Information Assurance and Security Engineering Salaries

Information assurance and security engineering salaries depend on role, clearance, polygraph, certification alignment, customer access, labor category, location, and how hard the seat is to fill.

Most cleared salary advice is too broad to be useful. Candidates hear that TS/SCI pays more, CISSP helps, and Fort Meade is a hot market. All of that is true. It is also not enough when you are deciding whether to accept or negotiate an IA offer.

Salary Methodology

These ranges combine public federal pay references, public cleared compensation reporting, and public job postings for current ISSO, ISSE, ISSM, Security Control Assessor, RMF, and cleared security engineering roles.

For a civilian comparison, the 2026 OPM Washington Baltimore Arlington locality table shows GS 12 from $102,415 to $133,142, GS 13 from $121,785 to $158,322, GS 14 from $143,913 to $187,093, and GS 15 from $169,279 to the $197,200 pay cap.

For a contractor comparison, ClearanceJobs reported 2026 average total compensation of $149,875 for professionals with Lifestyle or Full Scope Polygraph, compared with $118,680 for professionals with no polygraph. That nearly $30,000 gap is why polygraph access matters in Fort Meade, Annapolis Junction, McLean, Chantilly, and other IC markets.

Pay by Role: ISSO, ISSE, ISSM, and Security Control Assessor

IA salaries are not all the same. An ISSO and an ISSE may support the same system, but technical architecture and engineering depth often pay differently than day to day compliance support. ISSM roles can pay more when they own broader program risk, and Security Control Assessors can command strong pay because assessment credibility is hard to fake.

ISSO Salary

An ISSO keeps the security package and system posture defensible. Typical work includes SSP updates, POA tracking, vulnerability coordination, access review evidence, RMF artifacts, audit support, and daily security compliance.

Public postings support that planning range. GDIT listed an ISSO role requiring TS/SCI with polygraph in McLean at $119,582 to $161,788, with RMF, NIST 800 53, NIST 800 37, ICD 503, CNSSI 1253, cloud, and SSP responsibilities.

ISSE Salary

The ISSE is usually the most technical IA lane. A good ISSE does not just document controls. They help design systems that can actually meet the controls, including architecture, encryption, identity, logging, boundary protection, cloud design, inherited controls, interfaces, data flows, and assessment evidence.

Public postings show how high this lane can go. GDIT listed a Cybersecurity Systems Engineer and ISSE role with TS/SCI and ability to obtain a polygraph at $164,382 to $212,750. The posting also referenced IASAE Level II certification language and substantial RMF and authorization responsibilities.

ISSM Salary

The ISSM owns the program security posture. This is not just a senior ISSO title. The ISSM manages risk, people, packages, customer expectations, authorization strategy, audit readiness, and the larger IA operating picture.

GDIT listed an ISSM role with TS/SCI and polygraph in McLean at $161,753 to $218,840. For Fort Meade and IC work, ISSM pay climbs when the role includes multiple systems, a difficult customer, polygraph access, leadership responsibility, and serious assessment pressure.

Security Control Assessor Salary

Security Control Assessors sit in a different lane. They are not just maintaining the package. They help test whether controls are implemented correctly and whether the security posture can be defended.

GDIT listed a Security Control Assessor role requiring TS/SCI with polygraph at $155,616 to $210,539. The role called for hands on SCA experience, RMF, CNSSI 1253, NIST 800 53, STIGs, SCAP, assessment planning, cloud assessment, and risk reporting.

How Certifications Impact Pay

Certifications do not create salary by themselves. They unlock salary. A CISSP does not magically add money if the role does not require it and the experience is not there. But CISSP can qualify a candidate for senior ISSO, ISSE, ISSM, IAM, and IASAE style roles that pay more.

• CISSP. Strongest when moving into senior ISSO, ISSE, ISSM, security architect, IA lead, RMF lead, or cyber governance work.
• CASP+ or SecurityX. Useful for advanced technical practitioner roles, especially IAT Level III or IASAE oriented seats.
• CISM. Stronger for management, governance, risk, and ISSM direction.
• CGRC. Useful when the role is heavy on RMF, authorization, compliance, and control evidence.
• Cloud and platform certs. More valuable when the IA role involves cloud architecture, identity, logging, Linux, Azure, AWS, or secure engineering decisions.

The Polygraph Premium

The Full Scope Polygraph premium is real. ClearanceJobs reported 2026 average total compensation of $149,875 for professionals with Lifestyle or Full Scope Polygraph, $148,128 for CI Polygraph, and $118,680 for cleared professionals with no polygraph.

That does not mean every FSP role pays $30,000 more than every non FSP role. It means the market is smaller and more competitive. Companies pay more because fewer people can sit in those seats.

Contractor vs GS Scale for IA Roles

Government civilian IA roles can be a strong path. The pay is more predictable, benefits are strong, FERS retirement has value, and mission continuity can be excellent.

Contractor roles often have higher cash upside, especially when the role requires TS/SCI, polygraph access, senior certifications, and hard to find IA experience. Using the 2026 Washington Baltimore Arlington GS table, GS 13 tops out at $158,322, GS 14 tops out at $187,093, and GS 15 tops out at $197,200. Public contractor postings for senior ISSM, ISSE, and SCA roles with TS/SCI and polygraph can move above $200,000 and, in specialized cases, above $250,000.

What Actually Drives the Highest Offers

• TS/SCI with Full Scope Polygraph.
• Fort Meade, Annapolis Junction, McLean, Chantilly, or DMV customer access.
• CISSP, CASP+, SecurityX, CISM, CGRC, or IASAE relevant certifications.
• Real RMF package experience, system boundary work, SSP ownership, and POA management.
• Cloud, identity, logging, secure architecture, or classified system experience.
• Assessment credibility, audit experience, customer trust, and a funded senior labor category.
• A hard to fill seat with urgent customer demand.

What Can Hurt Your Offer

• Weak certification alignment or expired certifications.
• No active clearance, no polygraph, or no current customer access.
• No recent RMF experience or only paperwork experience with no system understanding.
• No SSP ownership, cloud exposure, architecture exposure, or assessment experience.
• Poor interview communication, unclear salary expectations, or unwillingness to work onsite.
• A mismatch between your experience and the contract labor category.

How to Negotiate an IA Offer

Do not negotiate like every offer is the same. Ask what drives the offer and where the constraints are.

• What labor category is this mapped to?
• Is the role ISSO, ISSE, ISSM, SCA, RMF, or security engineering?
• Is the company prime or subcontractor?
• Is this an active funded seat?
• What clearance, polygraph, and certification are required?
• Is salary capped by contract?
• Is there room for sign on bonus, certification reimbursement, PTO, title, or career path adjustment?
• What happens if the contract recompetes?

Open Roles at GS Consulting

GS Consulting is focused on placing and supporting cleared professionals who can operate in real IA and cyber environments. That includes ISSO, senior ISSO, ISSE, senior ISSE, ISSM, Security Control Assessor, RMF analyst, cyber compliance specialist, security engineer, security architect, and IA program lead roles.

The Bottom Line

A starting ISSO may land near $90,000 to $120,000, but an experienced TS/SCI polygraph ISSO in the Fort Meade market can move well above that. A strong ISSE or senior security engineer can reach $160,000 to $220,000, and specialized senior roles can go higher. An ISSM or Security Control Assessor with TS/SCI and polygraph access can also command strong pay when the role requires assessment credibility, program risk ownership, and customer trust.

The Full Scope Polygraph premium is real. CISSP helps. But neither one replaces actual experience. The best paid IA professionals combine clearance, certification, technical judgment, RMF fluency, and customer trust.

Sources

• U.S. Office of Personnel Management: Salary Table 2026 DCB
• ClearanceJobs: From Secret to TS/SCI to Full Scope Poly
• General Dynamics: Information System Security Officer TS/SCI with Polygraph
• General Dynamics: Cybersecurity Systems Engineer and ISSE TS/SCI with Polygraph
• General Dynamics: Information Systems Security Manager TS/SCI with Polygraph
• GDIT: Security Control Assessor TS/SCI with Polygraph

Frequently Asked Questions