6 CISA Jobs and How to Get Started

Cybersecurity is an important field dedicated to preventing cyberattacks on people and organizations and mitigating any such attacks. CISA, or the Cybersecurity and Infrastructure Security Agency, is the national cyber defense agency working in cybersecurity and homeland security. If you want to work in national risk management and cybersecurity protection, CISA may be the right fit for you. 

Protecting data systems and networks will be your primary responsibility as a CISA professional, but your exact duties can vary depending on your specific position. According to IBM, in 2023, $4.45 million was the average cost of a data breach, which increased 15 percent over the previous three years, making this career choice one in which you can positively impact people’s lives and the economy [1]. This guide describes several career options within CISA. It can help you understand the benefits of having a CISA certification and how to land your first position in this agency. 

What is CISA certification?

Certified Information Systems Auditor (CISA) is a credential given by ISACA, formerly called the Information Systems Audit and Control Association. This designation is a global standard for cybersecurity professionals, granted after completing a comprehensive exam and sufficient work experience. With this certification, you signify to potential employers that you have the knowledge, technical skills, and expertise to implement the necessary strategies to protect their organization.

If you want to earn this designation, you will need five years of professional experience and at least 20 continuing professional education (CPE) credits a year plus 120 CPEs over three years to keep it. The certification is a great way to demonstrate your expertise and commitment to cybersecurity and can help you stand out to employers.

6 CISA jobs to consider

When considering which CISA job is best for you, consider the requirements you already fulfill along with your specific interests to determine the area in which you would like to specialize. A specialization can help you acquire an entry-level role. 

You do not need CISA certification to apply for a position at CISA, but you may be encouraged to earn different cybersecurity-related certifications while you work there. If hired, CISA will provide you with money for your training to earn certifications. You do not need a lot of prior experience, as hiring is dependent on your level of education and experience. Since CISA is a federal agency, you must be a US citizen and registered or exempt from the Selective Service if you are male. 

1. Cybersecurity/IT 

IT cybersecurity specialist average annual total salary at CISA (Glassdoor): $132,000 [2]

If you are working in the cybersecurity/IT sector of CISA, you may be responsible for developing methods to mitigate cyberattacks and security risks. You will likely work to ensure America's cybersystems' security, reliability, and strength. Additionally, you will work with companies in the private sector to bolster the security of vital networks. As a cybersecurity/IT professional, you may also respond to user reports while optimizing and administrating computer systems.   

2. Emergency communications

Progam analyst average annual total salary at CISA (Glassdoor): $108,000 [3]

Suppose you apply to work in emergency communications. In that case, you will work on projects such as the National Emergency Communications Plan (NECP) in a related role, such as a program analyst, telecommunications specialist, electrical engineer, or project manager. Your responsibilities will typically include ensuring first responders can communicate in emergencies and planning out emergency policies and protocols. As a member of the emergency communications sector in CISA, you will help facilitate and share emergency safety practices and manage funding and grant programs. 

3. Infrastructure security

Chemical security inspector average annual total salary at CISA (Glassdoor): $66,000 [4]

Infrastructure security personnel are responsible for ensuring the safety of the surrounding physical and cyber infrastructure to help enable CISA’s mission planning. You might work as an infrastructure security professional as a chemical security inspector, facility operations specialist, or an improvised explosive device (IED) program analyst. These positions will require you to be responsible for bombing prevention, chemical inspections, active shooter preparedness, and generally securing the area of CISA to guard against attacks. 

4. National risk management

Incident response analyst average annual total salary at CISA (Glassdoor): $87,000 [5]

If you work in the national risk management sector, you may be responsible for collecting and analyzing information to support supply chain security and cybersecurity. You will collaborate with public and private initiatives to manage national priority areas at risk and better understand national threats. As a national risk management professional, you will analyze the national infrastructure to identify critical risks and take action through safety plans to prevent these risks.   

5. Stakeholder engagement

Manager average annual total salary at CISA (Glassdoor): $148,000 [6]

As a stakeholder engagement professional at CISA, you will typically sustain national and international partnerships between the government and private sector with CISA. You will gather stakeholder information to assess risk and connect stakeholders to cybersecurity resources. If you work in stakeholder engagement, you will likely be a council or partnership manager to foster stakeholder collaboration.  

6. Integrated Operations Division

Chief of workforce engagement annual total salary at CISA (Glassdoor): $120,000 [7]

The Integrated Operations Division (IOD) organizes, plans, and coordinates CISA operations, including CISA Central, which is the easiest method for partners and stakeholders to acquire the necessary information about the current risks to critical infrastructure. It also handles CISA Intel, which is the intelligence-gathering division, and CISA Regions, which provides support on both the local and state levels. Suppose you have a position within CISA Regions. In that case, you may be working as a protective security advisor, an expert in protecting critical infrastructure while also identifying and removing vulnerabilities. Additionally, you would coordinate with other DHS offices and federal agencies to initiate activities on the local level. 

How to land your first CISA position

To land your first CISA position, stay current on CISA job openings and career fairs. Once you have subscribed to get notifications from CISA or attended a career fair, you can start thinking about building your experience and earning certifications to help you pursue a position at CISA. 

Build background knowledge

Building your background knowledge about cybersecurity through online courses, blogs, and bootcamps is a great way to start working toward your career in CISA. You might start by learning cybersecurity fundamentals and gaining technical security and network management skills. You can also research CISA itself to understand its mission and what you can expect from working there. Building background knowledge on CISA and cybersecurity will make you stand out as a knowledgeable candidate. Additionally, if you’re interested in a cybersecurity position, you might consider pursuing a bachelor’s degree in computer science or cybersecurity to develop a strong foundation.  

Earn a certification

While you can apply for positions within CISA without a certification, you may want to consider earning a relevant certification to demonstrate your skill level in cybersecurity. Earning a certification can prove your dedication to the field, impressing the employers at CISA. A certification can also expand your knowledge of the cybersecurity field and sharpen your skills, making you a more competitive candidate for CISA. A few of the certifications that CISA suggests you consider earning include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Certified Information Security Manager (CISM).  

Gain relevant experience

Gaining relevant experience can help you become more qualified and prepared to take on a position at CISA. Working in other areas of cybersecurity—data networks or operating systems—can help you expand your skill set and prepare for various roles at this agency. CISA offers entry-level positions based on your experience level or education, so having prior experience when applying can help you become eligible for more careers within the agency. 

Meet additional requirements

To meet additional requirements, thoroughly review the CISA website and hiring questions. Research the education or experience requirements for different positions and the skills required. Being familiar with CISA’s recommended abilities, knowledge, and skill sets can help you prepare for the hiring process and determine what the employers at CISA may be looking for.

Getting started with Coursera

On Coursera, you can take courses and earn Professional Certificates to advance your career in cybersecurity. The Google Cybersecurity Professional Certificate is designed to help you understand the importance of cybersecurity practices and learn how to protect networks and devices from cyberattacks.