How do cybersecurity salaries compare to software engineering?

Cybersecurity and software engineering compensation are closer than most candidates assume. The Bureau of Labor Statistics (Occupational Employment and Wage Statistics, 2024) reports a median salary of $124,910 for information security analysts and $132,270 for software developers. The roughly $7,000 gap at the median is smaller than the variation within either field by location and seniority. Where the two diverge is at the extremes and in the underlying growth dynamics.

Entry-level comparison. Tier 1 SOC analysts open at $58,000 to $95,000 nationally with the BLS median for SOC roles at $87,400. Junior software developers open at $75,000 to $105,000 with the BLS median for entry developer roles around $90,000. The gap is small. Where software engineering pulls ahead is at top-tier technology companies (Meta, Google, Apple, Amazon, Microsoft, and similar) where new-grad software roles routinely pay $170,000 to $220,000 in first-year total compensation including stock. Cybersecurity roles at the same companies pay $20,000 to $50,000 less for equivalent seniority.

Mid-career and senior comparison. By the five-year mark, the gap shifts. Security Engineers ($124,900 BLS median) and Senior Software Engineers ($165,000 to $200,000 at most tech employers) diverge. Software engineering at FAANG-tier employers continues to pay better than cybersecurity at the same employers. But cybersecurity Architects ($158,600 BLS median, $200,000 to $260,000 at large enterprises) close much of the gap, and cybersecurity sales reaches into ranges most software ICs never hit.

Leadership-level comparison. CISO at $232,000 BLS (2024) median, with Fortune 500 CISO total compensation $400,000 to $700,000 including equity. VP of Sales or CRO at cybersecurity vendors at $300,000 to $800,000+ OTE. VP of Engineering at most companies runs $250,000 to $500,000 total compensation. The cybersecurity executive ceiling is roughly comparable to engineering executive ceiling at most enterprises, and meaningfully higher inside the security vendor market.

Growth dynamics differ structurally. BLS (2024) projects 29% growth for information security analysts from 2024 to 2034 versus 17% for software developers, QA, and testers. The growth gap reflects regulatory non-discretion. Companies are required by SOC 2, HIPAA, PCI DSS, CMMC, and SEC cyber disclosure rules (Item 1.05 of Form 8-K, effective 2023) to spend on cybersecurity. Software engineering spend is more cyclically discretionary, which showed up in the 2023-2024 tech layoff wave that hit engineering harder than security.

Decision logic. Pick cybersecurity if you want stronger job security, more recession-resistant demand, faster entry without a computer science degree, and access to non-coding paths (GRC, sales, audit). Pick software engineering if you want higher top-end compensation at top tech employers, prefer building over investigating, and are willing to compete in a more cyclical hiring market. Pick the security engineering or DevSecOps hybrid if you want both: software engineering skill applied to security problems pays well and rarely gets laid off.

Tradeoffs to acknowledge. Software engineering at top employers genuinely pays better than cybersecurity at the same employers. Cybersecurity pay catches up over a longer career and across a wider distribution of employers, but if your specific goal is maximum first-decade earnings at a FAANG-tier firm, software engineering wins. If your goal is durable mid-career and senior earnings with broader employer options, cybersecurity wins.

For specific role comparisons, see the related career entries for security-engineer, security-architect, ciso, and cybersecurity-account-executive, plus the certification entries for cissp and comptia-security-plus and the glossary entry for security-engineering.