Cybersecurity Careers in India: Jobs, Salaries & Pathways

What Does the Cybersecurity Job Market Look Like in India?

India is experiencing one of the largest cybersecurity talent gaps on the planet. According to NASSCOM and DSCI (Data Security Council of India) projections, India needs over 1 million cybersecurity professionals by 2025–2026, yet the current workforce sits at approximately 300,000–350,000. The Indian Computer Emergency Response Team (CERT-In) handled over 1.39 million cybersecurity incidents in 2022, underscoring the scale of the challenge. India’s digital transformation — driven by UPI, Aadhaar, and rapid cloud adoption — has created attack surfaces that far outpace the available talent to defend them.

India’s cybersecurity market is unique in several ways. The country is simultaneously one of the world’s largest producers and consumers of cybersecurity talent, with massive IT services companies exporting security expertise globally while domestic organisations struggle to fill internal roles. The regulatory environment is evolving rapidly — the Digital Personal Data Protection (DPDP) Act 2023, RBI Cyber Security Framework, and SEBI Cyber Security Guidelines are all driving compliance-led demand. And the sheer diversity of the market — from Tier 1 IT services giants in Bangalore to fintech startups in Mumbai to government agencies in Delhi — means there is no single “Indian cybersecurity market” but rather multiple overlapping ecosystems.

I have been researching the Indian market extensively because so many of my LinkedIn connections and fellow career changers are based in India. Sitting in Sydney, I can see the global demand for Indian cybersecurity professionals — the IT services companies that dominate India’s tech landscape have security practices that serve clients worldwide, and many of the security tools I use every day were built or are maintained by teams in Bangalore, Hyderabad, and Pune. What strikes me most about the Indian market is the sheer scale of opportunity — the talent gap is enormous, salaries are rising fast, and the regulatory push is creating demand that did not exist even three years ago.

Is India a good place to start a cybersecurity career? Yes — India has one of the world’s most severe cybersecurity talent shortages, with demand growing at 30%+ annually. Entry-level SOC Analyst roles start at ₹4–8 LPA (lakhs per annum), mid-level Security Engineers earn ₹10–20 LPA, and CISOs at large organisations can earn ₹40–80 LPA+.

Where are the jobs? Bangalore (tech capital, most roles), Hyderabad (fast-growing), Pune (IT services hub), Mumbai (finance and fintech), Delhi/NCR (government, MNCs, and consulting).

What do Indian employers want? CEH is disproportionately popular in India, but globally recognised certifications like CompTIA Security+, CISSP, and OSCP carry strong weight. Hands-on experience, cloud security skills, and familiarity with CERT-In compliance requirements are increasingly valued.

What Are the Salary Ranges for Cybersecurity Roles in India?

Indian cybersecurity salaries have risen significantly over the past three years, driven by the severe talent shortage and increasing regulatory requirements. All figures below are in Indian Rupees (INR) using lakhs per annum (LPA) notation, based on data from Glassdoor India, Naukri.com, AmbitionBox, and DSCI workforce reports.

Role	Experience Level	Salary Range (INR)	Notes
SOC Analyst (Tier 1)	Entry (0–2 years)	₹4–8 LPA	Highest volume of entry-level openings; IT services and MSSPs
SOC Analyst (Tier 2)	Mid (2–4 years)	₹8–14 LPA	SIEM expertise and incident response experience required
GRC Analyst	Entry–Mid (0–3 years)	₹6–12 LPA	Strong demand from banks and IT services companies
Security Engineer	Mid (3–5 years)	₹10–20 LPA	Cloud security and DevSecOps commands premium
Penetration Tester	Mid (2–5 years)	₹8–18 LPA	Higher at product companies and specialist firms
Security Architect	Senior (5–8 years)	₹20–35 LPA	Enterprise architecture and cloud security design
Security Consultant	Mid–Senior (3–8 years)	₹12–25 LPA	Wide range depending on firm and specialisation
Incident Response Lead	Senior (5–8 years)	₹18–30 LPA	Growing demand post-DPDP Act enforcement
Security Manager	Senior (6–10 years)	₹25–40 LPA	People management plus technical depth
CISO	Executive (10+ years)	₹40–80 LPA+	Large banks and IT services companies pay at the top

Individual results vary based on location, experience, company type, market conditions, and effort invested.

Key salary observations:

Bangalore pays the highest across most roles, followed by Mumbai and Hyderabad. Pune and Delhi/NCR are typically 10–20% lower for equivalent roles.
Product companies pay significantly more than IT services — a Security Engineer at a product company (Zscaler, CrowdStrike, Palo Alto) can earn 2–3x more than the same role at a Tier 1 IT services firm.
MNC India offices pay a premium — global companies like Google, Microsoft, Amazon, and IBM typically pay 30–50% above Indian IT services rates for equivalent security roles.
The gap between Tier 1 and Tier 2 cities is widening — remote work has helped, but most high-paying roles still require presence in Bangalore, Hyderabad, or Mumbai.
Variable pay is significant — many Indian companies offer 10–20% of CTC (Cost to Company) as variable or performance-linked pay.

Who Are the Major Cybersecurity Employers in India?

Understanding the employer landscape is critical because the type of company you join in India dramatically affects your salary, career trajectory, and the kind of work you do.

IT Services Companies (Tier 1)

These are the largest employers of cybersecurity professionals in India, with dedicated security practices serving global clients.

Employer	Headquarters	Cyber Team Size (est.)	Notes
TCS (Tata Consultancy Services)	Mumbai	5,000+	Largest IT services company globally. Cyber Security Practice serves Fortune 500 clients.
Infosys	Bangalore	3,000+	Strong security consulting and managed security services.
Wipro	Bangalore	2,500+	CyberSecurist practice with SOC operations and consulting.
HCLTech	Noida (NCR)	2,000+	Growing cybersecurity practice with global delivery centres.
Tech Mahindra	Pune	1,500+	Security operations and consulting across verticals.

MNC India Offices (Product and Consulting)

These offer the highest salaries and exposure to cutting-edge security work.

Employer	India Office	Notes
IBM India	Bangalore, Hyderabad	X-Force security operations, research, and consulting.
Accenture India	Bangalore, Mumbai, Hyderabad	Large security practice serving global clients.
Deloitte India	Mumbai, Bangalore, Hyderabad	Cyber risk and consulting practice.
PwC India	Multiple cities	Growing cybersecurity advisory practice.
EY India	Multiple cities	Cybersecurity consulting and managed services.
KPMG India	Mumbai, Bangalore	Risk and cybersecurity advisory.

Product Security Companies (India Offices)

Employer	India Office	Notes
Zscaler	Bangalore	Major R&D presence. Cloud security. High salaries.
CrowdStrike	Hyderabad, Pune	Endpoint security. Engineering and threat research.
Palo Alto Networks	Bangalore	Network security leader. Engineering and support roles.
Fortinet	Bangalore	Network security. R&D and support.
Trend Micro	Pune, Bangalore	Endpoint and cloud security. R&D heavy.
McAfee / Trellix	Bangalore	Established security vendor with large India team.

Financial Sector

Indian banks are rapidly building internal cybersecurity teams, driven by RBI mandates.

Employer	Notes
HDFC Bank	Largest private bank. Growing cyber team driven by RBI compliance.
ICICI Bank	Significant cybersecurity investment post-digital banking push.
State Bank of India (SBI)	Largest public sector bank. Massive digital footprint to protect.
Axis Bank	Strong focus on application security and fraud prevention.
Kotak Mahindra	Digital-first bank with growing security operations.
Paytm / PhonePe / Razorpay	Fintech companies with high-demand security engineering roles.

Government and Public Sector

Employer	Notes
CERT-In	Indian Computer Emergency Response Team. Incident response and coordination.
NIC (National Informatics Centre)	IT backbone of Indian government. Security operations.
DRDO	Defence Research and Development Organisation. Classified cybersecurity work.
NTRO	National Technical Research Organisation. Signals intelligence.
C-DAC	Centre for Development of Advanced Computing. Cybersecurity R&D and training.

Indian Cybersecurity Career Pathway

Typical progression with India-specific employers at each level

Entry Level

0–2 years | ₹4–8 LPA

SOC Analyst T1

TCS, Infosys, Wipro, HCLTech SOCs

GRC Analyst

Big Four India, banks, IT services

Security Support Engineer

Product companies, IT services

Vulnerability Analyst

Managed security service providers

Mid Level

2–5 years | ₹10–20 LPA

SOC Analyst T2/T3

IBM India, Accenture, Wipro

Security Engineer

Zscaler, CrowdStrike, Palo Alto, banks

Penetration Tester

Deloitte, PwC, specialist firms

Security Consultant

Big Four India, IT services

Senior Level

5–10 years | ₹20–40 LPA

Security Architect

Banks, product companies, MNCs

IR Lead

CERT-In, banks, large enterprises

Security Manager

IT services, banks, MNC offices

Principal Consultant

Big Four, IT services leadership

Leadership

10+ years | ₹40–80 LPA+

CISO

Banks, large enterprises, IT services

VP Security

MNCs, product companies

Partner / Director

Big Four, consulting firms

Government Leadership

CERT-In, NIC, DRDO

Idle

IT Services vs Product Companies: Which Path Is Better?

This is one of the most consequential career decisions for Indian cybersecurity professionals. The two paths offer fundamentally different experiences.

IT Services vs Product Companies for Cybersecurity in India

IT Services (TCS, Infosys, Wipro, HCLTech)

Scale, variety, structured entry

Easiest entry point for career changers — IT services companies hire at massive scale — thousands of cybersecurity roles annually across experience levels
Exposure to multiple clients and industries — You work across different client environments, tools, and compliance frameworks — building breadth fast
Structured training programs — Large firms invest in training infrastructure, certifications, and internal academies for security professionals
Global opportunities — Many IT services roles include onsite opportunities in the US, UK, Australia, and Middle East
Lower salaries compared to product companies — Entry-level IT services roles pay ₹4–6 LPA vs ₹8–15 LPA at product companies for equivalent work
Less depth in specialisation — Client-facing delivery work can keep you generalist rather than building deep expertise in one domain
Bench risk and utilisation pressure — Between projects you may be on bench with no billable work, creating career uncertainty

Product Companies (Zscaler, CrowdStrike, Palo Alto)

Higher pay, deeper expertise, harder entry

Significantly higher salaries — Product companies typically pay 2–3x more than IT services for equivalent experience levels
Deep technical expertise — You work on specific security products, building deep knowledge of one technology area
R&D and innovation exposure — Product companies invest in research, giving you access to cutting-edge security technology
Stronger resume signal — Product company experience on your CV signals technical depth and is highly valued by future employers
Higher entry barrier — Product companies have selective hiring — DSA rounds, system design, and deep domain knowledge expected
Narrower scope of work — You focus on one product or product suite rather than seeing multiple client environments
Fewer entry-level roles — Product companies in India tend to hire experienced professionals or top-tier campus graduates

Verdict: For career changers, IT services is typically the realistic entry point. Start at an IT services company, build 2–3 years of experience and certifications, then target product companies or MNC offices for a significant salary jump.

Use case

Many of India's top CISOs and security leaders started at IT services companies before moving to product companies, banks, or leadership roles at enterprises.

Where Are the Jobs? City-by-City Breakdown

Bangalore (Bengaluru) — The Undisputed Tech Capital

Bangalore has the highest concentration of cybersecurity roles in India, driven by its massive technology ecosystem.

Key sectors: Product security companies (Zscaler, CrowdStrike, Palo Alto, Fortinet), IT services (Infosys, Wipro), MNCs (IBM, Accenture, Google, Amazon), startups, and research labs.

Advantages: Highest volume of roles, highest salaries, most diverse employer mix, strong security community (null.community Bangalore chapter, OWASP Bangalore, BSides Bangalore).

Challenges: Extremely competitive for entry-level roles due to the concentration of talent. High cost of living by Indian standards. Traffic congestion is a practical daily challenge.

Typical salary premium: Bangalore roles typically pay 15–25% more than equivalent roles in Pune or Chennai.

Hyderabad — The Fastest-Growing Market

Hyderabad’s cybersecurity market has grown rapidly, driven by state government incentives and a growing technology ecosystem.

Key sectors: MNCs (CrowdStrike, Amazon, Google, Microsoft), IT services (TCS, Infosys), banks (HDFC, ICICI tech centres), government (Telangana Cyber Security Bureau).

Advantages: Rapidly growing with less competition than Bangalore, lower cost of living, strong government support for tech ecosystem, Telangana’s proactive cyber policy.

Challenges: Fewer pure-play security companies than Bangalore, market still maturing for senior leadership roles.

Pune — IT Services and Engineering Hub

Pune combines IT services strength with a growing product company presence.

Key sectors: IT services (Tech Mahindra headquarters, Infosys, TCS), product companies (Trend Micro, CrowdStrike), banks, automotive (OT security emerging).

Advantages: Lower cost of living than Bangalore and Mumbai, strong engineering culture, good work-life balance reputation, proximity to Mumbai.

Challenges: Smaller market overall, fewer MNC security offices compared to Bangalore and Hyderabad.

Mumbai — Financial Capital

Mumbai’s cybersecurity market is dominated by banking, finance, and fintech.

Key sectors: Banking (HDFC, ICICI, Kotak, Axis, SBI), fintech (Paytm, Razorpay, PhonePe), consulting (Deloitte, PwC, EY, KPMG headquarters), insurance.

Advantages: Strong demand for GRC and compliance roles (RBI, SEBI mandates), highest salaries for finance-sector security, access to CISO-level roles at major banks.

Challenges: Highest cost of living in India, fewer pure technology roles compared to Bangalore, finance-sector security can be heavily compliance-driven.

Delhi/NCR (Delhi, Gurgaon, Noida) — Government and MNCs

The National Capital Region offers a mix of government, consulting, and MNC roles.

Key sectors: Government (CERT-In, NIC, DRDO, NTRO), IT services (HCLTech headquarters in Noida), MNCs (Accenture Gurgaon, IBM, EY), consulting.

Advantages: Government cybersecurity roles with job stability, MNC offices in Gurgaon, diverse industry mix, proximity to policy and regulatory bodies.

Challenges: Fragmented across Delhi, Gurgaon, and Noida with significant commute challenges. Government roles have lower salaries. Air quality and infrastructure concerns.

Chennai — IT Services and Manufacturing

Chennai has a steady cybersecurity market driven by IT services and the growing manufacturing sector.

Key sectors: IT services (TCS headquarters, Cognizant, Infosys), manufacturing (OT security for automotive and electronics), banking.

Advantages: Lower cost of living, strong IT services presence, less competition for roles, growing OT security niche.

Challenges: Smaller market overall, fewer product companies, limited senior leadership opportunities compared to Bangalore or Mumbai.

What Certifications Do Indian Employers Want?

India has a unique certification landscape where some certifications carry disproportionate weight compared to global norms.

Certifications popular in India

Certification	Indian Relevance	Cost (INR approx.)
CEH (Certified Ethical Hacker)	Extremely popular in India — appears in more Indian job postings than any other cert. Required by many government and IT services roles.	₹30,000–₹50,000
CompTIA Security+	Growing recognition, especially at MNCs and product companies. Strong for global roles.	₹35,000–₹45,000
ISC2 CC	Free exam — excellent starting credential, increasingly recognised by Indian employers.	Free
CISSP	Gold standard for senior and management roles. Required for CISO positions at banks and large enterprises.	₹60,000–₹80,000
CISM	Popular for GRC roles, especially at Big Four and banking.	₹50,000–₹65,000
OSCP	Highly valued for penetration testing roles. Strong differentiator at product companies.	₹1,20,000–₹1,50,000
CompTIA CySA+	Growing recognition for SOC and blue team roles.	₹35,000–₹45,000

India-specific regulatory knowledge

Knowledge Area	What It Is	Who Needs It
IT Act 2000 (and amendments)	India’s primary legislation governing cybercrime, electronic commerce, and data protection	Everyone working in Indian cybersecurity
DPDP Act 2023	Digital Personal Data Protection Act — India’s comprehensive data protection law	GRC professionals, data security roles, compliance teams
RBI Cyber Security Framework	Reserve Bank of India’s mandatory cybersecurity controls for financial institutions	Banking and NBFC cybersecurity roles
SEBI Cyber Security Guidelines	Securities and Exchange Board of India’s cybersecurity requirements for market infrastructure	Capital markets and stock exchange security roles
CERT-In Directions 2022	Mandatory incident reporting within 6 hours, VPN log retention, and other security mandates	All organisations operating in India
IRDAI Cyber Security Guidelines	Insurance Regulatory and Development Authority’s security requirements	Insurance sector cybersecurity roles

How Do You Find Cybersecurity Jobs in India?

Job boards and career pages

Platform	Best For	Tips
Naukri.com	Broadest coverage of Indian cybersecurity roles	Search “cybersecurity,” “information security,” “SOC analyst,” “VAPT.” Set alerts for target companies.
LinkedIn India	Networking + job applications, especially for MNCs and product companies	Follow security leaders, engage with Indian cybersecurity content creators, join India-specific groups.
Indeed India	Good for IT services and mid-tier company roles	Useful supplement to Naukri.
monster.co.in	Additional coverage for IT services and enterprise roles	Less dominant than Naukri but still relevant.
Glassdoor India	Salary research and company reviews	Verify salary ranges before interviews.
Company career pages	Direct applications to target companies	Check careers pages at TCS, Infosys, Wipro, Zscaler, CrowdStrike, and bank websites directly.
iimjobs / Hirist	Premium tech roles, mid-to-senior level	Better for experienced hires than entry-level.

Campus placement and fresher hiring

For recent graduates and career changers completing training programs, campus placement through CDAC, NIELIT, and university programmes is a significant hiring channel. IT services companies in particular hire large cohorts through campus drives.

Training and Community in India

Training institutions

Institution	What It Offers	Notes
CDAC (Centre for Development of Advanced Computing)	PG Diploma in IT with cybersecurity specialisation	Highly regarded. Government-backed. Strong placement record at IT services companies.
NIELIT (National Institute of Electronics and IT)	Cybersecurity courses at multiple levels	Government institute. Affordable. Good for foundational knowledge.
IIT Cybersecurity programs	IIT Madras, IIT Kanpur, IIT Delhi offer cybersecurity courses and research programs	Premium credentials. Limited seats. Research-focused at postgraduate level.
IIIT Hyderabad	Information security research and postgraduate programs	Strong academic reputation for security research.
EC-Council (India operations)	CEH, CHFI, and other certifications	Extensive Indian training partner network. Popular in the Indian market.
Simplilearn / UpGrad / Great Learning	Online cybersecurity programs and bootcamps	Accessible and affordable. Quality varies. Verify placement claims carefully.

Security community and conferences

Event / Community	Notes
null.community (Null Security)	India’s largest open security community. Monthly meetups in Bangalore, Delhi, Mumbai, Hyderabad, Pune, Chennai, and more. Free. Excellent for networking.
OWASP India chapters	Application security focused. Active chapters in Bangalore, Delhi, Mumbai, Chennai, Hyderabad. Free monthly meetups.
c0c0n	India’s premier hacking and cybersecurity conference. Held annually in Kochi, Kerala. Mix of technical talks, CTF, and networking.
BSides India	Community-run conferences in multiple cities. Growing presence.
DSCI Annual Conference	Data Security Council of India’s flagship event. Industry-focused with strong government and enterprise attendance.
Nullcon	International security conference held in Goa. Technical focus with global speakers.
Ground Zero Summit	Delhi-based security conference with capture-the-flag competitions and technical workshops.

While this page covers the Indian market, the career change fundamentals are universal. This guide walks you through the skills and knowledge you need regardless of location.

Intro to Cybersecurity for Non-ITAvailable Now

Complete beginner guide to cybersecurity for career changers with zero IT background.

Get the Guide → $19

What Makes the Indian Market Different?

Several factors make India’s cybersecurity market distinct from the US, UK, and Australia:

1. The talent gap is proportionally the largest in the world. India needs over 1 million cybersecurity professionals but has roughly 300,000–350,000. This is not just a shortage — it is a chasm. For career changers, this means employers are increasingly willing to hire non-traditional candidates and invest in training.

2. IT services companies are the dominant entry point. Unlike the US or Australia where MSSPs and mid-size companies are common entry points, India’s IT services giants (TCS, Infosys, Wipro, HCLTech) are the primary gateway into cybersecurity. They hire at scale, provide training, and offer global exposure — but at lower salaries than product companies.

3. CEH has outsized influence. The Certified Ethical Hacker certification appears in more Indian job postings than any other certification. This is partly cultural, partly driven by EC-Council’s strong Indian market presence, and partly because many government and IT services procurement requirements specifically mandate CEH. Regardless of opinions about CEH’s technical depth, having it opens doors in the Indian market.

4. Regulatory compliance is driving rapid growth. The DPDP Act 2023, RBI Cyber Security Framework, SEBI guidelines, and CERT-In’s 2022 directions on mandatory 6-hour incident reporting have created a wave of compliance-driven hiring. GRC and compliance roles are growing faster than pure technical roles in many sectors.

5. The salary gap between company types is extreme. A Security Engineer with 3 years of experience might earn ₹8–12 LPA at an IT services company but ₹18–30 LPA at a product company for essentially the same work. This gap is larger than in most other markets and creates strong incentives to strategically move between company types.

6. Remote work is expanding opportunities beyond Tier 1 cities. Post-COVID, many Indian cybersecurity roles — especially at product companies and MNCs — offer remote or hybrid arrangements. This is opening opportunities for professionals in Tier 2 and Tier 3 cities who previously had to relocate to Bangalore or Mumbai.

A Practical Entry Plan for Indian Career Changers

Based on the Indian market specifically, here is a practical 12-month plan:

Months 1–3: Foundations

Earn ISC2 Certified in Cybersecurity (free exam, free training)
Start Professor Messer’s Security+ course (free on YouTube)
Join null.community and attend your local chapter meetup
Start learning about CERT-In and the DPDP Act 2023

Months 4–6: Core Certifications

Earn CompTIA Security+ (~₹35,000–₹45,000 INR)
Consider CEH if targeting IT services or government roles (~₹30,000–₹50,000 INR)
Build a home lab with VirtualBox (Kali Linux, vulnerable VMs)
Complete TryHackMe SOC Level 1 path

Months 7–9: Hands-On and Networking

Complete TryHackMe Cyber Defence path
Attend c0c0n, Nullcon, or a BSides India event
Connect with 30+ Indian cybersecurity professionals on LinkedIn
Learn basics of RBI Cyber Security Framework and IT Act 2000
Start applying for entry-level roles (SOC Analyst, VAPT, GRC Analyst)

Months 10–12: Active Job Search

Apply on Naukri.com, LinkedIn India, and company career pages
Register on IT services company career portals (TCS, Infosys, Wipro)
Apply to CDAC or NIELIT programs if you want structured training
Target campus drives and walkin interviews at IT services companies
Network actively through null.community and OWASP chapters

Summary and Key Takeaways

India’s cybersecurity market offers massive opportunity for career changers — the talent gap is the largest in the world, salaries are rising rapidly, and regulatory requirements are creating sustained demand.

The talent gap is enormous. India needs 1 million+ cybersecurity professionals and has roughly 300,000–350,000. This gap is your opportunity.
Entry-level salaries are growing fast. SOC Analyst Tier 1 roles pay ₹4–8 LPA, with rapid progression to ₹10–20 LPA within 2–3 years — faster at product companies and MNCs.
Six major city markets, each with distinct character. Bangalore (tech capital), Hyderabad (fast-growing), Pune (IT services), Mumbai (finance), Delhi/NCR (government/MNCs), Chennai (IT services).
IT services companies are the primary entry point. TCS, Infosys, Wipro, and HCLTech hire at scale and provide structured training and global exposure.
CEH opens doors in India specifically. Combined with CompTIA Security+ and hands-on experience, it satisfies most Indian job posting requirements.
The regulatory push is real. DPDP Act, RBI framework, SEBI guidelines, and CERT-In mandates are creating compliance-driven demand across all sectors.
The salary jump from IT services to product companies is significant. Plan your career strategically — 2–3 years at IT services, then target product companies or MNCs for a 2–3x salary increase.

The Indian cybersecurity market is massive, growing, and actively looking for talent — including career changers with the right skills and certifications.

Career Change Roadmap for the full phase-by-phase plan applicable to any market
Career Landscape for the complete role map from entry to CISO
Degree vs Self-Taught vs Bootcamp for education path decisions relevant to Indian options
Budget & Cost Planning for detailed cost breakdowns
Job Search Strategy for job search tactics that work in the Indian market

Frequently Asked Questions

What is the average cybersecurity salary in India?

Entry-level SOC Analyst roles pay ₹4–8 LPA, mid-level Security Engineers earn ₹10–20 LPA, and CISOs at large organisations earn ₹40–80 LPA+. Product companies and MNC India offices pay significantly more than IT services companies — often 2–3x for equivalent roles. Bangalore pays the highest salaries, followed by Mumbai and Hyderabad. Salary data sourced from Glassdoor India, Naukri.com, AmbitionBox, and DSCI workforce reports.

Is CEH necessary for cybersecurity jobs in India?

CEH is not strictly necessary, but it appears in more Indian cybersecurity job postings than any other certification. Many IT services companies, government agencies, and banks specifically list CEH as a requirement. If you are targeting the Indian market — especially IT services or government roles — having CEH gives you a measurable advantage. For MNCs and product companies, globally recognised certifications like CompTIA Security+, CISSP, and OSCP carry equal or stronger weight.

Which Indian city is best for starting a cybersecurity career?

Bangalore has the most cybersecurity roles due to its concentration of product companies, IT services firms, MNCs, and startups. Hyderabad is the fastest-growing market with strong MNC presence and lower cost of living than Bangalore. Mumbai is best for finance-sector security roles. For most career changers, Bangalore or Hyderabad offers the broadest range of opportunities.

Are IT services companies a good starting point for cybersecurity?

Yes — IT services companies like TCS, Infosys, Wipro, and HCLTech are the primary entry point for cybersecurity careers in India. They hire at scale, provide structured training, offer exposure to multiple clients and industries, and often include international opportunities. The trade-off is lower starting salaries compared to product companies. The common strategy is to start at IT services, build 2–3 years of experience and certifications, then move to a product company or MNC for a significant salary increase.

What is CERT-In and why does it matter?

CERT-In (Indian Computer Emergency Response Team) is India's national agency for responding to cybersecurity incidents. Under the 2022 CERT-In Directions, all organisations operating in India must report cybersecurity incidents within 6 hours, maintain logs for 180 days, and comply with other mandatory security requirements. This has created significant compliance-driven demand for cybersecurity professionals, particularly in GRC and incident response roles.

What is the DPDP Act and how does it affect cybersecurity jobs?

The Digital Personal Data Protection Act 2023 is India's comprehensive data protection law. It establishes requirements for data processing, consent management, data breach notification, and penalties for non-compliance. Similar to how GDPR drove cybersecurity hiring in Europe, the DPDP Act is creating demand for data protection officers, privacy engineers, GRC analysts, and security architects across Indian organisations.

Can I get a cybersecurity job in India without a degree?

Yes, though it is harder than in markets like the US or Australia. Indian employers — particularly IT services companies — often list degree requirements in job postings. However, the severe talent shortage means employers are becoming more pragmatic. Strong certifications (CEH, Security+, CySA+), hands-on experience (TryHackMe, HackTheBox, CTFs), and demonstrated skills through projects and community involvement can compensate for the lack of a degree. CDAC and NIELIT diploma programs also provide respected credentials without a full degree.

How does null.community help with cybersecurity networking in India?

null.community (Null — The Open Security Community) is India's largest open security community with active chapters in Bangalore, Delhi, Mumbai, Hyderabad, Pune, Chennai, Kolkata, and more. They host free monthly meetups featuring technical talks, workshops, and CTF challenges. Attending null meetups is one of the most effective ways to build a professional network in Indian cybersecurity — many hiring managers and security leaders are active members.

More resources

CERT-In — Indian Computer Emergency Response Team

India's national cybersecurity agency responsible for incident response and coordination.

Visit DSCI — Data Security Council of India

NASSCOM's cybersecurity arm — workforce reports, industry research, and advocacy.

Visit DPDP Act 2023 — Digital Personal Data Protection Act

India's comprehensive data protection legislation driving compliance-led cybersecurity demand.

Visit null.community — The Open Security Community

India's largest open security community with free monthly meetups in all major cities.

Visit NASSCOM Cybersecurity Reports

Industry body reports on India's technology and cybersecurity workforce.

Visit

Salary data from Glassdoor India, Naukri.com, AmbitionBox, and DSCI Cybersecurity Workforce Report as of 2025–2026. Individual results vary based on location, company type, experience, market conditions, and effort invested.