Security Engineer Salary in 2026: 5 Cities Compared (With Real Numbers)
What security engineers actually earn in San Francisco, New York, Washington DC, and more
Security engineering is the one tech discipline where demand has never wavered. Every breach headline, every new regulation, every AI-generated phishing attack — they all translate directly into job postings and salary increases for security engineers.
The global cybersecurity talent shortage exceeds 3 million unfilled positions. That's not a number that fixes itself quickly, and employers know it. The result: security engineers command some of the highest salaries in tech, with premiums over comparable software engineering roles in every market.
Here's what security engineers actually earn across 5 major markets in 2026.
The Quick Comparison
| City | Salary Range | Median | Currency |
|---|---|---|---|
| Remote (US) | $161K–$223K | ~$192K | USD |
| San Francisco | $112K–$313K | ~$187K | USD |
| New York | $92K–$266K | ~$156K | USD |
| Washington DC | $87K–$124K | ~$105K | USD |
| London | £40K–£90K | ~£70K | GBP |
The most striking data point: remote security engineers have the highest median ($192K) on this list. That's unusual — for most roles, San Francisco leads. But security is different: the talent shortage is severe enough that companies can't afford to limit their hiring to a single geography, and they pay accordingly.
Remote (US): $161K–$223K
Remote security engineering isn't just viable — it's becoming the default. Security work is inherently distributed: threats come from everywhere, incident response happens at all hours, and security monitoring is dashboard-and-alert-based. Being in an office adds nothing to the work itself.
The $192K median — the highest on this list — reflects a market reality: companies competing for security talent nationally (or globally) can't use geographic discounts without losing candidates. When there are 3 million unfilled security positions worldwide, telling a qualified candidate you'll pay them less because they live in Denver is a great way to lose that candidate.
The tight range ($161K–$223K, only $62K spread) is notable. Unlike most roles where remote pay varies wildly by employer type, security remote pay is consistently high because the talent shortage equalizes bargaining power. Even smaller companies that might pay $120K for a remote software engineer offer $160K+ for security — because they need to.
The $223K ceiling doesn't capture the full picture. Many remote security roles include on-call compensation, incident response bonuses, and equity that push total comp well above base salary. Security engineers who handle 3 AM breach responses earn every dollar.
Current ranges: Security Engineer Salary — Remote
San Francisco: $112K–$313K
San Francisco has the widest salary range and the highest ceiling ($313K) for security engineers — reflecting both the concentration of high-value targets (tech companies with billions of users) and the sophistication of security threats they face.
Big Tech security teams are world-class and compensate accordingly. Google's Project Zero, Meta's Red Team, Apple's Security Engineering group — these teams operate at the frontier of offensive and defensive security. Senior security engineers at these companies earn $250K–$313K base, with total compensation (equity, bonuses) pushing significantly higher.
The startup security market in SF is particularly interesting. Post-Series B startups facing their first SOC 2 audit, their first enterprise customer's security questionnaire, or their first serious vulnerability disclosure need security engineers urgently — and they pay urgency premiums. These roles often involve building the security program from scratch, which commands higher compensation than maintaining an existing one.
The $112K floor represents early-career security roles or positions at smaller companies. Even at this level, you're doing meaningful security work — vulnerability assessments, security code reviews, incident response. The learning curve is steep, and the path to $200K+ is typically 3-5 years of demonstrated expertise.
Full breakdown: Security Engineer Salary in San Francisco
New York: $92K–$266K
New York's security engineering market is supercharged by one sector: finance. Banking regulations (SOX, PCI DSS, GLBA) mandate specific security controls, and the penalties for breaches are severe enough that financial institutions invest heavily in security talent.
JPMorgan employs over 3,000 cybersecurity professionals. Goldman Sachs, Citigroup, and Bank of America each maintain security teams in the hundreds. These aren't entry-level monitoring roles — they include threat intelligence, application security, red teaming, and security architecture for systems that process trillions of dollars annually.
The $266K ceiling reflects senior security roles at finance and Big Tech NYC offices. At quantitative trading firms (Citadel, Two Sigma, Jane Street), security engineers who protect trading infrastructure earn at or above this level — the value of what they're protecting justifies extreme compensation.
The $92K floor represents junior security analysts or roles at non-financial companies. NYC's economy includes many industries (media, fashion, healthcare) that need security but don't have tech/finance budgets. These roles provide excellent training grounds but at significantly lower compensation.
See the numbers: Security Engineer Salary in New York
Washington DC: $87K–$124K
Washington DC's security market is unique: it's dominated by government and defense contractors. The salary range ($87K–$124K) looks modest compared to SF or NYC, but the context is completely different.
Government security roles (NSA, CISA, DoD) offer salaries within the GS pay scale, which caps significantly below private sector rates. The $87K floor represents mid-level GS positions. The $124K ceiling is senior positions at the highest GS levels or SES (Senior Executive Service) grades.
What the salary numbers don't capture:
The DC market is the gateway to the intelligence community and defense industry. Engineers who start here often move into six-figure contractor roles within 3-5 years, with their clearance being the most valuable asset on their resume.
Full data: Security Engineer Salary in Washington DC
London: £40K–£90K
London's security engineering market is smaller and lower-paid than US markets — but growing rapidly. UK regulatory requirements (GDPR, FCA regulations, NIS2 Directive) are creating consistent demand for security professionals.
The £90K ceiling represents senior roles at Big Tech London offices (Google, Amazon, Microsoft) and top-tier financial institutions. Senior security engineers at companies like Revolut, Wise, and major banks earn at or near this level. For security engineers at Google's London DeepMind office or Amazon's AWS Security team, equity and bonuses push total comp above the base salary ceiling.
The £40K floor is startlingly low — it represents junior security analysts or roles at smaller companies outside the tech/finance sector. Many UK companies are still building their security capabilities and hire at entry level with the expectation of rapid growth.
London's advantage is its position as a global financial center. Security experience in UK financial services (FCA-regulated firms, payment processors, banks) is globally portable. The regulatory expertise transfers directly to roles in Singapore, Hong Kong, Dubai, and other financial hubs — often at significantly higher salaries.
GCHQ's presence in Cheltenham (not London, but part of the UK security ecosystem) creates a pipeline of security talent similar to the NSA/DC pipeline in the US. Engineers who start in government intelligence often move to London's private sector at 2-3x their government salary.
Full data: Security Engineer Salary in London
What Drives Security Engineer Salaries Higher?
Four specializations command the biggest premiums:
1. Cloud security architecture. Designing security for AWS/GCP/Azure environments — IAM policies, network security groups, secrets management, container security, compliance automation. As cloud adoption accelerates, engineers who can secure cloud-native infrastructure earn 20–30% premiums. 2. Offensive security (red teaming/pentesting). Finding vulnerabilities before attackers do. This requires deep technical expertise in exploitation, reverse engineering, and attack simulation. Red team engineers at Big Tech earn at the very top of salary ranges. OSCP certification is the standard credential. 3. Application security (AppSec). Integrating security into the software development lifecycle — code review, SAST/DAST tooling, threat modeling, secure design patterns. AppSec engineers bridge security and development, which makes them valuable to any company shipping software. 4. Incident response and forensics. Leading the response when breaches occur — containment, investigation, root cause analysis, evidence preservation. This is high-stress, high-visibility work that commands premium pay and often includes on-call bonuses.The Security Engineering Career Ladder
| Level | US Salary Range | Years Experience |
|---|---|---|
| Junior/Analyst | $75K–$110K | 0–2 years |
| Mid-Level | $110K–$165K | 2–5 years |
| Senior | $155K–$250K | 5–8 years |
| Staff/Principal/CISO | $220K–$350K+ | 8+ years |
The jump from mid to senior is where the biggest salary increase happens — 40–60% in strong markets. Senior security engineers are expected to design security architectures, respond to incidents independently, and influence engineering culture around security. The title change reflects a shift from "finds vulnerabilities" to "designs systems that prevent vulnerabilities."
The CISO (Chief Information Security Officer) path is the management track. CISOs at public companies earn $300K–$500K+ in total comp, but the role is as much business and regulatory strategy as it is technical work.
The Bottom Line
Security engineering in 2026 is a seller's market. The talent shortage is structural and growing. Every new regulation, every AI-enabled attack, and every major breach increases demand for qualified security professionals.
If you're maximizing compensation, remote US roles offer the highest median ($192K) with the lowest geographic constraint. If you're maximizing career optionality, Washington DC provides clearance access that unlocks an entire hidden job market. If you're in Europe, London is the entry point to a growing market with strong regulatory tailwinds.
The $40K–$313K range across these 5 cities is the widest of any role we've analyzed — reflecting the enormous gap between junior analyst positions and senior security architects at Big Tech. The path from bottom to top is achievable in 5-8 years for motivated engineers.
Ready to Put This Into Practice?
Don't guess if your resume will make it past the ATS. Get instant analysis of how well you match any job posting.
Keep Reading
Data Scientist Salary in 2026: 7 Cities Compared (With Real Numbers)
Data science salaries vary wildly by city — a data scientist in San Francisco earns 3x what the same role pays in Berlin. Here's the real data for 2026, plus what actually drives pay differences.
ML Engineer Salary in 2026: 7 Cities Compared (With Real Numbers)
ML engineering is the highest-paying specialization in data/AI. Here's what the role actually pays in 7 major cities in 2026 — and why the range is wider than you'd expect.
Backend Engineer Salary in 2026: 8 Cities Compared (With Real Numbers)
Backend engineering is the backbone of every tech company. Here's what the role actually pays in 8 major cities in 2026 — and why Seattle might surprise you.
Get more career tips
Subscribe for weekly job search strategies and resume tips that actually work.
No spam. Unsubscribe anytime.
About CareerCheck: We help job seekers understand exactly how they match job postings before they apply. Our AI analyzes your profile against real job requirements, identifying gaps and opportunities so you can focus on roles where you'll actually get interviews.