How Much Do Cybercrime Investigators Earn?

Ten-gallon hats and quickdraw duels populate the collective memory of the American Wild West. Whether the new frontier was the lawless cowboy playground that Hollywood Westerns depict, one thing is for sure: the internet is proving to be far wilder.

Cybercrime investigation units are emerging in both the public sector and national corporations to combat sensitive data breaches and fraud. According to the FBI’s annual Internet Crime Report, cyber crime (also called eCrimes) snatched up to $2.7 billion in 2018 alone.

Cybercrime investigators are modern-day sheriffs, leading the charge to bring some much-needed law and order to the digital age.

How much could you earn as a cybercrime investigator?

The average salary of a cybercrime investigator, typically an entry-level or mid-career team member in a cyber security unit, will depend on education level, geographic region and whether the position is in the public vs. private sector.

Glassdoor provides an estimated salary range of $50K-$70K for cyber forensic investigators, while Payscale lists $71,809 as the average U.S. salary for a forensic computer analyst. With a bachelor’s degree and zero to five years of experience, cyber crime investigators should generally expect to make less than six figures at most companies.

In the public sector, high-performing cyber security professionals with a graduate degree or about 10 years of experience can ascend to positions such as a senior cyber security specialist, a role for which the U.S. Government often pays around $100K per year.

At larger national corporations, like Visa or Barclays on the east coast, those with only a bachelor’s degree often make about $100,000 or more. Meanwhile, on the west coast, Microsoft pays its bachelor-level forensics cyber security researchers anywhere from $100,000 to $150,000.

Although a master’s degree can open the door for these types of positions at larger companies, multiple years of directly relevant experience in IT security is also a safe bet for those looking to crack into the six-figure salary range. Salaries, of course, increase with management experience and the number of direct reports. A cyber security engineer at T-Mobile with a master’s degree in computer science will earn at least $112,000.

Where do cybercrime investigators work?

The FBI is continuing to beef up both its cyber security efforts and its network security. It now has a cyber division at the FBI Headquarters along with cyber action teams that travel the globe to work on high-impact computer intrusion cases, deploying computer crimes task forces to coalesce local and state governments with cutting-edge defense technologies.

Meanwhile, in the private sector, massive global companies like Citi, Facebook and JP Morgan Chase are all looking to bolster their cybersecurity units with investigators, analysts, and engineers. Those seeking a cybersecurity career in the private sector will work with teams across nearly every aspect of a company—victims of eCrime are rarely limited to a single branch or function.

Citi hires investigators for its “Cyber Investigation Response Team (CIRT)” to review, triage and investigate information security incidents. These positions are demanding in terms of both time and travel. Citi’s job posting states that hires must be “available 24 x 7 x 365 and to travel when required.” Senior investigators at Citi make a base salary of $83,000 per year.

Facebook is seeing an unprecedented wave of sensitive data breaches. Unsurprisingly, they’re hiring for multiple cybercrime prevention and investigation positions at their headquarters in Menlo Park, California. A security investigator at Facebook
makes from $72,000 to $77,000 annually.

JP Morgan Chase has an electronic crime investigation team to investigate “complex check-related fraud schemes” that can potentially cost them and their clients millions. Their check investigations associates work to crack eCrime cases across all branches of the company. Investigators at JP Morgan earn around $60,000 to $80,000.

What does a cybercrime investigator do?

Cybercrime encompasses a wide range of illicit activity. Everything from malware, viruses, identify theft, enterprise fraud, phishing scams, and child pornography fall under this umbrella, and the definition will continue to evolve as technology-based attacks grow more sophisticated.

The nature of cyber attacks differ vastly both within and between companies, so there is no average day in the life of a cybercrime investigator. In general, they evaluate the magnitude of reported criminal incidents and launch comprehensive investigative reports.

At the point when an investigative team gathers enough research to form a holistic understanding of the source, cause, and impact of an incident, investigators must work with internal technology teams to prevent future attacks. They conduct deep research into an organization’s data infrastructure to identify weak points and resources most vulnerable to criminal activity.

Cybercrime investigators work closely with security engineers, intelligence analysts, and chief security officers to document all aspects of the criminal incident reporting and research process.

Generally, an investigator with only a bachelor’s degree will not manage direct reports unless they have five or more years of experience. Those with more educational accomplishments or at least a decade of professional experience may lead cross-functional teams and potentially manage dozens of employees.

What degree(s) do you need to become a cybercrime investigator?

Almost every job listing in this field will require at minimum a bachelor’s degree in computer science, although this may often be substituted with equivalent field experience as an IT specialist or US intelligence officer, for example.

There is no standard educational path for cybercrime investigators, mostly due to the fact that the field is so new and so rapidly evolving. Those looking to end up in a more senior cybersecurity leadership role are strongly advised to obtain a master’s degree. Anything from computer science, information systems, intelligence studies, cyber security or digital forensics are popular graduate degree choices.

Additional credentials, such as the SANS GSEC, GCTI, GCIH, GCFA, GCFE, GREM, or GNFA, CISSP, or PMP will add to a candidate’s appeal in addition to (or in place of) a graduate degree.

What skills do cybercrime investigators need?

Though a cybercrime investigator may sound like a hyper-focused technical position, excellent communication skills are mission-critical to success. Forging and maintaining relationships between incident response teams, lawyers, and external law enforcement agencies are a huge part of any investigative team role, and will continue to come in handy when you conduct suspect, witness, and victim interviews.

On the hard-skills side, working knowledge of the evolving legal landscape for online criminal activity is expected in most if not all roles of this nature, along with an intimate understanding of networking security protocols and risk management strategies. Many investigators will be expected to navigate the dark web.

Are you ready to protect the greater good?

Cybercrime investigators may not ride horses or break up saloon brawls, but they take down vicious cyber criminals every day. The role appeals to those interested in the intersection of computer and criminal sciences. If preventing crime and protecting civilians in an ever-changing online universe sounds up your career alley, you can feel confident knowing that the job market is strong—and your future earnings will be comfortable to boot.

(Last Updated on February 26, 2024)

Questions or feedback? Email editor@noodle.com