Security engineer: talent market and salary benchmarking

Are you interested in becoming a security engineer? Do you want to discover the talent market for this position? This article gives a description of the job, defines the offer and demand in many locations and provides salary benchmarking for security engineers.

What is a security engineer?

Security engineers, as its name indicates, are the professionals in charge of making a business network secure. There are many potential threats against computer systems: from multiple cyberattacks to natural disasters. Their job consists of analyzing networks, making sure they are running smoothly and trying to protect the system from future menaces.

Usually, they are part of the technology team. They report their findings to upper management or a security-engineering leader in large companies.

There are some variants, like cyber security engineers or application security engineers (AppSec). Cybersecurity engineers are security engineers with a more technical approach, and without focusing that much on the legal aspects.

AppSec engineers differ from the rest of the security engineers since they are related both to security and development. In small companies, maybe the resources are limited and a single employee can develop both roles. However, in big companies, there are sometimes two different teams, the engineering team and the security team. Security engineers are part of security (which also includes security analysts), while AppSec engineers are part of engineering.

What profiles are more common?

The main personality traits needed are methodology and rationality. Employees between 24 and 32 years old are usually part of the security team, is extremely rare to find security engineers older than 45. Just 16.7% of the labour force in security is female, lower than the 29.3% of women in the IT industry.

What education is recommended?

Usually, in job offers there is the requirement of holding a degree in cybersecurity, mathematics, information management or computer science. It is also necessary to have skills with risk assessment tools. They need to be able to read computer code easily.

TalentUp had the opportunity to talk with two professionals in this sector. Arnau Alcázar, who is an application security lead, and Oriol Riba, who is a cyber security engineer.

Alcázar studied Telecommunications Engineering degree and after graduating he already got a job in a security position. He also has some secure software certifications which are required to work in some big companies, whereas startups usually do not take them into account. Nevertheless, commonly much more importance is given to experience rather than holding titles.

Riba also reinforces the idea that many things need to be learned in the field. Having said that, he also studied Telecommunications Engineering, worked in security consulting, and then decided to pursue a Master’s degree in Cyber Security. He also holds some certifications.

Riba made a point about security engineers. Some professionals have been in that position for more than 15 years. However, degrees in that field are very rare and are being created currently. Masters in cyber security are also a recent thing. Many of the professionals with more years of experience have been self-educated, by keeping an eye on current trends and possible courses to take autonomously.

Analyzing the talent market for security engineers

In all countries, with the exception of France and India, there are (at least) two job openings for every professional in that market. This means that security engineer profiles are highly requested and the supply does not match the demand. The US is the country with the widest market for them, followed by Europe and India.

All cities with more security engineers among their workers are from western Europe. The ones with more professionals are Paris and Madrid. Some cities are growing lately, especially Barcelona and Amsterdam. London is the city demanding more professionals by a huge difference.

The company with the most security engineers among its workers is the software developer Check Point. In that organization, security engineers represent 5.44% of the workers. This is a high ratio when compared to the other four companies that make up the Top 5 organizations with the most security personnel. It is the case with Amazon, Google, Cisco, and IBM. For them all, security engineers represent less than 0.5% of their labour force.

Types of companies hiring security engineers

Affording to have a security team is a privilege reserved for big companies. Small companies usually outsource security management to a consulting group. Only 14 percent of security engineers work in companies with fewer than 100 workers. And, as seen before, even big companies have small security teams. The share of security engineers, with respect to all workers, just surpasses 1% when the core business of that company is development support.

According to Alcázar, the lack of available security positions for many companies is likely to become a future issue in many industries. Riba stresses the fact that all public organizations should have a responsibility for security.

38% of job offers for a security engineer are remote. The daily job of a security engineer does not depend heavily on the place of work. This reality was already prevalent before the pandemic. Having said that, Alcázar confesses that before 2020, the offers he received were from his city. In the case of foreign offers, the offers required moving to the country where the office is based. Nowadays, the same companies that used to do that, have contacted him to work remotely. Startups that are completely globalized and uniquely work remotely (not based in any specific country) are also interested in this role.

Salary benchmarking for security engineers

We can see that, on average, salaries in the US for security engineers are higher than for other IT jobs. IT workers typically earn between 50k and 100k euros per year, while security engineers earn between 70k and 100k. Moreover, there is a representative peak of 95,000 euros annually for every worker in this sector. But security engineers have another relevant peak at 130k EUR, which is considered a really high salary.

Map of salaries in Europe

Made with Visme Presentation Maker

Map of the average salary of security engineers in Europe by country. Also, salaries for security engineers are compared to the cost of living in the second slide. Source: TalentUp’s database. 

This European map gives us insights into the average salaries for security engineers. Belgium and Switzerland have the highest salaries, both exceeding 100k€ per year. Scandinavian countries are the next ones in the ranking. In Denmark and Sweden, the security engineer’s average salary is above 80k and in Finland is above 70k€ a year. The lowest salaries are in the southeast of Europe and Portugal.

The map on the second slide shows the ratio of the average annual salary for each country divided by the index of their cost of living. From this ratio, we learn that the situation for this position in some countries is especially privileged. This happens mainly in Poland, Belarus, Slovakia, Bosnia and Herzegovina, and Belgium. Other countries, that have good salaries, like France, show that compared to the cost of living in that country, the salary is not that high.

Apart from the base salary, security engineers usually have full benefits. Health insurance, a 401(k) plan, and professional development are also common for that position.

Follow TalentUp on LinkedIn and subscribe to our newsletter to get our latest articles!