors junior engineers and shapes platform strategy. | Senior CTI engineer and team leader who defines intelligence infrastructure strategy. Expert at building systems that transform intelligence into defensive actionāfrom automated enrichment to detection deployment to threat hunting enablement. Bridges intelligence and detection engineering to maximize defensive value of threat intelligence. Champions internal threat correlation that identifies organization-specific risk. | Distinguished CTI engineer who shapes organizational and industry approaches to intelligence infrastructure and operationalization. Recognized externally for technical innovation in threat intelligence platforms, detection engineering from intel, or threat correlation systems. Drives next-generation capabilities. | Elite CTI engineer with industry-defining influence in intelligence infrastructure and threat operationalization. Operates at the intersection of deep technical expertise and organizational strategy. Shapes how the industry builds and operates intelligence platforms. | Legendary practitioner at the pinnacle of intelligence engineering expertise. Globally recognized authority who defines how the industry builds threat intelligence infrastructure and operationalizes intelligence for defense. May have created foundational tools or platforms used industry-wide. |
| Primary Responsibilities |
|
|
|
|
|
|
|
| Required Skills |
|
|
|
|
|
|
|
| Preferred Skills |
|
|
|
|
|
|
|
| Mentorship Requirements | Receives direct mentorship from Senior CTI engineers. Shadows on platform development and integration work. Expected to achieve platform certifications within first year. Learns how intelligence operationalization works. | Receives guidance from Senior engineers on complex integrations. Expected to begin mentoring Entry-level engineers informally. Contributes to platform documentation. Should be developing expertise in specific platforms or detection development. | Primary mentor for Junior and Entry engineers. Leads training on platform development and detection engineering. Expected to develop team standards and best practices. Establishes reputation as expert in specific platforms or detection domains. | Primary mentor for Mid and Junior engineers. Responsible for team career development. Creates engineering training programs. Industry mentorship through community engagement. Shapes organizational CTI engineering practices. | Mentors Senior engineers and emerging leaders. Shapes organizational CTI engineering talent strategy. Industry-level mentorship. Develops thought leaders in intelligence engineering. | Develops organizational technical leadership pipeline. Mentors future industry leaders. Legacy-building through lasting contributions to intelligence engineering. | Develops organizational and industry leadership. Mentors future industry leaders. Legacy-building through generational impact. May fund or sponsor tool development. |
| Impact Scope | Individual contributor on assigned platform tasks. Impact limited to supporting engineering activities. Work is reviewed before deployment. Supports overall intelligence infrastructure. | Directly contributes to intelligence platform capabilities. Responsible for reliable feed integration and data quality. Automation work improves analyst efficiency. Detection content protects the organization. | Shapes intelligence platform capabilities. Detection content directly protects organization. Internal correlation systems identify organizational risk. Automation enables analyst focus on high-value work. | Defines intelligence engineering capabilities. Platform decisions impact long-term intelligence effectiveness. Detection program improves organizational security posture. Team development impacts security maturity. | Industry and organizational transformation. Shapes how intelligence infrastructure is built. Multi-year strategic outcomes. Influences vendor roadmaps and industry tools. | Industry-defining impact. Organizational differentiation through intelligence capabilities. Multi-year strategic transformation. Shapes how intelligence systems are built globally. | Global industry impact. Defines how intelligence systems are built. Organizational transformation. Creates lasting contributions to the field. |
| Autonomy & Decision Authority | Works under close supervision. Follows established procedures for platform operations. Limited authority to make configuration changes independently. Escalates issues to senior engineers. | Works with moderate supervision. Can make routine platform decisions. Authority to implement standard integrations. Escalates architectural changes and complex development. | Works independently with strategic guidance. Makes significant architecture and development decisions. Authority over platform standards and detection strategies. Consulted on intelligence infrastructure investment. | High autonomy with strategic alignment. Makes significant platform and investment decisions. Authority over engineering standards and detection strategies. Trusted to represent organization on technical intelligence matters. | Near-complete autonomy over domain. Strategic influence on organizational direction. Shapes investment priorities. Makes decisions with significant organizational impact. | Full autonomy over strategic domain. Executive-level decision authority. Significant investment authority. Shapes organizational direction. | Complete strategic autonomy. Executive-level authority. Shapes organizational strategy. Significant influence over industry direction. |
| Communication & Stakeholders | Primarily internal communication with CTI team. Documents configurations and procedures. Limited direct interaction with consumers of intelligence systems. | Regular interaction with CTI analysts and SOC teams. Participates in platform planning discussions. Documents technical decisions. Coordinates with security tool teams. | Regular communication with CTI and security leadership. Presents technical strategies. Primary engineering contact for intelligence platform decisions. Coordinates across security teams. | Executive-level communication on intelligence infrastructure. Represents engineering in strategic planning. Builds industry relationships with vendors and peers. May speak at conferences. | C-suite engagement on intelligence technology. Industry-wide influence. Vendor and standards relationships. Media engagement on technical topics. | Peer engagement with executives. Industry-defining thought leadership. Media and public presence. Vendor and standards leadership. | Global presence. Government and international engagement. Media thought leadership. Premier technical venues. |
| Degree / Experience | Bachelor's degree in Computer Science, IT, Cybersecurity, or related field, OR 1-2 years of security operations or IT experience, OR SOC background with interest in automation. | Bachelor's degree in relevant field, OR 2-4 years of CTI engineering, detection engineering, or security automation experience. Demonstrated ability to build integrations and automation. | Bachelor's degree in relevant field, OR 4-6 years of CTI engineering, detection engineering, or security automation experience. Demonstrated track record of complex platform development. May have Master's degree with less experience. | Bachelor's or Master's degree in relevant field, OR 6-10 years of CTI engineering, detection engineering, or security platform experience. Demonstrated program leadership and technical innovation. | Advanced degree often expected, OR 10+ years of elite CTI engineering experience with demonstrated industry impact. Recognition is essential qualification. | Advanced degree often present, but recognition is primary qualification. 12+ years of elite experience with transformational impact. | Recognition is primary qualification. 15+ years with transformational impact. May be pioneers of intelligence platforms or operationalization approaches. |
| Certifications |
|
|
|
|
|
|
|
| Salary: US Gov't | $60,000 - $80,000 (GS-9 to GS-11) | $75,000 - $100,000 (GS-11 to GS-12) | $95,000 - $125,000 (GS-12 to GS-13) | $120,000 - $155,000 (GS-13 to GS-14) | $145,000 - $180,000 (GS-15 / SES equivalent) | $170,000 - $215,000 (Senior SES equivalent) | $190,000 - $250,000+ (Senior SES / Technical fellow equivalent) |
| Salary: US Startup | $70,000 - $95,000 | $90,000 - $125,000 | $120,000 - $160,000 | $155,000 - $205,000 + equity | $190,000 - $260,000 + significant equity | $235,000 - $320,000 + major equity | $280,000 - $400,000+ + founder-level equity |
| Salary: US Corporate | $65,000 - $90,000 | $85,000 - $115,000 | $115,000 - $150,000 | $145,000 - $190,000 | $180,000 - $245,000 | $220,000 - $290,000 | $265,000 - $360,000+ |