PLEASE NOTE: Job profile content may reflect pre-COVID-19 conditions.

Security Consultant

Kaitohutohu Whakamarumaru

Alternative titles for this job

Security consultants identify security weakness in information technology (IT), advise on IT security, and design IT security systems.


Security consultants usually earn

$120K-$200K per year

Security managers and chief security officers can earn

$180K-$500K per year

Source: Recruit I.T., 2023

Job opportunities

Chances of getting a job as a security consultant are good due to a shortage of workers.


Pay for security consultants depends on skills and experience, with salaries in Auckland usually higher. 

  • Security consultants can earn $120,000 to $200,000 a year.
  • Security managers can earn $150,000 to $200,000
  • Chief security officers can earn $180,000 to $500,000 a year.

Sources: Recruit I.T., 'Auckland Technology & Digital Salary Update, June 2023’; and Recruit I.T., ‘Wellington Technology & Digital Salary Update, June 2023’.

(This information is a guide only. Find out more about the sources of our pay information)

What you will do

Security consultants may do some or all of the following:

  • take the lead in identifying cyber security gaps
  • create risk assessment policies
  • monitor network security and report on issues
  • research, cost, design and implement new or improved network systems and platforms
  • manage responses to cyber attacks and ensure damage to the security of information is kept to a minimum
  • supervise other staff and oversee any changes to network security
  • keep up to date with the latest cyber security threats and solutions.

Skills and knowledge

Security consultants need to have knowledge of:

  • current IT security standards, practices and methods
  • internet threats and hacking tools
  • security software and penetration tools such as Metasploit and AppScan
  • computer and network systems, software and devices and operating systems such as Windows Client and Linux
  • manual and automated security tests
  • coding languages such as Java or C++.

Working conditions

Security consultants:

  • usually work full time and may also work evenings and weekends, and be on call
  • work in their own or clients' offices
  • work in conditions that may be stressful, because they work to strict deadlines while responding to security threats
  • may travel locally or overseas to meet clients.

Entry requirements

There are no specific requirements to become a security consultant. However, you usually need one or more of:

  • a diploma or degree, preferably in an IT-related subject such as network engineering, computer science or cyber security
  • a relevant industry-based certification, such as Certified Information Systems Security Professional (CISSP). 

In addition, security consultants usually need three to seven years’ experience in intermediate-level security roles such as security analyst, or a related role such as network administrator.

Common ways of gaining IT-related knowledge include learning through online courses and tutorials, and working on your own projects.

Secondary education

A tertiary entrance qualification is required to enter further training. Useful subjects include digital technologies, maths, physics and English.

For Year 11 to 13 students, the Gateway programme is a good way to gain industry experience.

Personal requirements

Security consultants need to be:

  • creative and imaginative, as they need to design new security systems
  • analytical thinkers and problem solvers
  • detail-oriented and curious
  • good at seeing the big picture, to examine solutions and problems from all sides
  • skilled communicators
  • skilled leaders and negotiators.

Useful experience

Useful experience for security consultants includes: 

  • work in entry-level IT jobs such as information technology helpdesk/support technician
  • on-the-job training through IT internships and graduate recruitment programmes
  • hacking experience gained through study or hacking conferences
  • working on individual IT projects such as setting up your own penetration testing lab or assembling computers.

Physical requirements

Security consultants spend a lot of time using computers, so they need to know how to use computer equipment properly to avoid occupational overuse syndrome (OOS).


Security consultants may choose to become certified or chartered through associations such as the Institute of IT Professionals.

Find out more about training

IT Professionals
0800 252 255 - -
(09) 475 0204 - -


Check out related courses

What are the chances of getting a job?

Security consultants in demand

Security consultants are in high demand due to:

  • organisations shifting services and systems online
  • increasing numbers of devices, including vehicles, connected to the internet which hackers can access and damage online.

Shortage of experienced security consultants

There are not enough experienced security consultants to meet demand. Nearly two thirds of IT employers report skills shortages, and there aren't enough information technology (IT) trainees.

As a result, ICT security specialist appears on Immigration New Zealand's long-term skill shortage list. This means the Government is actively encouraging skilled security consultants from overseas to work in New Zealand.

How to get your first IT job

You can improve your chances of getting a job through:

  • internships like Summer of Tech
  • graduate programmes offered by IT companies
  • mentoring programmes.

Types of employers varied

Security consultants can work for:

  • private companies that provide web, database and network services
  • software development companies
  • private companies 
  • government departments and educational institutions.

Security consultants may also be self-employed.


  • Hays, 'IT Salary Guide and Recruiting Trends', accessed November 2021, (
  • Immigration New Zealand, 'Long Term Skill Shortage List', 27 May 2019, (
  • Recruit I.T. 'Technology and Digital Salary Update Auckland', 'Recruit I.T Technology and Digital Salary Update Wellington', July 2021, (

(This information is a guide only. Find out more about the sources of our job opportunities information)

Progression and specialisations

Security consultants may progress into roles such as:

  • security architect
  • security manager
  • IT project manager
  • security director
  • chief information and security officer (CISO).
Two men in business clothes stand talking outside a server room full of wires

Security consultants identify computer security weaknesses and advise on improvements

Last updated 8 February 2024