The Short Version
A Security Analyst detects and prevents cyber threats to an organization.
Every day, you will ferret out the weaknesses of your infrastructure (software, hardware and networks) and find creative ways to protect it.
Security Analyst Responsibilities
In any given week, you may be required to:
Plan, implement and upgrade security measures and controls
Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
Maintain data and monitor security access
Perform vulnerability testing, risk analyses and security assessments
Conduct internal and external security audits
Anticipate security alerts, incidents and disasters and reduce their likelihood
Manage network, intrusion detection and prevention systems
Analyze security breaches to determine their root cause
Recommend and install appropriate tools and countermeasures
Define, implement and maintain corporate security policies
Train fellow employees in security awareness and procedures
Coordinate security plans with outside vendors
Cybersecurity: Managing Risk in the Information Age online short course
Security Analyst Vs. Security Administrator
Confused about the difference between a Security Analyst and a Security Administrator? Analysts and Administrators are peers, but they do not have the same job responsibilities.
Security Analysts are responsible for analyzing data and recommending changes to higher ups. But they are usually not the ones responsible for authorizing and implementing changes. Their main job is keeping attackers out.
Security Administrators ensure that systems are working as designed. Unlike analysts, they make changes, apply patches and set up new admin users. Their main job is keeping systems up.
In both cases, the immediate supervisor is usually a Security Manager.
Security Analyst Career Paths
The next logical career steps for a Security Analyst include:
From there, you can work your way towards becoming a:
The role of “Security Analyst” encompasses job titles such as:
Data Security Analyst
Information System Security Analyst
IT Security Analyst
SECURITY ANALYST SALARIES
According to Payscale, the median salary for a Security Analyst is $65,261 per year (2014 figures). Overall, you can expect to take home a total pay of $44,285 – $95,851. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
SECURITY ANALYST JOB REQUIREMENTS
This will depend on the complexity of your organization’s security needs. The majority of job postings ask for 1-5 years of experience. Many folks with 5+ years of experience don’t want the stress of working as an Incident Responder and will opt for a lifelong career as an analyst instead. Employers are usually happy to accept them.
There is no firm and fast degree requirement for Security Analysts. Nevertheless, most employers are going to be looking for a bachelor’s degree in Computer Science, Cyber Security or a related field.
Having said that, there are a lot of current analysts who have gone through weird and wonderful routes. If you don’t have a technical degree, you may be able to impress hiring agencies with experience, training and certifications.
Consider honing your technical skills in:
IDS/IPS, penetration and vulnerability testing
DLP, anti-virus and anti-malware
TCP/IP, computer networking, routing and switching
Firewall and intrusion detection/prevention protocols
Windows, UNIX and Linux operating systems
Network protocols and packet analysis tools
C, C++, C#, Java or PHP programming languages
Security Information and Event Management (SIEM)
Soft skills like writing, teaching and public speaking are equally important. As part of your job, you’ll be expected to draft policies, talk over issues with upper management and explain how your security plans fit into the larger corporate picture.
Overall, analysts are expected to be curious, creative thinkers who are deeply interested in the latest security developments and tools.
Certifications For Security Analysts
Security certifications look good on résumés, but they’re not always necessary for certain positions – check the job requirements. In addition, some of these certifications (e.g. CISSP) require a number of years of experience:
CEH: Certified Ethical Hacker
ECSA: EC-Council Certified Security Analyst
GSEC / GCIH / GCIA: GIAC Security Certifications
CISSP: Certified Information Systems Security Professional