Security Jobs Hiring Report — June 2026

Net hiring for security roles ran clearly positive over the last 28 days: 827 postings opened against 461 closed, for a net gain of +366. That's not a churn artifact — it's real expansion across a wide base. The dataset currently holds 1,732 open security roles spread across 959 companies, and the most striking number isn't the headline count. It's the 252 companies that posted their first security role in the last four weeks. More than a quarter of the employers hiring right now weren't on this board a month ago.

That tells you something about how broadly security headcount is being added. This isn't a handful of big names doubling down. It's a long tail of companies deciding, more or less simultaneously, that they need someone on security — and most of them are looking for one or two people, not building out a department.

Is the security job market growing or cooling?

Growing, and the shape of the growth matters as much as the direction. A +366 net over 28 days on a base of roughly 1,400 open roles is a healthy clip. But notice the spread: 366 net new roles across 252 first-time companies plus the existing ones means the median company is adding very few roles. The fastest-hiring employer in the entire dataset opened a net of nine.

That's Nscale, with +9 net and 9 active security roles — meaning every one of their current openings is new this cycle. Behind them the leaderboard clusters tightly: Veeam (+5 net, 8 active), SMX (+5, 9 active), and Hopper (+5, 5 active). Then a band at +4 — Eye Security, SpaceX, DigitalOcean, Perforce, Checkout.com — and Gen at +3. SpaceX carries the largest active footprint of that group at 12 roles, but its net of +4 says most of those postings predate this window.

The practical read for a job seeker: there's no single hiring machine to chase. The opportunity is distributed. If you're waiting for one marquee company to open fifty reqs you'll wait a long time, but the breadth means a targeted search across the right second- and third-tier names will surface more live openings than you'd expect. The full company list lives on the security movers page if you want to track who's accelerating week to week.

Which security roles are actually hiring?

Engineering dominates to a degree I rarely see this lopsided. Of 1,732 roles, 1,297 are engineering — about three in every four. Everything else is a rounding error by comparison: data analytics at 169, a catch-all "other" bucket at 163, operations at 57. Sales (15), legal (10), product (7) and customer (4) barely register.

What this means in plain terms: security hiring right now is overwhelmingly hands-on technical work. If you build, automate, detect, or write code that defends systems, the market is wide open. If your background is in GRC-adjacent functions, security sales, or security product management, the named demand is thin — though some of that work is likely buried in the "unspecified" and "other" buckets, so don't read those small numbers as zero.

The engineering tilt also shapes how you should pitch yourself. Generic "security professional" framing won't land against a market that's asking for engineers. Lead with the systems you've secured and the tooling you've built. You can see the live function and level breakdown any time on the security jobs hub.

Seniority: where the roles concentrate

The level distribution is where I'd point a mid-career engineer first. Setting aside the 831 roles that don't specify a level — and that's nearly half the dataset, so take what follows as a read on the half that's labeled — senior is the clear center of gravity at 611. Principal follows at 199. Junior sits at just 39, director at 34, executive at 15, and VP at a mere 3.

So among roles that state a level, you've got 810 at senior-or-principal versus 39 junior. That's a ratio of roughly 21 to 1. The market wants people who can operate independently and own a security domain on day one. It is not, by these numbers, a friendly market for someone breaking in — junior openings are scarce enough that early-career candidates should expect a real grind and should lean hard on whatever specific technical proof they can show.

The thin top end is worth a pause too. Three VP roles and 15 executive postings means security leadership openings are rare in this dataset. Most of what's being added is individual-contributor and lead-level engineering capacity, not new orgs being stood up with new heads. That squares with the first-time-company pattern: a company posting its first security role is usually hiring a doer, not a CISO.

What do security jobs pay?

Here's where I have to be straight about the limits. Only 12% of these postings disclose pay — 47 roles out of the full set carry a usable band. So treat everything in this section as a signal from a self-selected minority, not gospel for the whole market. Companies that publish salary often skew toward US-based, transparency-minded employers, and that biases the number upward.

With that caveat stated plainly: the median disclosed band lands at $150,000–$179,000 USD/yr. Drill into the dominant role and the picture is consistent — Security Engineer postings (n=36, so the bulk of the disclosed sample) show a median band of $150,000–$180,000. The fact that the overall median and the Security Engineer median sit almost on top of each other isn't a coincidence; engineering is most of the dataset, so the security engineer band is effectively the market band here.

What I won't do is extrapolate that to the 88% of roles that stay quiet on pay. A six-figure US engineering band tells you what a transparent American employer pays a senior engineer. It says little about the operations role in another market, or the unspecified-level postings that make up half the board. If pay clarity matters to you — and it should — I'd build your target list partly around who actually discloses, because that 12% is doing you a favor the other 88% aren't. The fuller pay breakdown sits on the security salaries page.

Remote security jobs: still a minority

Remote roles account for 28.0% of the security postings here. Just over a quarter. That's a meaningful slice — more than one in four — but it also means roughly 72% of openings expect you in a location, at least some of the time. If you're searching remote-only, you're competing for less than a third of the board, and given how concentrated the senior-and-above demand is, those remote senior roles will draw a crowd.

I'd frame this honestly for anyone planning a search: remote is available but not the default in security right now. The strongest remote candidates are the ones who match the senior/principal engineering profile the market is actually buying, because that's where employers are most willing to flex on location to land the right person.

Who's scaling fastest, and what it signals

The top of the movers list is worth reading for what kind of companies are growing security teams. Nscale leading with all nine of its security roles freshly opened looks like a build-from-scratch moment — a security function being stood up, not topped up. Veeam at +5 on an 8-role base and SMX at +5 on 9 active are adding into existing teams. Hopper is interesting because its +5 equals its entire active count of five — another from-zero or near-zero expansion.

The +4 cluster — Eye Security, SpaceX, DigitalOcean, Perforce, Checkout.com — mixes a dedicated security vendor (Eye Security, four roles all new), infrastructure and dev-tooling names, and a payments company. That mix is the story in miniature: security hiring is coming from security-native firms, from infrastructure providers, and from companies where security is a cost of doing business rather than the product. No single sector is carrying this.

One honest note on the data: the entry labeled "We" maps to SMX, a reminder that board names don't always match the legal entity. I clean these where I can, but if you're cross-referencing, expect the occasional mismatch between a posting's display name and the company behind it.

What this means if you're job-hunting right now

The market is open and net-positive, but it's specific about what it wants. Pull the threads together and the picture is unusually clear for a hiring report:

• Be an engineer, or frame yourself as one. Three-quarters of demand is engineering. If your experience is technical, foreground the systems and tooling, not the title.
• Mid-to-senior is the sweet spot. Senior and principal roles outnumber junior ones by roughly 21 to 1 among labeled postings. If you're early-career, target the 39 junior roles deliberately and don't expect volume.
• Look at the newcomers. 252 companies opened their first security role this month. These first hires often have less internal competition and more shaping power — you'd help define the function rather than slot into one.
• Use disclosure as a filter. Only 12% post pay; the ones that do cluster around $150k–$180k for security engineers. Weighting your applications toward transparent employers saves you from late-stage surprises.
• Don't bank on remote. At 28%, remote is real but secondary. Cast a location-flexible net if you can.

If I were searching this month, I'd build two lists. One of the fast-movers — Nscale, Veeam, SMX, Hopper and the +4 cluster — where teams are visibly expanding and reqs are fresh. And one of the first-time posters, because a company hiring its inaugural security engineer is a different, often better, opportunity than being the twentieth hire on an established team. Track both against the movers feed and apply while the postings are still new. The net +366 says the doors are open; the seniority data says they're open widest for people who can walk in and own the work.