About the Job Title "Security Analyst"

Security Analyst Job Description

Security analysts work to protect the security systems of one organization. Their job is to keep constant tabs on threats and monitor the organizations network for potential security vulnerabilities. They use this information, collected from threat monitoring tools and other sources, to identify, analyse and report on events that have occurred, or may occur, on the organizations network.

Security Analyst Job Profiles: This is a general writeup based on our research into Security Analyst positions in the Cybersecurity career area. For individual, real-life job profiles of actual people with this type of job, check out our job profiles page.

What's it like to be a Security Analyst?

Typical duties and responsibilities

Key duties and responsibilities depend on the size and security level of the organization you will work for. However, core duties and responsibilities include:

  • Investigating security breaches and other cyber security incidents in the organizations system
  • Working with security teams to perform tests and uncover network vulnerabilities
  • Monitoring computer networks to assess security issues
  • Installing security measures and operating software (e.g., firewalls and data encryption programs) to protect systems and information infrastructure
  • Documenting and reporting security breaches and assessing the damage that they have caused
  • Fixing detected vulnerabilities to maintain a high-security standard
  • Following and keeping up to date with IT security trends, technology trends and security standards
  • Helping with the installation of security software
  • Researching and making recommendations to management on security enhancements

Qualifications

Like most cybersecurity roles, employers typically look for a degree in Computer Science, or another science related field.

However, Cybrary offer a range of online courses to aid you in your journey to becoming a security analyst. They offer level one, level two and level three courses which all provide you with the skills and resources to eventually earn the CompTIA CASP+ certificate.

A level one course requires little experience and they recommend that you have a basic understanding of IT and network fundamentals. They do, however, recommend that you should have 10 years of experience in IT administration, including experience in hands-on information security technical experience to complete your level three course.

Skills and work experience

Many employers will seek relevant work experience. Relevant work experience includes experience in computer network penetration testing and techniques. You will also need to have an understanding of firewalls, proxies, SIEM, antivirus and IDPS concepts.

It is also advantageous to have experience and knowledge of hacking, intrusion prevention, incident response, computer forensics and reverse engineering.

You also need to be able to demonstrate excellent attention to detail and that you have an analytical mindset as security analysts tend to work with scenarios, which means pouring over thousands and thousands of pages of data to look for anomalies.

Finally, demonstrating creativity is an added bonus as you will always have to be thinking one step ahead to prevent the organizations network from experiencing security attacks.

Hours

You can expect to be working full-time in normal business hours (Monday to Friday, 9am to 5pm). However, sometimes you will need to be on call and work outside of normal working hours in case of an emergency or to roll out a major update.

Salary

According to PayScale, the average salary for a security analyst is $68,000 annually.

Progression

The Bureau of Labour Statistics also estimates a 32% growth in hiring for Cybersecurity analyst role between 2018 and 2028.

Typically, analysts work for smaller organization and control their whole network. However, there are options to work for bigger business and many progression opportunities. Many analysts end up advancing into more specialized roles in engineering, compliance or penetration testing, making it a desirable role to start off in for cyber security.