Security hiring is at 113% of pre-pandemic posting levels. Software development is at 71%. IT systems management is at 72%. Data analytics is at 62%.
Every category in tech has shed jobs since 2022. Cybersecurity is the exception β the only major tech discipline where employer demand has not contracted below February 2020 baselines. Thatβs not a rounding error. Thatβs a structural signal about where the economy is placing its bets.
As of early 2026, there are 514,359 open cybersecurity positions in the United States alone. Globally, the unfilled role count sits at approximately 4.8 million. The median cybersecurity salary hit $103,700 nationally, with sign-on bonuses returning at companies that have been trying and failing to fill roles for six months or more.
But the headline number obscures where the demand is actually concentrated β and that concentration matters enormously for anyone navigating a job search or planning a career move.
Where the Jobs Are: Regional Concentration
The three dominant markets for cybersecurity employment in 2026:
Virginia β 53,000+ open roles The undisputed epicenter of US cybersecurity demand. Northern Virginiaβs concentration of federal agencies, defense contractors, intelligence community support firms, and cloud infrastructure (AWS, Azure, Google all have major data center presences here) makes this the single densest market on the continent. If you hold a clearance, Northern Virginia is essentially a sellerβs market regardless of economic conditions.
California β 44,000+ open roles Silicon Valley and the Bay Area dominate, but Los Angeles has grown significantly. The California demand skews heavily toward product security, AI security, and cloud-native security engineering. Big tech companies, AI startups, and fintech firms are the primary drivers. Compensation here tends to run 15β25% above national median.
Texas β 42,000+ open roles Austin has become a serious cybersecurity hub following the tech migration from California. Dallas-Fort Worth is strong for financial services security and healthcare security. Houston anchors energy sector OT security demand. Texas offers a lower cost of living with salaries that have been tracking toward California levels as competition for talent increased.
Other markets worth noting:
- Maryland (NSA corridor, federal proximity)
- Washington state (Microsoft, Amazon, aerospace)
- New York (financial services, fintech)
- Georgia (Palo Alto Networks, Home Depot, Delta β Atlantaβs corporate security cluster)
- Colorado (defense, aerospace, government)
The remote work variable is real but smaller than professionals expect. Clearance-required roles are almost universally in-person. Senior individual contributor roles in product security or cloud security have significant remote availability. Leadership roles trend toward hybrid. Donβt assume remote is possible β but donβt assume it isnβt either.
Whatβs Driving the Numbers
Three factors are keeping cybersecurity hiring elevated while the rest of tech contracts:
1. Threat volume doesnβt follow economic cycles
Organizations can pause hiring engineers when growth slows. They cannot pause defending against ransomware, regulatory scrutiny, or breach liability. Security headcount is increasingly treated as a cost of operating, not a growth investment β which makes it more recession-resistant than product development.
2. Regulatory pressure is creating mandatory headcount
SEC cybersecurity disclosure rules. DORA for financial entities. NIS2 across European subsidiaries. FDA requirements for medical device security. State-level privacy laws requiring security programs. These arenβt voluntary β they require qualified humans to implement and maintain compliance. That demand doesnβt disappear when budgets tighten.
3. AI created a skills gap faster than the workforce could fill it
64% of cybersecurity job listings in 2026 specifically mention AI, machine learning, or automation capabilities. 41% of employers rank AI as the single most-needed skill in candidates. The problem: most of the existing security workforce hasnβt caught up. This creates demand for people who have β at a premium.
Which Roles Are Driving Demand
Not all 514,000 open roles are created equal. The categories with the most urgent hiring and highest compensation:
Cloud Security Engineers / Architects Cloud exposure management has become a board-level issue. Organizations are operating in multi-cloud environments with security gaps they canβt fully map. Senior cloud security architects are commanding $170Kβ$220K in competitive markets.
AI Security Specialists This category barely existed 24 months ago. It now has its own job titles, its own conference tracks, and its own compensation tier. LLM security specialists are averaging $198K nationally β more than the average CISO.
Threat Intelligence Analysts Organizations are investing in knowing whatβs coming rather than only reacting to what arrived. Mid-level threat intelligence analysts average $95Kβ$130K. Senior analysts with cleared backgrounds command significantly more.
AppSec Engineers The vibe coding wave has created an application security crisis. AI-generated code is flooding codebases with vulnerabilities at a rate that manual review canβt match. AppSec demand has accelerated sharply in Q1 2026.
GRC / Compliance-Focused Roles Less glamorous than red team or threat intel, but highly stable and increasingly well-compensated. Organizations need humans who can translate regulatory requirements into operational controls. CISO-track professionals often build their base in GRC before moving into leadership.
How AI Requirements Are Reshaping Entry-Level
The entry-level cybersecurity candidate of 2026 looks different from 2022.
The mean entry-level salary sits at $85,640 nationally β a 12% increase over 2023 levels. But the expectations attached to entry-level roles have shifted significantly. Where a security analyst role in 2022 might require CompTIA Security+, network fundamentals, and some SIEM experience, the equivalent role in 2026 increasingly requires:
- Demonstrated experience with AI-powered security tools (Copilot for Security, Sentinel AI features, AI-augmented SIEM platforms)
- Basic understanding of prompt injection and LLM-specific attack vectors
- Automation scripting β Python remains essential, but familiarity with AI-assisted coding workflows is now a differentiator
- Cloud fundamentals β AWS Security or Azure Security certifications have become baseline expectations at many employers
This doesnβt mean you need to be an AI researcher to break in. It means candidates whoβve spent time with AI security tooling β even through labs, personal projects, or bootcamps β have a meaningful edge over those who havenβt.
Practical Targeting for Your Job Search
Given the concentration of demand, hereβs how to approach search strategy:
If you have or can get a clearance: Prioritize Virginia, Maryland, and Texas (San Antonio has a significant defense presence). Defense contractors are aggressively absorbing talent displaced from federal agencies. The cleared market is tight right now.
If youβre targeting AI or product security: California remains dominant, but remote-friendly roles at AI-native companies are widely distributed. New York has a growing AI security presence driven by financial services. Expect compensation benchmarks to be set against Bay Area rates even for remote roles.
If you want stability with a lower cost of living: Texas, Georgia, and Colorado offer serious cybersecurity markets without California or DC price floors. Austin and Atlanta in particular have developed robust cybersecurity ecosystems with multiple large employers.
If youβre early-career: Target companies that explicitly list security certifications as a pathway for new hires rather than requiring experience upfront. GRC and SOC analyst roles remain the most accessible entry points with reasonable upward mobility.
The Realistic Bottom Line
The 514,000 number is real, but the jobs arenβt distributed evenly across geography, skill level, or specialization. The demand is concentrated in specific markets, specific roles, and β increasingly β specific skill profiles that include AI competency.
That concentration is actually useful information. It tells you exactly where to go, what to learn, and which direction the market is moving. Security hiring may be the only part of the 2026 tech market thatβs unambiguously in candidatesβ favor β if those candidates are positioned correctly.
The ones who arenβt will find the 514,000 number frustrating rather than encouraging. The ones who are will find it almost irrelevant β because theyβll have multiple offers.
