The Certified Ethical Hacker (CEH) is undoubtedly popular among recruiters and hiring managers. But beyond the title, what tangible opportunities does it bring? With this recognition in hand, where do you go next? What Certified Ethical Hacker jobs can you land in 2024?
While the name may suggest a narrow focus, you’d be surprised to see the multitude of defensive and consulting roles open to CEH holders.
In this article, we’ll explore the Certified Ethical Hacker jobs, potential salaries, and career progression that await once you earn this certification. So, let’s get to it!
Overview of the Certified Ethical Hacker
The Certified Ethical Hacker certification, offered by the EC-Council, equips you with the knowledge needed to identify vulnerabilities in computer systems and defend against malicious hacking attempts. The exam material covers various domains, including network scanning, malware threats, social engineering, and hacking tools and techniques.
Here’s a breakdown of the CEH exam domains:
There are two CEH certifications available:
- CEH ANSI: a knowledge-based, multiple-choice exam that primarily assesses the understanding of various tools, techniques, and methodologies used by hackers
- CEH Practical: a hands-on, virtual lab exam that simulates real-world ethical hacking activities across various domains
In this article, we’ll focus on CEH ANSI.
Check out these comparisons to see how CEH lines up:
What Does Certified Ethical Hacker Prepare You For?
According to the EC-Council, a Certified Ethical Hacker credential is the perfect way to start your career in cyber security. Each CEH module prepares and equips you with the knowledge needed to fill various positions, such as
- Security Analyst/SOC Analyst
- Vulnerability Assessment Analyst
- Cyber Defense Analyst
- Cyber Security Engineer
- Cyber/Information Security Auditor
- Security Administrator
- Network Engineer
- Cyber Security Consultant
- Information Security Manager
- And more
Remember, the CEH ANSI certification validates only theoretical knowledge in ethical hacking, not the depth of practical hacking skills or real-world application.
As of this writing, a brief search on Indeed shows over 2,000 job openings in the US that list the CEH as one of the preferred certifications for candidates to hold.
Here’s a quick rundown of the most popular roles that often have a variety of entry-level or junior positions available:
Security Analyst
Security Analysts are on the frontline of defense, monitoring organizations’ network traffic and analyzing system logs to identify, detect, report, protect, respond, and recover from security threats and breaches. They primarily focus on keeping data and networks intact.
Analysts are involved in network monitoring, incident investigation, vulnerability assessment, threat intelligence, incident response, and more.
Security Engineer
Security Engineers build, implement, and maintain robust security solutions for organizations. They ensure that the IT infrastructure is well-crafted and well-protected against potential threats.
Even though they have responsibilities similar to security analysts, their primary duties range from system design and threat modeling to developing security protocols and managing security software.
Penetration Tester
Frequently referred to as ethical hackers, penetration testers simulate real-world cyber attacks on systems, networks, and applications to discover vulnerabilities before malicious actors can exploit them.
In other words, they look for weak spots in security controls using their skills and tools. They then inform the targeted organizations so that they can strengthen their security posture.
For successful penetration tests, a solid understanding of IT, networking, and security systems is essential. Additionally, some employers may require expertise in application security, programming, and cloud architecture.
Thinking about becoming a penetration tester? Look at our featured articles below:
Security Administrator
Security administrators oversee the installation, management, and troubleshooting of an organization's security solutions. They develop security guidelines, establish procedures, run security audits, investigate security breaches, and conduct training sessions on security protocols and best practices.
The specific roles of a security administrator can differ based on an organization's needs.
Security Auditor
Security auditors conduct audits of information systems using organizational standards, policies, procedures, and relevant laws and regulations as a benchmark. Through interviews, observations, inspections, and investigations, they evaluate the effectiveness of security controls to determine their alignment with internal and regulatory requirements.
Upon completing their assessments, they provide recommendations for improving security and achieving or maintaining regulatory compliance. To ensure impartiality (independence) and objectivity, security auditors don’t implement security controls or perform routine security operations.
Other positions, like cyber security consultant or information security manager, are often within reach for CEH holders with more experience in the field.
Still unsure about the right career path for you? Read our article Top 10 Careers in Cyber Security (and Which Is Right for You?) for more guidance.
Job Opportunities and Salary
With CEH ANSI, you have the foundational skills to target various cyber security jobs. However,
when browsing websites like Indeed, LinkedIn, Glassdoor, or Cyber Security Jobs, consider both the certification requirements and job levels, as some positions require a more advanced certification in addition to CEH.
Suppose you have little work experience in the security field. In that case, think about searching for entry-level, junior, or mid-level CEH jobs.
It’s important to note that the average salary for a CEH holder will vary based on experience, location, industry, and job responsibilities. The numbers below indicate what you might expect to earn throughout your career.
Salary: Security Analyst
This broad designation typically encompasses professionals working in defensive security roles.
Here are some common variations you may encounter during your search:
- Information Security Analyst
- Cyber Security Analyst
- IT Security Analyst
- SOC Analyst
- Network Security Analyst
- Cyber Defense Analyst
- Incident Response Analyst/ Specialist
- Intrusion Detection Analyst.
The exact duties associated with a title can vary based on the organization's needs.
Indeed - Security Analyst CEH search results:
Glassdoor - Security Analyst CEH search results:
ZipRecruiter - Security Analyst salary:
Salary: Security Engineer
Most security engineer roles are offered as full-time positions with the option to work in a hybrid manner.
After the security analyst position, the security engineer ranks as the second most sought-after role in CEH job postings.
The following are variations of this job title:
- Information Security Engineer
- Cyber Security Engineer
- Network Security Engineer
- Systems Security Engineer
- Security Solutions Engineer
- And more
Indeed - Security Engineer CEH search results:
Glassdoor - Security Engineer CEH search results:
ZipRecruiter - Security Engineer salary:
Salary: Penetration Tester
The escalating sophistication of cyber attacks has significantly increased the demand for penetration testers. Many remote and hybrid positions are available.
Here are some variations of this job title:
- Ethical Hacker
- Red Team Engineer
- Application/Web Application Penetration Tester
- Network Penetration Tester
- Infrastructure Penetration Tester
- Cloud Penetration Tester
- Social Engineering Penetration Tester
Below is an ad from cybersecurityjobs.com for a Penetration Tester position that lists CEH among its required certifications.
ZipRecruiter - Penetration Tester salary:
Salary: Security Administrator
As the go-to expert in a cyber security team, a security administrator holds a special place in an organization. From our research, many companies like having their security administrators working onsite rather than remotely.
Other variations of this job title:
- IT Security Administrator
- Cyber Security Administrator
- Information Security Administrator
- Security Systems Administrator
- Network Security Administrator
Look at this Security Administrator job ad on Indeed that mentions CEH among its highly desired certifications.
ZipRecruiter - Security Administrator salary:
Salary: Security Auditor
Security Auditors are in demand as they play a key role in ensuring the robustness of an organization's digital infrastructure and security practices. They can work either onsite, remotely, or in a hybrid manner.
While some job postings mention CEH, several companies prefer candidates with more advanced certifications, such as CISA, CISSP, or CISM.
Here are other variations of this job title:
- Information Security Auditor
- Cyber Security Auditor
- IT Security Auditor
- Information Systems Security Auditor
- Security Compliance Auditor
- Information Systems Auditor
- And more
Check out this Information Systems Auditor job opening on Indeed, which lists CEH as one of the preferred certifications for candidates.
ZipRecruiter - Security Auditor salary:
Demands for CEH, Pentest+, GPEN Holders
Wondering how the CEH ANSI stacks up against similar penetration testing certifications like CompTIA Pentest+ and GIAC Penetration Tester (GPEN)? Let's find out!
Here are our preliminary search results showing how many job ads mentioned each certification as desired or required:
Glassdoor | Indeed | CyberSecurityJobs.com | |
CEH | 1,106 results | 2,020 results | 170 results |
CompTIA Pentest+ | 11 results | 225 results | 6 results |
GPEN | 270 results | 418 results | 37 results |
Remember, depending on the filters and search criteria you use, your results might differ from what’s described above.
Career Progression
According to our cyber security career pathway, CEH jobs can be launchpads to more advanced or specialized careers in security management or offensive/defensive security.
For ethical hacking enthusiasts, it’s beneficial to pursue certifications like CEH Practical, Pentest+, or OSCP.
Those looking to focus on the defensive (blue team) side, GIAC Certified Intrusion Analyst (GCIA), or Offensive Security Defense Analyst (OSDA) are possible certifications to look into.
Feeling like you're in The Matrix torn between the red pill and the blue? Check out our article Red Team vs. Blue Team: Which Is the Best Choice for You? to find your path.
On the other hand, if you want to be an advanced cyber security generalist and aim for strategic cyber security roles like an information security officer, earning credentials such as the Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) will help you achieve your dream and move up the career ladder.
Learn more about these recognitions through our articles below:
Conclusion
The CEH ANSI certification, while primarily a knowledge-based credential, is a significant first step towards lucrative job opportunities. From entry-level positions like security analyst to penetration tester and security auditor roles, this credential paves the way to a dynamic, exciting, and rewarding career safeguarding digital assets.
We hope this overview of certified ethical hacker jobs has given you a clear picture of potential career paths after earning the CEH certification.
The decision is now yours: What CEH jobs are best for you? Where will you shine the brightest?
For tailored career mentorship and assistance crafting the perfect career roadmap for you, join our Accelerator Program!