Pay Rates For Security Professionals

The Tech recruitment experts at North Starr have compared 2018 pay rates across the UK IT Security marketplace across different categories and the results might surprise you.  

The review  looks at salary levels  paid in the Information Security marketplace in 2017 compared to 2018 and average technology salary in the UK is  presently over £80k.

The results are summarised in the table below: 

ROLELOWHIGH% VARIATION H2 2017
Technical   
SOC Engineer£35,000£50,000+1.3%
Senior Technical Security Specialist£55,000£70,000+2.3%
Application Security Specialist£85,000£110,000+3.4%
Penetration Tester£70,000£90,000+1.8%
Check Team Leader£80,000£110,000+2.6%
Security Architect£90,000£120,000+2.8%
Governance & Compliance   
Security Policy Specialists£55,000£75,000+1.3%
Governance & Compliance Specialists£60,000£80,000+0.6%
Leadership   
Information Security Manager£60,000£80,000+0.8%
Head of Information Security£70,000£90,000+1.4%
Head of IT/Operational Security£70,000£90,000-0.8%
Security Director£80,000£110,000+0.5%
CISO**£100,000£180,000+1.2%

The variances differ over the different jobs and most have had small to medium salary percentage increases year on year. And of course many jobs vary because of the size of the business, maturity of the security function and the size of the team being managed or working with.

Technical roles like SOC (Systems on a Chip) Engineers with average annual salaries between £35k and £50k have risen around 1.3% and because the average is around £45k these people are more likely to move jobs for more money.

Whereas Application Security Specialists have salaries between £85k and £110k and have seen rises of 3.4% and are more likely to remain in their current employment.

Leadership jobs like the Head of Information Security are on average between £70k and £90k and have gone up by about 1.4%. And Chief Information Security Officers who on average get paid between £100k and £180k have had increases of around 1.2%.  

There is still a growing skills gap in the UK with a general lack of basic digital and IT skills in most companies.

Please contact andrew.nitek@thenorthstarr.com for more information.

News By CSI:        Image: Nick Youngson

You Might Also Read: 

How To Get Into Cyber Security: Tips, Strategy And Skills:

 

 

 

« DARPA Wants To Emulate Insect Brains
Blockchain Transforms The Internet of Things »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Pen Test Partners LLP

Pen Test Partners LLP

Pen Test Partners provides penetration testing, security assessment and training services.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

Luxar Tech

Luxar Tech

Luxar's network visibility products enable enterprises and service providers to monitor network traffic, improve security and optimize efficiency.

Secusmart

Secusmart

Secusmart provide highly secure and encrypted speech and data communication solutions.

IDnext

IDnext

IDnext is the open and independent platform to support innovative approaches in the world of the Digital identity.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

Gemserv

Gemserv

Gemserv is a specialist market design, governance and assurance services consultancy.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Samoby

Samoby

Samoby provide a subscription solution for Mobile Threat Protection and usage control on Android and iOS devices.

NSO Group

NSO Group

NSO Group develops technology that enables government intelligence and law enforcement agencies to prevent and investigate terrorism and crime.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

IPification

IPification

IPification is a highly secure, credential-less, network-based authentication solution for frictionless user experience on mobile and IoT devices.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Adversa AI

Adversa AI

Adversa's mission is to build trust in AI and protect AI from cyber threats, privacy issues, and safety incidents.

Riot Security

Riot Security

In today's world, most successful cyberattacks start by a human failure. Riot have developed a platform that makes it easy to prepare your employees for cyberattacks, in a way they love.