What Does a Security Analyst Do?
Security analysts identify and assess security risks, analyze security data, and develop and implement security strategies to protect an organization’s technology infrastructure and data. Their duties and responsibilities include scanning and monitoring computer networks, systems, and applications for security vulnerabilities, to anticipate and protect against potential threats. They also create and maintain protocols, processes, and procedures to guard against cyber threats, unauthorized access, and data breaches.
Security analysts may also create an organization’s disaster recovery plan for the company to follow in an emergency. That often includes planning how data is stored and backed up and how the organization can restore its network to proper function after a disaster or emergency.
Successful security analysts have strong technical skills and a deep understanding of network protocols, operating systems, and cybersecurity best practices, plus first-hand experience with firewalls, intrusion detection systems, and anti-malware software.
Are you a job seeker?
Browse zengig’s
comprehensive list
of job openings
and apply online
Security Certifications to Look For
- Certified Ethical Hacker (CEH). A CEH is an expert in the latest tools and techniques hackers use, with the idea that to beat a hacker, candidates need to think like one. This certification is obtained by passing a four-hour exam that demonstrates their ability to consider vulnerabilities and weaknesses in a company’s security.
- Certified Information Security Manager (CISM): This certification is aimed at management-level professionals and covers governance, risk management, and incident management. It is beneficial for security analysts involved in designing and managing an organization’s security strategy.
- Certified Security Analyst (CSA). This certification, offered by the EC-Council, is taken after becoming a CEH. The course is taught online at a candidate’s own pace. In order to be certified, they must pass a 150-question, multiple-choice test, followed by an intense, 12-hour practical exam. This certification may be challenging to obtain, but it can help candidates further their careers as security analysts.
- Certified Information Systems Security Professional (CISSP). For security analysts with at least five years of experience, the CISSP is a highly respected certification, recognized internationally. Candidates must pass an exam to be certified, and then earn forty continuing education hours a year to remain certified.
- CompTIA Security+: This entry-level certification covers a wide range of foundational security topics, making it a good starting point for security analysts. It demonstrates basic knowledge of network security, risk management, and cryptography.
National Average Salary
Security analyst salaries vary by experience, industry, organization size, and geography. To explore salary ranges by local market, please visit our sister site zengig.com.
The average U.S. salary for a Security Analyst is:
$84,380
Security Analyst Job Descriptions
The first step when hiring a great security analyst is a well-crafted job description. Below are real-world examples to help give you the best chance of success on your recruiting journey.
Analyst example description 1
[Your Company Name] is hiring experienced security analysts. If you’re a reliable individual with experience researching novel threats and performing threat intelligence analyses looking to work in a fast-paced environment, our company might be the perfect fit for you. As a security analyst, you will report on security breaches, install software to protect sensitive information, monitor the company’s network to watch for and prevent breaches, create and implement a security plan, as well as run regular simulated cyber attacks to assess the strength and vulnerability of computer systems. This job requires an extremely responsible candidate with three or more years of experience.
Typical duties and responsibilities
- Monitor computer networks for security issues
- Investigate security breaches and other cybersecurity incidents
- Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs
- Document security breaches and assess the damage they cause
- Work with the security team to perform tests and uncover network vulnerabilities
- Fix detected vulnerabilities to maintain a high-security standard
- Stay current on IT security trends and news
- Develop company-wide best practices for IT security
- Perform penetration testing
- Help colleagues install security software and understand information security management
- Research security enhancements and make recommendations to management
- Stay up-to-date on information technology trends and security standards
Education and experience
This position requires a bachelor’s degree in computer science or a related discipline. An MBA in information systems is strongly preferred.
Required skills and qualifications
- Experience in information security or a related field
- Experience with computer network penetration testing and techniques
- Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
- Ability to identify and mitigate network vulnerabilities and explain how to avoid them
- Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
Preferred qualifications
- Ability to administer network and host-based tools for pen testing & ethical hacking products
- Knowledge of host compromise & malware injection techniques
- Experience with cloud infrastructure and provisioning technology
- Excellent oral & written technical communication skills
Analyst example description 2
Essential duties
- Operational support for information security tool alerts, triaging, and maintenance
- Execute information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
- Perform first-level incidence response and computer forensics activities
- Assess security controls and evaluate the security posture of organizational internal controls
- Evaluate third-party relationships for compliance with organization security standards
- Collaborate with IT department and Business colleagues to develop security programs as an SME
- Researches security trends, new methods, and techniques used in order to preemptively eliminate the possibility of a system breach
- Serve as Subject Matter Expert (SME) on information security-related projects and initiatives assigned
- Maintain confidentiality on all sensitive security matters
Job skills
- Excellent time management and communication skills
- Strong ability to research technical challenges and learn quickly to provide security guidance
- Familiarity with compliance regulations (e.g. FERPA, HIPAA)
- Demonstrated ability of analytical expertise, close attention to detail, critical thinking, logic, and solution-oriented
Work experience
- Minimum three years of experience directly related to Information Security
Education
- Have an undergraduate degree from an accredited institution in an IT-related field (preferred)
Certifications
- Must have industry-recognized certifications in CISSP, GIAC, or similar (or achieve within one year of employment)
Other
- Must be able to travel 0-10% of the time
- Must be able to lift 20 lbs.
- Typical office setting
- Mobility within the office including movement from floor to floor
- Travel via plane, car, and metro may be required to perform this job
- Must be able to work more than 40 hours per week when business needs warrant
- Access information using a computer
- Effectively communicate, both up and down the management chain
- Effectively cope with stressful situations
- Strong mental acuity
- Regular, dependable attendance and punctuality are essential functions of this job
Analyst example description 3
ABC Company is currently seeking an Information Security Analyst to join our client’s team in (State). This is a fully remote, contract-to-hire position. Must live in (State).
Responsibilities
- Monitor events and triage alerts across various security platforms
- Identify and resolve false positive findings reported by information security tools
- Monitor email and ticketing systems for security-related issues and follow through until resolution
- Stay up-to-date with adversary tactics, techniques, and procedures (TTPs) and IT news
Requirements
- Knowledge of Information Security Concepts
- Experience with log analysis and familiarity with various SIEM tools (Splunk, Elastic, ArcSight, QRadar, etc.)
- Experience with various scripting languages (Bash/PowerShell/Python)
- Familiarity with the functionality of Windows, Mac OS X, and Linux operating systems
- General Information Technology and Computer Networking knowledge preferred
Analyst example description 4
As a GCP Cloud Security Analyst, you will be at the front lines with our clients supporting them with their cloud security needs to securely navigate their journey to the cloud on the leading cloud platforms, by supporting the implementation of industry-leading practices around cyber risks and cloud security for clients. You will execute cloud security engagements during different phases of the lifecycle – assessment, design, implementation, and post-implementation reviews, particularly you will:
- Have foundational knowledge of cloud cyber risk for the Google Cloud Platform
- Assist in guiding clients on their transition from on-premise security technologies to cloud-native options and assist clients with the deployment of cloud-native and third-party technologies to secure cloud platforms
- Support cloud security assessments and provide recommendations on required configurations for client’s google cloud platforms and environments based on ABC Company’s Cloud Cyber Risk Framework
- Design, develop, and implement cloud platform-specific security policies, standards, and procedures
- Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services – Google Cloud Dedicated Interconnect) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and document technical platform issues, analysis, client communication, and resolution as part of cyber risk mitigation steps
- Assist in the design, implementation, management, and automation of DevSecOps capabilities in cloud offerings (e.g., Google Functions, Python, JSON, Terraform)
- Support the team on proposals, whitepapers, proof of concepts, technical eminence materials, and firm initiatives
Required
- BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology
- Ability to work independently and manage multiple projects/assignments/responsibilities in a fast-paced environment
- Demonstrated leadership and strong verbal and written communication skills
- Demonstrated problem-solving and critical-thinking skills
- Ability to travel up to 50% (While up to 50% travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
Preferred
- Strong academic track record (GPA of 3.2 preferred)
- Relevant work experience or work experience in a professional environment (e.g. internships, summer positions, school jobs)
- Foundational knowledge of cloud computing and/or cybersecurity
- Full stack development experience
- Experience with JSON, Python, XML, and the ability to write automation scripts
- Experience with Terraform or other IaC tools
- Foundational knowledge of security and privacy-related industry standards and frameworks (e.g., ISO 27001/2, NIST 800-53, NIST CSF, CSA CCM) is a plus
- Knowledge of IP networking, VPNs, DNS, load balancing, and firewalling concepts
Sample Interview Questions
- Describe your experience in identifying and assessing security risks?
- What were your specific areas of responsibility in your previous role?
- Which security tools have you previously used?
- Which tools would you choose for maximum cyber threat protection?
- Which tools would you choose for monitoring and analysis?
- Which technologies did you use in your previous role? What were the pros and cons?
- How do you remain current with new security trends?
- How do you ensure compliance with laws and regulations?
- Describe your experience with penetration testing.
- When and where have you performed vulnerability assessments? What was your process?
- Describe a time you had to troubleshoot a security issue. What steps did you take to resolve it?
- Describe your experience with incident response management.
- What has been your most difficult security issue to resolve? How did you approach it and what was the outcome?
- What makes you a good fit for this company?
- What sparked your interest in information security?
- What makes you a great security analyst?
- Describe three ways to authenticate someone.
- Explain how to secure a network. What factors would you take into consideration?
- What would you do if someone with more authority than you demands that you break protocol?