Careers

Security Analyst Average Salary Ranges

  • Last Updated:
  • Aug 15th, 2020 5:27 pm
[OP]
Banned
Jun 2, 2019
6 posts

Security Analyst Average Salary Ranges

Hi,
Im in IT with mix experience for system admin and Security Analyst of 7 years and wondering what are some of salaries that people get offered for Security Analyst or Information Security roles in Toronto. Job boards are outdated and no job posting list salaries. I want to get rough idea of some of the people of what they are getting paid in this role as FT Employee. or even contractors.
13 replies
Member
Apr 25, 2019
205 posts
78 upvotes
gen000 wrote: Hi,
Im in IT with mix experience for system admin and Security Analyst of 7 years and wondering what are some of salaries that people get offered for Security Analyst or Information Security roles in Toronto. Job boards are outdated and no job posting list salaries. I want to get rough idea of some of the people of what they are getting paid in this role as FT Employee. or even contractors.
What kind of experience you have as a security analyst, QRadar , Splunk, Incident Response, SANS certifications?
Depends on type of company and type of work. If you work for customer facing role where you are handling multiple clients/engagements at a specific time the salary will always be high. 7+ years of experience as Security Analyst you can get 120K total in a Sr. SOC position. I have heard others mentioning 90K too ( Sirus computers has an opening right now for 90K) but do note you also need some certifications. Artic Wolf networks in Waterloo does SOC as a service where some times each engineer will handle up to 80 customers at a single time and I was told they were paying till 120K with some benefits. Do check it out as they are still hiring. These jobs also require kind of 24/7 presence so you sacrifice your personal life too.

Banks on the other hand can give you 90-100K base and a little bonus.

This is for Canadian experienced people, if you are new immigrant then very tough to get in as there are enough local applications and employers always prefer people with Canadian experience here.
Deal Addict
Jul 13, 2009
3989 posts
1976 upvotes
Very certification heavy but the people I've met and hired in the past

2-3 years exp - $60-75
3-5 years: $75-100 (really depends on experience and certifications)
5-7: $100-120

but seriously depends on certifications and how much you invest in yourself.
[OP]
Banned
Jun 2, 2019
6 posts
dentonic88 wrote: What kind of experience you have as a security analyst, QRadar , Splunk, Incident Response, SANS certifications?
Depends on type of company and type of work. If you work for customer facing role where you are handling multiple clients/engagements at a specific time the salary will always be high. 7+ years of experience as Security Analyst you can get 120K total in a Sr. SOC position. I have heard others mentioning 90K too ( Sirus computers has an opening right now for 90K) but do note you also need some certifications. Artic Wolf networks in Waterloo does SOC as a service where some times each engineer will handle up to 80 customers at a single time and I was told they were paying till 120K with some benefits. Do check it out as they are still hiring. These jobs also require kind of 24/7 presence so you sacrifice your personal life too.

Banks on the other hand can give you 90-100K base and a little bonus.

This is for Canadian experienced people, if you are new immigrant then very tough to get in as there are enough local applications and employers always prefer people with Canadian experience here.
I have some experience with Splunk, Qualys and incident response. I also have a CISSP and some non security certifications such as MCSE, CCNA etc.
If i am aiming to get salary of about 100k+ what direction should i get headed in terms of certifications or any other skillsets i can add at home through online trainings.

Most salary ranges for Security Analyst or Cyber Security roles on glassdoor are between 50-75K which seems quiet terrible to me.

Any help is greatly appreciated as times are tough these days due to Covid 19
Member
Apr 25, 2019
205 posts
78 upvotes
gen000 wrote: I have some experience with Splunk, Qualys and incident response. I also have a CISSP and some non security certifications such as MCSE, CCNA etc.
If i am aiming to get salary of about 100k+ what direction should i get headed in terms of certifications or any other skillsets i can add at home through online trainings.

Most salary ranges for Security Analyst or Cyber Security roles on glassdoor are between 50-75K which seems quiet terrible to me.

Any help is greatly appreciated as times are tough these days due to Covid 19

Ignore glassdoor, probably outdated data. Keep on applying to roles and ask 100K, I don't think it should be an issue provided you have CISSP and experience with SIEM tools too which are heavily used on SOC environments. I have been offered 145K at one time, 150K at one time but I ignored them and moved with contracting roles so I don't know why wouldn't a skilled person get 100K.

One thing you must note is that GTA market is quite manipulated. It is heavily based on references as the truth is supply is more than demand. You will do many interviews which will work out perfect or apply to job which 100% matches with your skills and still get replied "While we are impressed with your skills we moved forward with other candidates this time". Many job postings are fake which means they already have someone in mind and are doing CV collection and fake interviews to show transparency. Many recruiters will call you to get CV submitted ASAP as they there is an urgent hiring and manager is waiting for resumes and your resume matches 100%. After that you will never get response. In one contracting role I was told by a guy that lets say you get 80 an hour so you need to remit back 20% of the pay to hiring manager till the contract remains, I was then told its very normal in GTA market and even people in Big4 do that so its not very straight forward for an average person.

From a certifications point of view, cloud security roles are good but almost always require experience rather than certifications. But you still might want to look into Azure certifications or AWS ones. Linux Academy has decent azure ones I know.
Newbie
Dec 22, 2008
75 posts
12 upvotes
Mississauga
dentonic88 wrote: Ignore glassdoor, probably outdated data. Keep on applying to roles and ask 100K, I don't think it should be an issue provided you have CISSP and experience with SIEM tools too which are heavily used on SOC environments. I have been offered 145K at one time, 150K at one time but I ignored them and moved with contracting roles so I don't know why wouldn't a skilled person get 100K.

One thing you must note is that GTA market is quite manipulated. It is heavily based on references as the truth is supply is more than demand. You will do many interviews which will work out perfect or apply to job which 100% matches with your skills and still get replied "While we are impressed with your skills we moved forward with other candidates this time". Many job postings are fake which means they already have someone in mind and are doing CV collection and fake interviews to show transparency. Many recruiters will call you to get CV submitted ASAP as they there is an urgent hiring and manager is waiting for resumes and your resume matches 100%. After that you will never get response. In one contracting role I was told by a guy that lets say you get 80 an hour so you need to remit back 20% of the pay to hiring manager till the contract remains, I was then told its very normal in GTA market and even people in Big4 do that so its not very straight forward for an average person.

From a certifications point of view, cloud security roles are good but almost always require experience rather than certifications. But you still might want to look into Azure certifications or AWS ones. Linux Academy has decent azure ones I know.
OP here, my other account got banned for some reason.

May i ask what sort of qualifications you have and what sort of role were you offered 145-150k for. Seems very rare to me as most places i see is offereing 60-70k salary range. Unless i am looking at wrong roles.

Thanks in advance and for all your help
Member
Apr 25, 2019
205 posts
78 upvotes
Gen_90 wrote: OP here, my other account got banned for some reason.

May i ask what sort of qualifications you have and what sort of role were you offered 145-150k for. Seems very rare to me as most places i see is offereing 60-70k salary range. Unless i am looking at wrong roles.

Thanks in advance and for all your help
I am referring to different kind of roles. Sr. Manager - security arch. for large telco, principle security consultant position for another telco. The role you are taking about is mostly an individual contributor (security analyst) , does not look into the business side of things. If you combine technical plus business skills and then use them at customer facing roles you easily get 120+ in GTA . But you cant learn those soft skills by reading books or watching videos, takes years of experience working for resellers doing several deployments and even then handful of people quality for better roles in future.
Newbie
Nov 25, 2012
73 posts
27 upvotes
Check out Finastra . They are hiring L2 and L3 Incident Response. L3 is 120k to 130k depends on your experience

Finastra is rank 3 globally in Fintech.
Jr. Member
Dec 25, 2006
115 posts
11 upvotes
I was getting around 70k in an admin role. Then decided to get the CISSP and switch to Information Security. Landed a security analyst position last year just shy of 100k. Maybe I was lucky but some of my other friends landed security analyst jobs at around the 80 to 90k mark easily.
Member
May 24, 2007
499 posts
162 upvotes
May I ask how you leveraged your IT adminsitrator experience into security? Internal networking? Also, does general IT experience count towards CISSP experience?
Jr. Member
Dec 25, 2006
115 posts
11 upvotes
Jokkon wrote: May I ask how you leveraged your IT adminsitrator experience into security? Internal networking? Also, does general IT experience count towards CISSP experience?
Internal networking is always good if you want to branch out into other areas within your organization but unfortunately for me, there just wasn't any available positions for me at the time within InfoSec at the organization I worked at and I didn't want to just sit on the sidelines and wait it out. So I began applying outside. I applied to a BUNCH of places for security related positions prior to getting the CISSP but it was very difficult to even get noticed by recruiters or HR people.

That was when I decided to get serious. I got the Comptia Security+ first then went straight to the CISSP. Once I obtained the full certification and updated my status on LinkedIn, I immediately noticed a difference. Recruiters were constantly hitting me up and I was able to get interviews much easier. It was a complete game changer moment for me. Even though the CISSP is considered a "managerial" certification, many security related positions still have it listed on their "wants" and "must haves" and if you don't have it checked off, your resume will be skipped. It is right now one of those HOT keywords recruiters, HR, and hiring managers are looking at for. All I can say is, If you want to break into an InfoSec role, the CISSP will DEFINITELY help you.

In regards to your question about the required experience to get the full CISSP certification, the best advice I can give is to map out your day to day duties in your IT job, even if you are in Help Desk role, and see if it can be related to at least 2 domains covered in the CISSP. If it does and you have 5 or more years of experience then you are good. You can shave off 1 year of experience if you have a degree or any of the approved certifications listed by ISC2.

If you already know Information Security is where you want to be as your career path even though you do not have the experience right now, I would still encourage you to go for the CISSP. After passing the exam, you still have 6 years to get the required experience before you have to retake the exam again.
Member
May 24, 2007
499 posts
162 upvotes
SuperRed95 wrote: Internal networking is always good if you want to branch out into other areas within your organization but unfortunately for me, there just wasn't any available positions for me at the time within InfoSec at the organization I worked at and I didn't want to just sit on the sidelines and wait it out. So I began applying outside. I applied to a BUNCH of places for security related positions prior to getting the CISSP but it was very difficult to even get noticed by recruiters or HR people.

That was when I decided to get serious. I got the Comptia Security+ first then went straight to the CISSP. Once I obtained the full certification and updated my status on LinkedIn, I immediately noticed a difference. Recruiters were constantly hitting me up and I was able to get interviews much easier. It was a complete game changer moment for me. Even though the CISSP is considered a "managerial" certification, many security related positions still have it listed on their "wants" and "must haves" and if you don't have it checked off, your resume will be skipped. It is right now one of those HOT keywords recruiters, HR, and hiring managers are looking at for. All I can say is, If you want to break into an InfoSec role, the CISSP will DEFINITELY help you.

In regards to your question about the required experience to get the full CISSP certification, the best advice I can give is to map out your day to day duties in your IT job, even if you are in Help Desk role, and see if it can be related to at least 2 domains covered in the CISSP. If it does and you have 5 or more years of experience then you are good. You can shave off 1 year of experience if you have a degree or any of the approved certifications listed by ISC2.

If you already know Information Security is where you want to be as your career path even though you do not have the experience right now, I would still encourage you to go for the CISSP. After passing the exam, you still have 6 years to get the required experience before you have to retake the exam again.
Thanks man. That's solid advice. Would you say the CISSP and S+ gave you a solid foundation to function well in your roles? Or its more just an entry ticket and 99% of your knowledge and experience is acquired on the job?
Jr. Member
Dec 25, 2006
115 posts
11 upvotes
Jokkon wrote: Thanks man. That's solid advice. Would you say the CISSP and S+ gave you a solid foundation to function well in your roles? Or its more just an entry ticket and 99% of your knowledge and experience is acquired on the job?
It definitely does more so the CISSP than the S+. S+ is very foundational whereas the CISSP is a total different beast altogether. Keep in mind by having the CISSP alone does not guarantee you a job but it does let hiring managers or people alike know that you are serious about this field and that you have put in the time and dedication to obtain it.
Member
May 24, 2007
499 posts
162 upvotes
SuperRed95 wrote: It definitely does more so the CISSP than the S+. S+ is very foundational whereas the CISSP is a total different beast altogether. Keep in mind by having the CISSP alone does not guarantee you a job but it does let hiring managers or people alike know that you are serious about this field and that you have put in the time and dedication to obtain it.
Yes, certifications are more like signaling. Indicators to hiring managers that you are invested in this field. At the end of the day, seems to have varying degree of usefulness on the job.

Glad to hear that you find the CISSP helpful in your day to day tho. I think I will tackle CISSP and CCSK or CCSP and see if I can break into the field.

Top