1

Security Researcher Jobs in Virginia (NOW HIRING)

As a network security researcher on the Network Situational Awareness team, you will research network threats to develop methods of detection and tailor these for partner environments. Transition of ...

As a network security researcher on the Network Situational Awareness team, you will research network threats to develop methods of detection and tailor these for partner environments. Transition of ...

next page

Showing results 1-20

Security Researcher information

See Virginia salary details

$47

$51

$53

How much do security researcher jobs pay per hour?

As of Jul 18, 2026, the average hourly pay for security researcher in Virginia is $51.00, according to ZipRecruiter salary data. Most workers in this role earn between $49.33 and $52.69 per hour, depending on experience, location, and employer.

What Is a Security Researcher?

A security researcher keeps up-to-date on all the latest developments in threats to computer software and networks. These threats include different types of malware, such as computer viruses, malicious software and scripts, and direct attacks on a network. The main duties of a security researcher are to investigate existing types of malware, analyze their capabilities, and attempt to predict new forms of malware to develop appropriate security responses. They may reverse engineer malware or test security systems.

What are Security Researchers?

Security Researchers are professionals who analyze computer systems, networks, and software to identify vulnerabilities and potential security threats. They often discover new types of cyberattacks, develop tools or methods to test for weaknesses, and recommend ways to improve security. Security Researchers may work for private companies, government agencies, or independently, and they play a crucial role in preventing cybercrime by staying ahead of hackers. Their work often involves reverse engineering, penetration testing, and publishing their findings to help strengthen cybersecurity across the industry.

Can I make $200,000 a year in cyber security?

Security Researchers can potentially earn $200,000 or more annually, especially with advanced skills, certifications, and experience in high-demand areas like penetration testing or threat analysis. Salaries vary based on industry, location, and level of expertise, with senior roles and specialized skills commanding higher pay.

What is the difference between Security Researcher vs Security Analyst?

AspectSecurity ResearcherSecurity Analyst
CredentialsCertifications like CISSP, CEH, OSCPCertifications like CompTIA Security+, CISSP, GIAC
Work EnvironmentResearch labs, cybersecurity firms, R&D teamsSecurity operations centers, corporate IT teams
Employer & IndustryTech companies, cybersecurity firms, government agenciesFinancial institutions, healthcare, enterprise companies
Primary FocusIdentifying vulnerabilities, developing exploits, analyzing threatsMonitoring security systems, incident response, implementing security measures

While both roles focus on cybersecurity, Security Researchers primarily analyze vulnerabilities and develop exploits to understand threats better. Security Analysts focus on monitoring, detecting, and responding to security incidents within organizations. Both roles often require similar certifications and work in related environments, but their core responsibilities differ in scope and daily tasks.

What does a security researcher do?

A security researcher analyzes computer systems, networks, and software to identify vulnerabilities and develop ways to protect against cyber threats. They often use tools like penetration testing and vulnerability scanners and may hold certifications such as CISSP or CEH. Their work helps improve cybersecurity defenses and prevent cyberattacks.

How to get a job as a security researcher?

To become a security researcher, develop strong knowledge of cybersecurity principles, programming, and network protocols. Obtain relevant certifications such as CISSP or CEH, gain experience through internships or labs, and stay updated on current security threats and tools like Wireshark or Metasploit.

How much do security researchers make in the US?

Security researchers in the US typically earn a median salary of around $100,000 per year, with entry-level positions starting at approximately $70,000 and experienced professionals earning over $130,000. Salaries vary based on experience, certifications, and the complexity of the security environment they work in.

What are the key skills and qualifications needed to thrive as a Security Researcher, and why are they important?

To thrive as a Security Researcher, you need deep expertise in computer science, networking, vulnerability assessment, and malware analysis, often supported by a degree in cybersecurity or related fields. Familiarity with tools like IDA Pro, Wireshark, Metasploit, and certifications such as OSCP or CEH is highly valued. Analytical thinking, curiosity, and strong written and verbal communication help distinguish top performers in this role. These skills are crucial for identifying emerging threats, effectively communicating risks, and developing solutions to protect organizations' digital assets.

What are some common challenges Security Researchers face when collaborating with development teams?

Security Researchers often encounter challenges when working with development teams, such as communicating complex vulnerabilities in a way that is actionable for developers and aligning on remediation priorities. Bridging the gap between security findings and practical implementation requires clear documentation and a collaborative mindset. Additionally, researchers must balance thorough testing with minimal disruption to production environments, ensuring security improvements integrate smoothly into development cycles.
What are the most commonly searched types of Security Researcher jobs in Virginia? The most popular types of Security Researcher jobs in Virginia are:
What job categories do people searching Security Researcher jobs in Virginia look for? The top searched job categories for Security Researcher jobs in Virginia are:
Infographic showing various Security Researcher job openings in Virginia as of July 2026, with employment types broken down into 87% Full Time, 9% Part Time, 1% Temporary, and 3% Contract. Highlights an 87% Physical, 2% Hybrid, and 11% Remote job distribution, with an average salary of $106,082 per year, or $51 per hour.
Network Security Researcher

Network Security Researcher

Cmu

Arlington, VA

Full-time

Posted 10 days ago


Job description

What We Do:

Our team, within the Cyber Risk and Resilience Directorate researches, designs, and develops software tools for the collection, storage, and analysis of network data to provide security insights. We provide both the core network tools to facilitate this capability, and prototypes of new methods to present the data most effectively. We work with data at a scale generally not experienced by most organizations, handling record counts in the tens of billions per day.

Developing security insights at this scale requires creativity, efficiency, and contemporary knowledge of modern computing platforms. In some cases, the computing has outpaced the methods, and it is incumbent upon us to generate novel views of both the entire data collection, and of focused datasets tailored to specific analyst needs.

Our network situational awareness security tools are published here: https://tools.netsa.cert.org/

Position Summary:

As a network security researcher on the Network Situational Awareness team, you will research network threats to develop methods of detection and tailor these for partner environments. Transition of this research will take the form of developing detection capabilities, providing new requirements and feature requests for our NetSA Security tool suite, writing publications, and providing customer-specific training. The primary network data source for the team is netflow combined with application layer metadata, with an expanding focus on host-based (e.g., EDR) and cloud telemetry.

You will be responsible for gaining insights from data to facilitate detections, working with partners to help them to better understand their data and researching new data sources to expand the expertise of the team.

Requirements:

-Bachelor's Degree in Computer Science or a relevant technical discipline with eight (8) years of relevant work experience; or a MS in Computer Science or a relevant technical discipline with five (5) years of relevant work experience; or a PhD in Computer Science or other relevant technical discipline with two (2) years of relevant work experience.

-Movement between buildings within the SEI and CMU community required.

Willingness to travel to various locations to support the SEI's overall mission. This may include national travel to sponsor sites, conferences, and offsite meetings on occasion.

-You will be subject to a background check and will need to obtain and maintain a Department of War security clearance.

Knowledge, Skills and Abilities:

Ability to translate threat intelligence to avenues for research, prototyping, and curation of detection capabilities.

Strong knowledge of network fundamentals, common application layer protocols, and network-based telemetry.

Strong proficiency in at least one scripting or programming language such as Python, Go, Ruby, C, Java, or Scala.

Strong problem-solving and analytical skills, detailed research, and ability to document and communicate ideas and findings to diverse audiences.

Desired Experience:

Hands-on experience in a security research, threat hunting, detection engineering, or Cyber threat Intelligence (CTI) analyst role.

Experience analyzing large datasets, especially network telemetry such as netflow, application metadata, or PCAP from network sensors such as YAF, Zeek, Suricata, etc;

Experience applying cybersecurity data science methods and practices

Experience using open-source and / or commercial Internet intelligence telemetry and datasets

Strong grasp of the threat landscape and experience researching and investigating threats

Experience presenting technical topics

Location

Arlington, VA, Pittsburgh, PA

Job Function

Software/Applications Development/Engineering

Position Type

Staff - Regular

Full time/Part time

Full time

Pay Basis

SalaryMore Information:
  • Please visit "Why Carnegie Mellon" to learn more about becoming part of an institution inspiring innovations that change the world.

  • Click here to view a listing of employee benefits

  • Carnegie Mellon University is an Equal Opportunity Employer/Disability/Veteran.

  • Statement of Assurance


CMU logo

About CMU

Sourced by ZipRecruiter

Industry

Offices of mental health practitioners

Company size

201 - 500 Employees

Headquarters location

Harrisburg, PA, US