The information security analyst role pays a national median of $127,730, per BLS. Underneath that one number sits a wide spread. Entry postings cluster around $65,000 while lead roles hit $155,000 nationally, and in Seattle the lead median climbs to $224,819.
The job market here is cooler than you'd expect. Active postings dropped from 842 in 2025 Q2 to 88 in 2026 Q2, roughly a 90% slide. Glozo's April 2026 snapshot shows 5,459 candidates against 91 open roles, a 59.99:1 supply-to-demand ratio it labels Balanced. Listings move quickly though: average posting life is 9.5 days.
Big banks and defense contractors anchor the established teams. Wells Fargo holds 202 analysts, GDIT 118, American Express 94. The recruiters running the most current openings are different: Cyber Focus AI and Hilton each have 10 active postings. The headcount table tells you where the jobs live; the recruiter table tells you which doors are open this month.
Data source: Glozo Analytics, 2026-04, and BLS OEWS May 2024. This guide covers 91 active US Information Security Analysts roles tracked by Glozo as of 2026-04. Salary figures are derived from Glozo’s market intelligence platform, which aggregates signals from active job postings, compensation disclosures, and labor market data.
What Information Security Analysts do
You watch traffic, you watch logs, you watch users. An information security analyst protects company systems against intrusion, fraud, and data theft. The day mixes alert triage, incident response, vulnerability scans, policy writing, and the occasional fire drill at 2am.
The role sits inside the Computer and Information Sciences family. BLS counts 179,430 of these jobs in the US and projects 28.5% growth over ten years, well above the cross-economy average. Typical entry credential is a bachelor's degree, often paired with a security certification picked up on the job.
You'll work next to software developers and computer systems analysts, and report into computer and information systems managers. The line between roles blurs at smaller companies, where one analyst may run the SOC, write detection rules, sign off on cloud changes, and answer the audit questionnaire.
Glozo's April 2026 snapshot calls the market Balanced, with a 59.99:1 supply-to-demand ratio (5,459 candidates against 91 active postings). Average time to fill, measured by posting lifespan, is 9.5 days. Applications need to move quickly, and a tailored resume beats a generic one when the listing closes inside two weeks.
Salary by Level
| Level | Median | P25 | P75 |
|---|---|---|---|
| Entry | $65,000 | $52,000 | $80,000 |
| Mid | $90,000 | $72,000 | $110,000 |
| Senior | $120,000 | $98,000 | $148,000 |
| Lead | $155,000 | $125,000 | $190,000 |
Each level adds roughly $25,000 to $35,000 over the prior tier. Entry to mid is $65,000 to $90,000, mid to senior is $90,000 to $120,000, and senior to lead is $120,000 to $155,000. The biggest absolute jump sits at the senior-to-lead step, where pay tracks scope (running a program) more than tenure.
Spreads widen at the top. The lead p25-to-p75 band runs $125,000 to $190,000, a $65,000 swing that reflects how much variance there is in what 'lead' means in this field: a small-team manager at a mid-market insurer earns less than a principal security engineer at a hyperscaler, even though the title may read the same.
Salary by City
| Market | Entry | Mid | Senior | Lead |
|---|---|---|---|---|
| Remote | $90,000 | $95,000 | $137,000 | $156,000 |
| San Francisco | $104,600 | $114,200 | $147,600 | $187,700 |
| New York | $80,600 | $105,700 | $144,600 | $206,000 |
| Chicago | $80,688 | $94,911 | $125,352 | $151,639 |
| Austin | $77,307 | $90,934 | $141,810 | $200,100 |
| Seattle | $114,159 | $122,250 | $155,322 | $224,819 |
Three patterns in this table:
- Seattle leads everything at the top. The Seattle lead median ($224,819) clears the national lead ($155,000) by 45%, and Seattle senior ($155,322) edges past the national lead median. Big-tech security teams and a small sample of staff-level roles in cloud security pull the upper band up; the city is the clearest outlier in the table.
- SF entry pays like national mid. San Francisco's entry median ($104,600) lands above the national mid ($90,000), making a first-year analyst in SF earn 116% of what a typical mid-career analyst earns nationally. Cost of living closes some of that gap, but the headline number is still striking.
- New York is bottom-light, top-heavy. NYC entry ($80,600) trails Seattle, SF, and Remote, but the NYC lead median ($206,000) is the second highest in the table. Bulge-bracket banks and hedge funds inflate the senior and lead bands while keeping entry pay close to Chicago and Austin levels.
This city table covers Remote, San Francisco, New York, Chicago, Austin, and Seattle. Boston and Los Angeles are not in this snapshot, so if you're targeting either market you'll want to compare against the national medians and the closest peer city in the table (NYC for Boston, SF for LA, give or take cost-of-living differences).
Information Security Analyst Career Path
Entry Information Security Analyst · Median $65,000
Entry analysts run the SOC console. You watch alerts on a SIEM, escalate the suspicious ones, close the false positives, and write up what happened. National median is $65,000, with the p25-to-p75 band sitting at $52,000 to $80,000.
Title variants you'll see in postings: SOC analyst Tier 1, junior security analyst, IT security associate. You're usually 0-2 years in, often with a bachelor's in computer science or information security and one cert (Security+, CySA+) on the resume. Some hires come from IT support or networking and pivot via certifications.
Pay depends heavily on city. Remote entry roles list at $90,000, Seattle entry at $114,159, San Francisco at $104,600. New York and Chicago both cluster around $80,600. Austin sits at $77,307. The premium for coastal entry is real but mostly offset by housing once you account for take-home pay.
Mid Information Security Analyst · Median $90,000
Mid analysts move from monitoring to investigating. You write detection rules, run vulnerability scans, lead phishing exercises, and own incident write-ups end to end. National median is $90,000, with the p25-to-p75 band at $72,000 to $110,000.
By this stage you've spent three to five years in the seat. Mid is also where you specialize: detection engineering, cloud security, application security, GRC. The choice shapes the rest of your career, since senior and lead postings are usually written for a specific specialty rather than a generalist.
Cities matter less in absolute dollars at mid level than at lead. SF mid ($114,200) and Seattle mid ($122,250) sit at the top, with NYC mid at $105,700. Remote mid at $95,000 is barely above the national median, suggesting most employers reset remote pay to a national band rather than a coastal one once you're past entry.
Senior Information Security Analyst · Median $120,000
Senior analysts own architecture and lead investigations. You design the detection stack, sign off on cloud configuration changes, brief leadership during incidents, and act as the escalation point for the rest of the team. National median is $120,000, with the p25-to-p75 band at $98,000 to $148,000.
Six to ten years of experience is standard. Most seniors have managed at least one major incident from detection through customer disclosure. Many hold a CISSP or equivalent senior cert, plus a deep specialty (cloud, AppSec, threat intel). At this level your manager expects independent judgment, not just execution.
Top city pay clusters in the same three places: Seattle ($155,322), SF ($147,600), and NYC ($144,600). The Seattle senior median actually exceeds the national lead median ($155,322 vs $155,000), a quirk worth noting if you're choosing between coasts. Likely cause: a small sample of staff-level cloud security roles at hyperscalers anchored to the city.
Lead Information Security Analyst · Median $155,000
Lead analysts run the program. You set strategy, hire the team, present at the audit committee, own the security budget, and pick which vendors get a contract. National median is $155,000, with the p25-to-p75 band running $125,000 to $190,000.
Title variants: principal security engineer, security manager, head of security, deputy CISO. Some leads go deeper technical (principal or staff individual contributors), others move to people management. Pay overlaps but career shape diverges, and most companies post the two paths as separate ladders.
Top cities pay enormous premiums at this level. Seattle lead ($224,819), NYC lead ($206,000), and Austin lead ($200,100) all clear $200,000. Austin's number is the surprise of the table, likely lifted by a small sample of senior roles at a few large local employers (Oracle, Indeed, Tesla security teams) rather than a broad market signal.
Day-to-Day by Level
Entry. Roughly 60% on alert triage and ticket work, 20% on documentation and shift handoff reports, 15% on tool training and SOP reading, 5% shadowing live incident response. The rhythm is reactive and the queue is the boss.
Mid. Around 35% on investigations and incident response, 25% on vulnerability and detection engineering, 20% on project work (rollouts, migrations, tabletop exercises), 20% on cross-team meetings and code review for security-impacting changes.
Senior. About 30% on architecture and design reviews, 25% on incident leadership and post-incident write-ups, 20% on mentoring juniors and reviewing their detection rules, 25% on roadmap, vendor evaluation, and audit prep.
Lead. Roughly 35% on strategy and roadmap, 25% on people management (hiring, one-on-ones, performance), 20% on executive and board updates, 20% on vendor relationships, contracts, and budget defense.
Types of Information Security Analysts
Security analysts specialize fast. The work is broad enough that 'information security analyst' covers four or five distinct day jobs, and most postings beyond entry level are written for one of them. Our data block doesn't separate pay by specialization, so the medians above blend all of them. The labels below describe what each path actually involves on a Tuesday afternoon.
SOC analyst You sit in the security operations center and triage alerts from SIEM and EDR tools. Rotations often include nights and weekends. Tier 1 watches and closes false positives; Tier 2 investigates; Tier 3 hunts and writes new detections. Most entry roles in this field are SOC analyst Tier 1.
GRC analyst Governance, risk, and compliance work: SOC 2 audits, vendor security reviews, policy writing, regulator questionnaires. Less code, more spreadsheets and meetings. The role overlaps heavily with computer systems analysts at companies that don't separate the two functions.
Application security analyst You review code, run static analysis, threat-model new features, and pair with software developers on secure design. Strong programming skills required. Pay tends toward the upper end of the national bands at senior and lead levels because the talent pool is small.
Threat intelligence analyst You research adversaries, write profiles of attacker groups, and feed intel back to detection engineers and incident responders. The work mixes open-source research, dark-web monitoring, and threat-actor tracking. Common at large banks, defense contractors, and dedicated threat-intel vendors.
Cloud security analyst You secure AWS, Azure, and GCP environments: identity policies, network controls, container hardening, infrastructure-as-code review. The fastest-growing slice of the field, and the one most likely to pull lead-level pay above the national median in cities like Seattle and SF.
Who Hires the Most Information Security Analysts
By active employee headcount:
| Employer | Headcount |
|---|---|
| Wells Fargo | 202 |
| General Dynamics Information Technology | 118 |
| American Express | 94 |
| UPS | 40 |
| USAA | 34 |
| TraceSecurity | 33 |
| Top Group Technologies | 29 |
| Progressive Insurance | 26 |
| Citi | 26 |
| U.S. Bank | 25 |
By open postings (currently hiring):
| Recruiter | Open postings |
|---|---|
| Recruiter data not available in the bound snapshot. | |
The two tables answer different questions. Top employers by headcount tells you who has the largest existing security teams: Wells Fargo (202), GDIT (118), American Express (94), then a long tail of insurers (USAA, Progressive), defense contractors, and banks (Citi, U.S. Bank). Top recruiters by open postings tells you who is hiring this quarter: Cyber Focus AI and Hilton lead with 10 each, Wells Fargo and DMI follow at 5. Banks and defense contractors dominate the headcount; specialty staffing firms, a hotel chain, a state government, and a public university fill out the active-posting list. If you want stability and a clear ladder, target the headcount leaders. If you want a job offer next month, target the recruiters.
Frequently Asked Questions
Frequently Asked Questions
- Do you need a bachelor's degree to become an information security analyst?
- Per BLS, the typical entry-level credential is a bachelor's degree. That's usually computer science, information systems, or a dedicated cybersecurity program. Some hires come up through IT support and certifications instead, but a four-year degree is the median path and most entry postings list it as a requirement.
- Why has demand dropped so sharply since early 2025?
- Active postings fell from 842 in 2025 Q2 to 88 in 2026 Q2, about a 90% drop. Most of that reflects companies pulling back on speculative hiring after a 2023-2024 expansion wave, plus tighter IT budgets across the board. The 5,459 candidates against 91 open roles is why the market reads as Balanced rather than tight, and why average posting lifespan is now 9.5 days.
- Should you move to Seattle or San Francisco for the entry pay?
- Maybe, but read the cost of living first. Seattle entry ($114,159) and SF entry ($104,600) both pay well above the national entry ($65,000), but rent and taxes eat a large share. Remote entry at $90,000 is often the better real-dollar choice if you can land it, and a remote role gives you optionality on where you actually live.
- Is the 28.5% growth number realistic given the 2026 cooling?
- BLS projects 28.5% growth over ten years, which averages across the whole window. The 2025-2026 cooling is one cycle inside that decade. Long-term drivers (cloud adoption, regulation, ransomware exposure) still push hiring up over the full period; the current quarter shows the cycle, not the trend.
- Which majors prepare you best for this role?
- The most common pipeline is computer science or a [Computer and Information Sciences](cip:1101) major, often with a security concentration. Information systems and computer engineering also work well. Adjacent paths into [computer occupations, all other](soc:15-1299) sometimes pivot in via help-desk, networking, or sysadmin work plus a Security+ cert.