How to hire an information security engineer

How to hire an information security engineer, step by step

Here's a step-by-step information security engineer hiring guide:

• Step 1: Identify your hiring needs
• Step 2: Create an ideal candidate profile
• Step 3: Make a budget
• Step 4: Write an information security engineer job description
• Step 5: Post your job
• Step 6: Interview candidates
• Step 7: Send a job offer and onboard your new information security engineer
• Step 8: Go through the hiring process checklist

What does an information security engineer do?

Post an information security engineer job for free, promote it for a fee

Post free

1. Identify your hiring needs

   First, determine the employments status of the information security engineer you need to hire. Certain information security engineer roles might require a full-time employee, whereas others can be done by part-time workers or contractors.

   Determine employee vs contractor status

   Is the person you're thinking of hiring a US citizen or green card holder?

   Yes

   No

   An information security engineer's background is also an important factor in determining whether they'll be a good fit for the position. For example, information security engineers from different industries or fields will have radically different experiences and will bring different viewpoints to the role. You also need to consider the candidate's previous level of experience to make sure they'll be comfortable with the job's level of seniority.

   This list presents information security engineer salaries for various positions.

   Type of Information Security Engineer	Description	Hourly rate
   Information Security Engineer	Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases.	$35-62
   Securities Analyst	Securities analysts, also known as financial analysts, are responsible for collecting and interpreting data on securities, economies, corporate strategies, and financial markets. They provide clients with recommendations on investments based on in-depth research... Show more	$28-56
   Securities Consultant	A securities consultant is responsible for maintaining the safety and security of the company's premises, including enforcing protection for all the employees and company assets. Securities consultants also handle the confidentiality and stability of data network systems to prevent potential breaches and unauthorized access to information... Show more	$34-55

   Show more

2. Create an ideal candidate profile

   Common skills:

   • Infrastructure
   • Incident Response
   • Security Tools
   • Network Security
   • SIEM
   • NIST
   • Linux
   • Data Loss Prevention
   • Security Policies
   • Security Solutions
   • Security Posture
   • Cloud Security
   • Endpoint
   • Azure

   Check all skills

   Responsibilities:

   • Lead the certification and accreditation efforts by implementing NIST 800-53 security controls in order to obtain FISMA compliance.
   • Implement a manage endpoint encryption solution utilizing TrendMicro MobileArmor to secure university workstations against sensitive data loss.
   • Ensure that security policies are properly implement using NIST guidelines and perform auditing of logs.
   • Conduct Java algorithm design reviews and resolve any design issues.
   • Automate manual queries and integration using WhiteHat API's with PERL and Java.
   • Update ACAS plugins weekly or when updates become available on the DISA provide website.

   More information security engineer duties

3. Make a budget

   Including a salary range in your information security engineer job description is a great way to entice the best and brightest candidates. An information security engineer salary can vary based on several factors:

   • Location. For example, information security engineers' average salary in south dakota is 41% less than in california.
   • Seniority. Entry-level information security engineers earn 43% less than senior-level information security engineers.
   • Certifications. An information security engineer with a few certifications under their belt will likely demand a higher salary.
   • Company. Working for a prestigious company or an exciting start-up can make a huge difference in an information security engineer's salary.

   Average information security engineer salary

   $97,288yearly

   $46.77 hourly rate

   ---

   Entry-level information security engineer salary

   $73,000 yearly salary

   Updated December 18, 2025

   Average information security engineer salary by state

   Rank	State	Avg. salary	Hourly rate
   1	California	$133,240	$64
   2	New York	$102,511	$49
   3	Arizona	$101,826	$49
   4	Washington	$98,474	$47
   5	Pennsylvania	$96,703	$46
   6	New Jersey	$91,692	$44
   7	Virginia	$90,409	$43
   8	District of Columbia	$90,168	$43
   9	Texas	$89,931	$43
   10	North Carolina	$89,717	$43
   11	Massachusetts	$89,167	$43
   12	Utah	$87,973	$42
   13	Maryland	$87,751	$42
   14	Wisconsin	$85,785	$41
   15	Indiana	$85,320	$41
   16	Minnesota	$84,694	$41
   17	Illinois	$83,640	$40
   18	Florida	$83,210	$40
   19	Ohio	$82,133	$39
   20	Georgia	$80,864	$39

   Average information security engineer salary by company

   Company

   Rank	Company	Average salary	Hourly rate	Job openings
   1	The Citadel	$170,554	$82.00	4
   2	Meta	$149,780	$72.01	649
   3	Apple	$143,717	$69.09	32
   4	Google	$140,487	$67.54	344
   5	Quora	$140,102	$67.36
   6	Aspiration	$138,392	$66.53
   7	PayPal	$137,477	$66.09	18
   8	Palantir	$134,742	$64.78	24
   9	Two Sigma	$134,533	$64.68
   10	eBay	$131,655	$63.30	6
   11	Amazon	$128,663	$61.86	334
   12	DocuSign	$126,723	$60.92	5
   13	Avid	$126,607	$60.87	6
   14	BlackLine	$122,973	$59.12
   15	Gap Inc.	$122,706	$58.99
   16	Nordstrom	$121,823	$58.57	3
   17	Twilio	$121,737	$58.53	1
   18	Cisco	$119,864	$57.63	31
   19	Barclays	$119,299	$57.36
   20	LinkedIn	$119,197	$57.31	8

4. Writing an information security engineer job description

   A good information security engineer job description should include a few things:

   • Summary of the role
   • List of responsibilities
   • Required skills and experience

   Including a salary range and the first name of the hiring manager is also appreciated by candidates. Here's an example of an information security engineer job description:

   Information security engineer job description example

   We are seeking a Senior Security Engineer to join our IT team supporting our federal division. At Johnson Controls, we support our nation’s most critical facilities, the people who occupy them, and the missions they enable. Johnson Controls Federal Systems (JCFS) is a specialized team serving as a trusted partner to the federal government. We help modernize U.S. military installations, Department of Defense and other federal agency facilities to be smarter, more resilient, efficient, sustainable, and secure.
   Location: Remote / Virtual (Work from home)
   Benefits: Eligible for benefits on first day of employment
   Vacation: 3 weeks of paid vacation per calendar year
   Travel: Very limited As a Senior Security Engineer , you will: Evaluates and develops secure solutions, driving adoption for security engineering. Analyzes business impact and exposure, based on emerging security threats, vulnerabilities and risks. Communicates security risks and solutions to business partners and IT staff Researches and designs new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors. Contributes to the Information Security reference architecture. Delivers security engineering ‘security by design’ services across multiple business units and geographies Works closely with enterprise IT , PMO, other functional area specialists to ensure adequate security solutions are in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements Serves as the security expert in application development, database design, network and/or platform (operating system) efforts, helping project teams comply with enterprise and IT security policies, industry regulations, and best practices. Delivers perspective in providing network and system security advice and risk analysis to business units who engage with the Information Security team Thought leader in architecting and designing security infrastructures
   
   Required Qualifications:
   
   Information Security work experience within a relevant security engineering or architecture role, with a broad exposure to infrastructure/network and multiplatform environments in diverse geographic and regulatory environments. 10+ years preferred Understanding of how to design security devices, networks and systems compliant with the requirements of a desired security posture or state. Knowledge of zero trust architecture with a clear understanding of Identity Management Knowledge of enterprise security incident response strategies, processes, techniques, and can readily apply this knowledge to existing security technologies to drive effectiveness and efficiency within the security organization. Highly knowledge of modern network security technologies such as network and host-based intrusion detection/prevention, vulnerability assessment (including app/web-layer interrogation), DDOS protection, Security Information Management, host-based integrity checking, end point security, AV, Data Loss Prevention, etc Understanding of intrinsic security weaknesses within core infrastructure components such as firewalls, TCP/IP, VPN, file transfer and remote administration protocols. Experience working with Cisco firewalls preferred. Highly knowledgeable of network and system security principles such as defense in depth, granularity of privilege, etc. and how they are applied in practice, not only in theory Strong written and verbal communication skills Demonstrated technical experience, with the ability to interface effectively with a broad range of people and roles, including managers, IT leaders, and technology vendors The ability to obtain and maintain required government security clearances or badges as needed. (This involves a background/character, criminal history, employment, and credit check.) Preferred Education:
   
   Bachelor's Degree (Master's Degree preferred) in Computer Science, Information Systems or another related field; or equivalent work experience. Education relevant to IT security preferred. Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent
   Who We Are At Johnson Controls (NYSE:JCI), we are One Team working collaboratively to create purposeful solutions that make a difference in the world. We are a Fortune 500 company with more than 100,000 employees worldwide offering the world`s largest portfolio of building technology products, solutions and services. As a member of our Federal Systems team, your work matters. We value and recognize your contributions and want to help you succeed. We invest in our employees, provide opportunities for growth and advancement, and foster a culture of inclusion and respect. To learn more about who we are and what we do, please check out our Take a Journey video.
   
   Recently, Johnson Controls has been recognized by several organizations for leadership in Environment, Sustainability and Governance, as well as innovations in smart building platforms:
   
   Named to FORTUNE’s “Most Admired Companies” List Corporate Knights Global 100 Most Sustainable Corporations in the World Identified as a Sustainalytics Top-Rated ESG Performer for managing material ESG issues Received HRH The Prince of Wales’ inaugural Terra Carta Seal Ranked 67 on the Drucker Institute’s list of best-managed companies in America Named Chairman and CEO George Oliver IoT CEO of the Year for 2022 Johnson Controls is an equal employment opportunity and affirmative action employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, sexual orientation, gender identity, status as a qualified individual with a disability, or any other characteristic protected by law. For more information, please view EEO is the Law. If you are an individual with a disability and you require an accommodation during the application process, please visit www.johnsoncontrols.com/careers Division: JCFS (Johnson Controls Federal Systems)

   Copy this example

   

5. Post your job

   To find information security engineers for your business, try out a few different recruiting strategies:

   • Consider internal talent. One of the most important talent pools for any company is its current employees.
   • Ask for referrals. Reach out to friends, family members, and your current work to ask if they know any information security engineers they would recommend.
   • Recruit at local colleges. Attend job fairs at local colleges to recruit entry-level information security engineers with the right educational background.
   • Social media platforms. LinkedIn, Facebook, and Twitter have more than 3.5 billion users, and they're a great place for company branding and reaching potential job candidates.

   Post your job online:

   • Post your information security engineer job on Zippia to find and recruit information security engineer candidates who meet your exact specifications.
   • Use field-specific websites such as dice, engineering.com, stack overflow, it job pro.
   • Post a job on free websites.

6. Interview candidates

   To successfully recruit information security engineers, your first interview needs to engage with candidates to learn about their interest in the role and experience in the field. You can go into more detail about the company, the role, and the responsibilities during follow-up interviews.

   It's also good to ask about candidates' unique skills and talents. You can move on to the technical interview if a candidate is good enough for the next step.

   If your interviews with information security engineer applicants aren't enough to make a decision, you should also consider including a test project. These are often the best, most straightforward, and least bias-prone ways of determining who will likely succeed in the role. If you don't know how to design an appropriate test, you can ask someone else on the team to create it or take a look at these websites to get a few ideas:

   • TestDome
   • CodeSignal
   • Testlify
   • BarRaiser
   • Coderbyte

   The right interview questions can help you assess a candidate's hard skills, behavioral intelligence, and soft skills.

7. Send a job offer and onboard your new information security engineer

   Once you have selected a candidate for the information security engineer position, it is time to create an offer letter. In addition to salary, the offer letter should include details about benefits and perks that are available to the employee. Ensuring your offer is competitive is vital, as qualified candidates may be considering other job opportunities. The candidate may wish to negotiate the terms of the offer, and it is important to be open to discussion and reach a mutually beneficial agreement. After the offer has been accepted, it is a good idea to formalize the agreement with a contract.

   It's also important to follow up with applicants who do not get the job with an email letting them know that the position is filled.

   Once that's done, you can draft an onboarding schedule for the new information security engineer. Human Resources should complete Employee Action Forms and ensure that onboarding paperwork is completed, including I-9s, benefits enrollment, federal and state tax forms, etc. They should also ensure that new employee files are created for internal recordkeeping.

8. Go through the hiring process checklist

   • Determine employee type (full-time, part-time, contractor, etc.)
   • Submit a job requisition form to the HR department
   • Define job responsibilities and requirements
   • Establish budget and timeline
   • Determine hiring decision makers for the role
   • Write job description
   • Post job on job boards, company website, etc.
   • Promote the job internally
   • Process applications through applicant tracking system
   • Review resumes and cover letters
   • Shortlist candidates for screening
   • Hold phone/virtual interview screening with first round of candidates
   • Conduct in-person interviews with top candidates from first round
   • Score candidates based on weighted criteria (e.g., experience, education, background, cultural fit, skill set, etc.)
   • Conduct background checks on top candidates
   • Check references of top candidates
   • Consult with HR and hiring decision makers on job offer specifics
   • Extend offer to top candidate(s)
   • Receive formal job offer acceptance and signed employment contract
   • Inform other candidates that the position has been filled
   • Set and communicate onboarding schedule to new hire(s)
   • Complete new hire paperwork (i9, benefits enrollment, tax forms, etc.)

   Sign up to download full list

   Sign up

How much does it cost to hire an information security engineer?