Standardizing Security Titles

An open-source framework for consistent job titles, levels, and expectations across the cybersecurity industry.

Why This Matters

A "Senior Security Engineer" at one company might equal a "Security Analyst II" at another. This inconsistency makes it hard to compare roles, set fair compensation, and define clear career paths. Security Titles provides a common language for the industry.

📚 Browse Role Frameworks

⚔️ Offensive Security

Penetration testers, red team analysts & engineers, purple team specialists, and offensive security management.

Penetration Testing (7 levels)
Red Team Analyst (7 levels)
Red Team Engineer (7 levels)
Purple Team (7 levels)
Management Track (3 levels)

🛡️ Defensive Security

SOC analysts, security administrators, security engineers, architects, and defensive security management.

SOC Analyst (4 levels)
Security Administrator (4 levels)
Security Engineer (6 levels)
Security Architect (6 levels)
Management Track (3 levels)

📋 GRC

Governance, Risk & Compliance professionals who enable the business through risk management, compliance, and policy.

Risk Analyst (7 levels)
Compliance Analyst (7 levels)
Governance Analyst (7 levels)
GRC Engineer (7 levels)

🔑 IAM

Identity and Access Management professionals covering governance, authentication, privileged access, and identity security.

IGA, Access Mgmt, PAM, Directory Services
CIAM, IAM Architect
Identity Security Analyst & Engineer (ITDR)

🔬 Specialized Roles

Cross-functional and domain-specific security roles including vulnerability management, application security, cloud security, forensics, and threat intelligence.

EVM, AppSec, CloudSec (Engineer & Architect tracks)
Forensic Analyst, CTI Analyst & Engineer
Coming: Info Protection, OT Security...

👔 Leadership

Executive and senior leadership roles spanning all security functions, from Director to CISO.

Director
Senior Director
VP / SVP
CISO

📊 What's Covered

Each role framework provides detailed information across multiple dimensions:

📋 Responsibilities

Core duties and expectations at each level

🛠️ Skills

Required and preferred technical abilities

🎓 Education

Degree equivalents and certifications

💰 Compensation

Salary ranges across sectors

👥 Mentorship

Guidance received and provided

🎯 Impact & Authority

Decision-making scope and influence

🎯 Use Cases

👔 For Hiring Managers

Write accurate job descriptions, set appropriate compensation, and benchmark candidates against industry standards.

🚀 For Job Seekers

Understand where you fit, identify skill gaps, negotiate compensation, and plan your career progression.

📈 For Team Leads

Define career ladders, set promotion criteria, and create development plans for your team members.

🏢 For Organizations

Standardize titles across departments, align compensation with market rates, and build consistent job families.

🤝 Get Involved

This is a community-driven project. Your experience and insights make it better.

💬 Join the Discussion 📦 View on GitHub

Ways to Contribute

Share feedback — Does something not match your experience? Let us know.
Improve accuracy — Help refine responsibilities, skills, and salary data.
Add roles — Help us expand to cover more specialized areas.
Spread the word — Reference these standards in your job postings and career discussions.

Security Titles is maintained by Rob Fuller (mubix) and Chris Gates (carnal0wnage) and the security community.
Licensed under the BSD 3-Clause License.