Given a surge in digital threats like ransomware, it is no surprise that the field of information security is booming. Cybersecurity Ventures estimates that there will be 3.5 million job openings across the industry by 2021. Around that same time, the digital economy research firm forecasted that global digital security spending would exceed one trillion dollars.

Such growth makes information security an exciting and lucrative career choice. But the industry’s expansiveness complicates the process of selecting a career path. This complexity reaches all the way down to aspiring security professionals looking to get their first certification.

To make it easier for aspiring security professionals, here are 10 of the top highest-paying infosec jobs based on overall pay grade.

#10: Forensic Computer Analyst

A Forensic Computer Analyst gathers evidence off computers, networks and other data storage devices in order to investigate instances of digital crime.

These individuals commonly work closely with law enforcement agencies to compile evidence for legal cases, draft technical reports or offer expert testimony in trial and train officers in computer evidence tactics. Those wanting to pursue this career path must be familiar with several programming languages and operating systems as well as with cryptography principles, eDiscovery tools and forensics software.

Forensic Computer Analysts make a median salary of $71,772. They can expect to earn at least $47K, according to PayScale. However, given the possibility of commissions, tips and overtime, they can make as much as $117K.

#9: Information Security Specialist

An Information Security Specialist is an entry- to mid-level employee whose job functions help strengthen the security of an organization.

Oftentimes, Information Security Specialists are required to analyze the security requirements of an organization’s systems, install and configure security solutions on corporate networks, perform vulnerability testing and help train fellow employees in security awareness. Individuals who are interested in becoming Information Security Specialists should have knowledge in ethical hacking, computer networking, programming and Security Information and Event Management (SIEM).

Information Security Specialists earn a median salary of $75,308. According to PayScale’s most recent estimates, these individuals make at least $49K but can take home as much as $114K.

#8: Penetration Tester

A Penetration Tester is responsible for probing applications, systems and networks for vulnerabilities as a test of an organization’s digital security defenses.

Individuals who aspire to become Penetration Testers must be prepared to conduct physical security assessments of critical IT assets, design and create new penetration tools, employ social engineering to uncover security gaps as well as provide feedback on their assessments. That being said, Penetration Testers should leverage a vulnerability or exploit primarily to demonstrate its potential to produce a security incident. They should not take the entire set of actions that a criminal would in order to prey upon an organization.

Penetration Testers make a median salary between $82,235. Overall, they can expect to earn between $56K and $132, reveals PayScale.

#7: IT Security Consultant

A IT Security Consultant is an outside expert who helps an organization implement the best solutions according to their security needs.

Those who wish to become IT Security Consultants must be knowledgeable in a wide range of security standards, security systems and authentication protocols. In order to succeed, they must also be willing to develop an in-depth picture of the organization for which they are working, which includes interviewing management and other executives as well as familiarizing themselves with the organization’s corporate policies. IT Security Consultants can then use this knowledge to implement a set of security tools they see fit depending on an organization’s needs.

IT Security Consultants make a median salary of $83,235, according to PayScale’s estimates. They can expect to bring home at least $58K, but they can earn as much as $131K a year.

#6: Security Engineer

A Security Engineer is a mid-level employee who builds and maintains the IT security solutions of an organization. In this capacity, Security Engineers configure firewalls, test new security solutions and investigate intrusion incidents, among other duties.

Candidates who aspire to become Security Engineers must possess a strong technical background in vulnerability and penetrating testing, virtualization security, application and encryption technologies and network and web-related protocols. The more tools and concepts with which a Security Engineer is familiar, the more they can help troubleshoot any problems concerning an organization’s security systems.

Security Engineers make a median salary of $88,416, according to PayScale’s estimates. Those who enter the field of information security as Security Engineers can expect to make at least $59K. However, some can earn as much as $128K a year.

To learn about even higher paying jobs in information security, read the second part of our two-part series.