Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: What's the salary benchmark for DevSecOps lead with 10 years experience?
17 points by dev_0 on Oct 2, 2022 | hide | past | favorite | 12 comments
Can't find any concrete data on salary for DevSecOps engineer



The 'Sec' part of that job title is just not going to move the needle when it comes to salary. Companies talk a good game when it comes to devops security and 'shifting left' but few, if any, will actually pay for it up front and instead will just use it as an additional feature when selecting among various candidates for open roles. Just look for any devops engineer data and hope that by playing up security experience you might be able to bump your ask 5-10%.


DevOps job is better than Security?


No one hires for devops security. In the largest of FAANG orgs there will be 50-100 regular devops, app sec, and security engineering roles for every devsecops role. There is an expectation that security be integrated into these other roles, so someone looking to get hired would be better served to find the roles that companies are actually trying to fill and then spin their security chops so that they look like a unicorn in a field of horses and even a few zebras.


Non-tech company:

~$100k-$180k base + ~5%-10% cash bonus

Small / private tech company:

~$120k-$200k base + ~5%-20% cash bonus or ~20%-50% "Monopoly" money RSU

Publicly traded tech company:

~$140k-$220k base + ~20%-50% RSU

FAANG: The sky is the limit

U.S. Salaries


To expand on FAANG (and companies playing in the same comp league): The most likely leveling would be senior or staff. If you're lucky, principal. According to level.fyi's 2021 report [1], you'd be looking at around 400k to 800k total compensation.

[1] https://www.levels.fyi/2021


10 years experience is likely senior engineer, so $300-400k total compensation. Staff would be $500-600k, principal probably $900-1000k (I think about 10% of total engineers are >= staff and maybe ~3 >= principal)


I expect location and size/type of business (faang, startup, etc) may give wildly different answers, on top of experience


Likely 190+ is the going rate. I see In upper echelon markets 225-250


Companies which actually do DevSecOps are unlikely to have roles with that title.


That's almost exactly what my thoughts were. Its not a role, it's culture/mindset/ "this is how we fold security into our development and operations". An expectation perhaps. I've seen platform engineering roles evolve however to include security specialists, but again, with platform engineering the goal is to bake security and guardrails and general optimisations into to the platform.

I also want to elaborate on the flipside; having dedicated roles as devsecops, there is a high potential that security and responsibilities shifts to people in those roles, and from experience this leads to "someone else will take care of that", where as what you really want is something along the lines of "security is everyone's responsibility (including mine)"


When something is everyone's responsibility, no one will be responsible


Which country/region? Big difference between, say, Bay Area and Bratislava.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: