What Does an Information Security Analyst Do?
Information security analysts develop and install security systems to protect organization’s computer systems. To be successful in this position, information security analysts need to have a deep understanding of firewalls, antivirus, SIEM, and proxies to safeguard networks.
Information security analysts support the IT security team by monitoring computer networks, installing new security software, and reporting any security breaches that occur. It is important for information security analysts to identify any vulnerabilities in their computer systems to prevent any cyber attacks from happening.
A strong candidate for this role should have a Bachelor’s degree in computer science or information systems. This role allows information security analysts to apply what they learned in school to help install security measures and software that will protect a company’s confidential information. Information security analysts will frequently move on to higher IT roles such as IT director and information security manager.
Are you a job seeker?
Browse zengig’s
comprehensive list
of job openings
and apply online
National Average Salary
Information security analyst salaries vary by experience, industry, organization size, and geography. To explore salary ranges by local market, please visit our sister site zengig.com.
The average U.S. salary for an Information Security Analyst is:
$86,640
Information Security Analyst Job Descriptions
It’s important to include the right content in your job description when hiring an information security analyst. The following examples can serve as templates for attracting the best available talent for your team.
Example 1
This position assists the information security officer (ISO) in developing and maintaining a comprehensive security program for [Your Company Name]. Providing functional and technical support is important to maintaining security posture and protection of electronically and physically stored information assets across our systems. Tasks include reviewing and updating university-wide policy relating to information security, supporting design, implementation, configuration, and maintenance to mitigate risk to the university and its computing endpoints.
Typical duties and responsibilities
- Designs, evaluates, and implements IT security systems
- Monitors computer networks for security issues
- Investigates security breaches and cybersecurity incidents
- Documents security breaches and assesses impact
- Performs security tests, risk assessments, and audits to uncover network vulnerabilities and provides training to ensure violations do not persist
- Mitigates vulnerabilities to maintain a high-security standard
- Develops best practices for IT security
- Performs penetration testing
- Researches security enhancements and makes recommendations to management
- Stays current on information technology trends and security standards
- Prepares reports that detail risk assessment findings
- Installs and updates security and antivirus software
- Uses data encryption, firewalls, and other related security tools and applications to protect confidential digital information
Education and experience
- Bachelor’s degree in computer science or related field
- MBA in information systems preferred
- 3+ years experience in information security or related field
Required skills and qualifications
- Experience with computer network penetration testing and techniques
- Solid understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Ability to identify and mitigate network vulnerabilities
- Good understanding of patch management
- Proficient with various OS
- Excellent written and verbal communication skills
- Knowledge of firewalls, antivirus, and intrusion detection system concepts
Preferred qualifications
- Experience installing security software and documenting security issues
- Experience administering information security software and controls
- Experience defining process for managing network security
- Network and system administration experience
Example 2
Key knowledge and experience
The information security analyst differs from a cybersecurity analyst in that the former is responsible for monitoring cyber security breaches along with crafting recovery plans and protecting the organization’s information as a whole
- Communicate effectively orally and in writing regarding complex protocols and procedures often involving sensitive and confidential data
- Deep understanding of Standard Information Security Baseline Frameworks, Business Continuity, and Disaster Recovery protocols and best practices, Infrastructure monitoring tools such as DarkTrace, Splunk, Certificate Management, PRTG, Palo Alto Firewalls, Microsoft Defender for Business, NESSUS etc.
- Exposure to ITIL (Incident/Change Management) – ITIL v3F preferred
- Previous experience in the Info Sec Analyst/Cyber Security space (3+ years)
- Maintain security updates along with testing of Colocation sites with Disaster Recovery technologies
- Develop, Maintain and recommend resolutions to BCDR (Business Continuity and Disaster Recovery) and Information Security Management Systems
Principal duties and responsibilities
- Under the guidance of the Director of Information Technology, monitor and report on all security related matters in the organization
- Analyze and review information security controls including physical and data security protecting the confidentiality, integrity and availability of information systems data
- Serve as a member of the risk management committee; responsible for delivering results of operational risk assessments and mitigation tracking information to the committee for review
- Serve as a member of the incident response team (IRT); could be responsible for the investigation, documentation, communication and/or risk mitigation tracking of the incident
- Develop, coordinate, and maintain third-party relationships with information security vendors and partners
- Participate in efforts to improve and promote data security awareness. Participate in bi-annual employee security awareness program as requested
- Learns and monitors the business processes for the areas of primary support responsibility as defined in the IT Responsibilities matrix
- Responsible for annual Security Baseline Audits and execution of recommendations
- As part of the technology team, occasionally performs “Help Desk” day-to-day tasks: answers questions, analyzes failures, research solutions, revises systems to overcome faults, repairs corrupted data, communicates, and documents solutions to the IT team
- Maintains a current and comprehensive knowledge of IT technologies and systems through the latest literature and formal training and will be looked to as one of the Corporation’s experts for those technologies designated as primary responsibilities
- Maintains familiarity with the business processes, servers and systems of the organization’s user base from a security perspective
- Assists the other IT staff as necessary
- Performs other duties and projects as assigned by the IT Director
- Monitors and reviews IT security and recommends changes as appropriate
- Performs routine checks of security and other related log files for devices such as firewalls, switches, and workstations within areas of primary responsibility
- Stays current with security issues, trends, and best practices
Physical requirements
Climbing, balancing, stooping, kneeling, crouching, crawling, reaching, standing, walking, pushing, pulling, lifting, grasping, feeling, talking, hearing, seeing, and repetitive motions. Exerting up to 50 pounds of force occasionally, and/or up to 20 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects
Example 3
The Information Security Analyst will
- Provide Information Assurance (IA) oversight for unclassified and classified networks and systems
- Analyze IT system concepts, provide recommendations for design and optimization, and facilitate the assessment and authorization process
- Employ best practices and provide recommendations for the implementation of security controls
- Work with stakeholders to define and analyze system security requirements and provide technical solutions to best fit the customer’s needs
- Identify and communicate technical risks and mitigation strategies
- Develop and maintain security documentation for corporate policy and standards
- Assist with completing documentation and implementation of information security requirements for IT systems throughout the Risk Management Framework (RMF)
- Assist in creating POAMs and provide recommendations for mitigation strategies
- Work with company System Administrators to ensure the appropriate controls are implemented
- Perform technical vulnerability test analysis utilizing tools such as Retina, WASSP, and SECSCN
- Ensure continuous monitoring is in place for all classified assets
- Perform Operational Security (OPSEC) review and response
- Perform network monitoring (FireEye/Splunk)
- Manage Service Now tickets assigned to Information Security Ops
Requirements and skills
- Six (6) to 10 years experience performing in the role of Information Security Analyst or SOC
- Demonstrated experience in responding to, managing, and resolving security incidents
- Experience with LAN/WAN networking concepts, IP addressing and routing concepts, Windows/Linux/Unix operating systems, Information Security concepts, and best practices
- Experience with Windows/Linux/Unix server administration is a plus
- Experience working with a Security Information and Event Management (SIEM) system is a plus
Education
- Bachelor’s degree in an IT related field preferred, not required
- IAT Level-2 technical certification preferred (CompTIA Security+ or CISSP) or ability to obtain within 90 days of start date
Overall requirements
- Submit/Pass a 10-year Dept. of Defense background check, criminal history, drug screening, and fingerprints
- Valid driver’s license/Real-ID with clean driver’s history
- Applicant must have a strong work ethic, be extremely organized and detail-oriented, be a self-starter with excellent time-management, problem solving, and multitasking skills
- Applicant must have excellent front-facing/face-to-face customer service skills
- Problem solving skills from active listening to, and educating, customers through resolution and a set of delivery expectations
- Excellent communication skills (in English), both verbal and written, to articulate details in a professional manager
- Position may require ability to sit, stand, walk extended distances, bend, stoop, squat, and lift to 35 lbs. from the floor to desktop for extended periods of time
Example 4
Duties
- Work with and HR, IT, and Business to ensure timely logical access entitlements
- Coordinate and complete annual user access recertification requests in a timely manner for SOX and GLBA Applications
- Review and analyze network and application user roles and access entitlement reports and ensure accurate access provisions and document those processes
- Perform impact assessments for delayed terminations/transfers and ensure there are no unauthorized transactions in the Bank systems. Implement necessary access changes within the environment based on the received change requests
- Responsible for communicating the relevant access procedures and/or processes throughout the organization
- Conduct basic Information Security training for onboarding new employees of the Bank
- Assist with audit queries (internal and external)
- Partake in DR test and table-top exercises
- Plan and coordinate MFA Token management for customers, employees, and contractors
- Coordinate and complete annual application password recertification
- Coordinate with senior management/Board for logical access requests
- Coordinate with Accounting for appropriate expense workflows are aligned with new hire requests and terminations in the Bank
- Monitor department expense versus budget and approval of vendor invoices in the expense system
- Reinstate external user access in Proofpoint
- Work closely with vendors, Information Technology, and Information Security manager to implement logical access stemming from new projects and initiatives
- Train and manage interns and Information Security associates and delegate day-to-day work for performing timely Logical access operations functions seamlessly
- Perform risk assessment for new applications as per privacy policy of the Bank
- Perform other duties as directed
Knowledge, skills, and experience requirements
- Bachelor’s degree or equivalent experience
- Minimum of 2+ years of experience in Application access entitlement management
- Advance knowledge of Microsoft Excel
- Understanding of logical access user entitlement provisioning and de-provisioning procedures
- Deep familiarity with banking applications and security administration
- Knowledge of Segregation of Duties & role-based access
- Familiarity of Identity and Access Management tools
- Awareness of regulatory requirements such as DFS 500, SOX, GLBA, etc. as it pertains to Logical access
- Knowledge of security frameworks– ISO 27001, NIST, etc.
- Certification such as SSCP or GSEC desirable
- Strong analytical ability
- Excellent verbal/written communication and interpersonal skills
Candidate Certifications to Look For
- CompTIA Security+ Certification. The CompTIA Security+ is for entry-level candidates and demonstrates that they have the baseline skills needed to perform core security functions. The program provides hands-on troubleshooting, equipping them with practical security problem-solving skills. Certification proves a candidate’s ability to assess the security of an enterprise environment and recommend and implement appropriate security solutions. It also shows they can monitor and secure hybrid environments and identify, analyze, and respond to security events and incidents.
- Certified Penetration Tester (CPT). The CPT certification is offered by the Information Assurance Certification Review Board and designates a candidate’s working knowledge and skills in the field of penetration testing. The program covers nine domains, including penetration testing methodologies, network protocol attacks, network reconnaissance, vulnerability identification, windows exploits, and Unix/Linux exploits. The CPT certification is good for four years.
- Systems Security Certified Practitioner (SSCP). The International Information Systems Security Certification Consortium administers the SSCP certification, which demonstrates a candidate’s advanced technical skills and knowledge in implementing, monitoring, and administering IT infrastructure using security best practices, policies, and procedures. Candidates for certification must have at least one year of experience in the field.
Sample Interview Questions
- What are three ways to authenticate a user?
- What factors do you take into account when securing a network?
- What is a three-way handshake?
- How do you permanently disable bad actors from accessing sensitive data?
- What is data leakage? What are the factors that can cause it?
- What is the 80/20 rule of networking?
- What is phishing? How can it be prevented?
- What techniques would you use to prevent web server attacks?
- How would you handle this data breach?
- What is the difference between a threat, a vulnerability, and a risk?
- What are the steps involved in securing a server?
- What is SSL?
- What is the protocol used for secure file transfers?
- What is a polymorphic virus?
- What is the difference between a worm and a virus?
- What steps do you take to ensure the security of a system using outdated software?
- What anomalies would you look for if a system was compromised?
- How would you monitor and log cyber security events?
- What’s the difference between symmetric and asymmetric encryption?
- What is the difference between a white box test and a black box test?