What do cybersecurity job title listings tell tech professionals about the market?
In some cases, an increase in job postings for cybersecurity or privacy attorneys shows how organizations and executives are responding to increasing regulation and government scrutiny of cyber operations and responses to threats.
At the same time, a decrease in listings for titles including cybersecurity software engineer, identity and access management engineer (IAM) and cloud security engineer point to more reliance on automation to fill specific jobs at a time when many critical security positions remain unfilled.
A recent report published by CyberSN, a security and IT workforce management platform provider, offers new insights into this evolving job market. Specifically, the survey (U.S. Cybersecurity Job Posting Data) analyzed cybersecurity job postings across the U.S. from January 2022 to December 2024 using data sourced from more than 30 job boards and Fortune 500 companies.
During the three-year period covered by the survey, the title of security engineer remained the most popular cybersecurity job listing within the U.S. Researchers found the title listed within 64,300 job posts in 2024, as well as 67,456 mentions in 2023 and 85,697 mentions in 2022.
Other top job titles in the survey included security analyst and DevSecOps.
Over time, however, the data found shifts in which some job listings gained more traction, while others diminished. For example, between 2023 and 2024, the top job titles with increasing listings included:
- Cybersecurity/privacy attorney (Increase of 40.7 percent)
- Red teamer (Increase of 29.2 percent)
- Cybersecurity sales engineer (Increase of 26.2 percent)
- Cyber threat intelligence analyst (Increase of 14.2 percent)
- Cybersecurity specialist (Increase of 12.4 percent)
A look at the timespan between 2022 and 2024 also showed the title of reverse engineer or malware analyst increased by approximately 25 percent.
At the same time, researchers also found decreases in multiple job titles between 2023 and 2024:
- Cybersecurity software engineer (Decrease of 38.3 percent)
- IAM engineer (Decrease of 26.6 percent)
- Cybersecurity lead (Decrease of 16.8 percent)
- Cloud security engineer (Decrease of 13.9 percent)
- Security analyst (Decrease of 13.4 percent)
The numbers also showed that the amount of job listings for DevSecOps work—despite the specialty’s overall popularity—dropped nearly 48 percent between 2022 and 2024. All these changes point to a rapidly shifting market, according to researchers.
“Regulatory pressures on CEOs and boards of directors are reflected in our cybersecurity job posting data, highlighting how compliance-driven requirements such as the [Security and Exchange Commission] breach reporting and expanded
[Federal Trade Commission] enforcements are shaping workforce decisions,” Dom Glavach, chief security and technology officer at CyberSN, wrote in the report. “Additionally, decreases in security engineer, security analyst, and DevSecOps job postings are signaling an industry-wide shift toward [artificial intelligence]-powered security automation and internal security operations optimizations.”
Other observers also noted that the recent rise in AI is changing how organizations approach cybersecurity and why candidates with a combined technical and legal background are seeing increasing opportunities.
“As more companies deploy AI models, ensuring they are doing so in both a secure and safe way has led to a significant increase in the number of resources focused on ensuring customer and company data is protected,” Dave Gerry, CEO at Bugcrowd, told Dice. “The rise of privacy attorneys is driven by this need to mitigate the risk posed by model training on customer or company data.”
Responding to Cyber Regulations
Over the last several years, federal agencies such as the FTC and SEC have increased enforcement when companies report breaches and attacks. Organizations have also had to respond to laws such as the EU’s General Data Protection Regulation (GDPR), which require enterprises to navigate compliance requirements and put pressure on executives to build digital operating resilience to avoid incurring penalties, said Agnidipta Sarkar, vice president for CISO advisory at ColorTokens.
This, in turn, is driving the need for highly skilled professionals who understand these platforms but also have a background in law to understand various rules and regulations.
“As CISOs develop breach readiness capabilities, a notable gap has been identified in legal expertise during breach situations. This expertise is critical for effectively managing disclosures, litigation and regulatory investigations,” Sarkar told Dice. “Consequently, organizations are increasingly recruiting for specialized legal and adversarial roles to align with regulatory demands and counteract sophisticated cyberattacks, while simultaneously reducing traditional positions through the integration of artificial intelligence and outsourcing strategies.”
What could change over the next year is the fact that the Trump administration is reducing regulatory oversight, and federal agencies seem likely to not have as many workers to oversee cybersecurity investigations in the future.
Despite changes, organizations will continue to need skill tech professionals, including those with a legal or data privacy background and who understand and can help with issues like risk, said Darren Guccione, CEO and co-founder at Keeper Security.
“Organizations are increasingly prioritizing roles that combine deep technical expertise with real-world security application, especially in areas like privacy compliance, offensive testing and risk containment,” Guccione told Dice. “Employers are seeking professionals who not only understand how to implement robust controls but who can also anticipate threats, respond decisively and align cybersecurity with business continuity. That kind of strategic, defense-in-depth thinking is becoming the standard for modern security teams.”
New Threats Require New Jobs
Cyber experts and insiders noted that the increasing need for Red Team specialists also reflects the concerns organizations and their security teams have about AI and how attackers might exploit the technology.
“To protect against security vulnerabilities, offensive security testing, or red teaming, plays a large role in understanding potential security risks in a model or application,” Bugcrowd’s Gerry added. “Unlike traditional pentesting, Red Teaming focuses on what can be accomplished when a vulnerability is exploited and there has been a rapid push towards red-teaming AI models to understand what the potential risks may be.”
The growing need for Red Team members and the decline in roles such as DevSecOps over the past two years appears to show organizations prioritizing roles that help them manage risk and respond to threats effectively while simultaneously looking to technology to streamline operations and close security gaps without expanding headcount, said Stephen Kowski, field CTO at SlashNext.
“The increasing demand for Red Teamers and threat intelligence analysts points to organizations taking a more proactive approach to security testing and threat hunting, which requires advanced tools that can detect sophisticated phishing and social engineering attacks,” Kowski told Dice. “Meanwhile, the decline in software engineer and DevSecOps positions suggests a shift toward security automation and AI-powered solutions that can handle routine security tasks more efficiently.”
The flip side of this is that roles that require a lot of manual labor are declining, as automation can make up for lack of manpower. “Some roles, such as incident responders and cyber risk analysts, may see a slight decline as automation and integrated security solutions reduce the need for manual intervention in routine tasks,” noted Rom Carmel, co-founder and CEO at Apono, which provides privileged access for cloud solutions.
