Information Security Analyst How to Hire, Salary Data, and Job Descriptions

Information security analysts develop and install security systems to protect organization’s computer systems. To be successful in this position, information security analysts need to have a deep understanding of firewalls, antivirus, SIEM, and proxies to safeguard networks.

Information security analysts support the IT security team by monitoring computer networks, installing new security software, and reporting any security breaches that occur. It is important for information security analysts to identify any vulnerabilities in their computer systems to prevent any cyber attacks from happening. 

A strong candidate for this role should have a Bachelor’s degree in computer science or information systems. This job opportunity allows information security analysts to apply what they learned in school to help install security measures and software that will protect a company’s confidential information. Information security analysts can be promoted to higher IT roles such as IT director and information security manager.

Sample job description #1

Key knowledge and experience

The information security analyst differs from a cybersecurity analyst in that the former is responsible for monitoring cyber security breaches along with crafting recovery plans and protecting the organization’s information as a whole

  • Communicate effectively orally and in writing regarding complex protocols and procedures often involving sensitive and confidential data
  • Deep understanding of Standard Information Security Baseline Frameworks, Business Continuity, and Disaster Recovery protocols and best practices, Infrastructure monitoring tools such as DarkTrace, Splunk, Certificate Management, PRTG, Palo Alto Firewalls, Microsoft Defender for Business, NESSUS etc.
  • Exposure to ITIL (Incident/Change Management) – ITIL v3F preferred
  • Previous experience in the Info Sec Analyst/Cyber Security space (3+ years)
  • Maintain security updates along with testing of Colocation sites with Disaster Recovery technologies
  • Develop, Maintain and recommend resolutions to BCDR (Business Continuity and Disaster Recovery) and Information Security Management Systems

Principal duties and responsibilities

  • Under the guidance of the Director of Information Technology, monitor and report on all security related matters in the organization
  • Analyze and review information security controls including physical and data security protecting the confidentiality, integrity and availability of information systems data
  • Serve as a member of the risk management committee; responsible for delivering results of operational risk assessments and mitigation tracking information to the committee for review
  • Serve as a member of the incident response team (IRT); could be responsible for the investigation, documentation, communication and/or risk mitigation tracking of the incident
  • Develop, coordinate, and maintain third-party relationships with information security vendors and partners
  • Participate in efforts to improve and promote data security awareness. Participate in bi-annual employee security awareness program as requested
  • Learns and monitors the business processes for the areas of primary support responsibility as defined in the IT Responsibilities matrix
  • Responsible for annual Security Baseline Audits and execution of recommendations
  • As part of the technology team, occasionally performs “Help Desk” day-to-day tasks: answers questions, analyzes failures, research solutions, revises systems to overcome faults, repairs corrupted data, communicates, and documents solutions to the IT team
  • Maintains a current and comprehensive knowledge of IT technologies and systems through the latest literature and formal training and will be looked to as one of the Corporation’s experts for those technologies designated as primary responsibilities
  • Maintains familiarity with the business processes, servers and systems of the organization’s user base from a security perspective
  • Assists the other IT staff as necessary
  • Performs other duties and projects as assigned by the IT Director
  • Monitors and reviews IT security and recommends changes as appropriate
  • Performs routine checks of security and other related log files for devices such as firewalls, switches, and workstations within areas of primary responsibility
  • Stays current with security issues, trends, and best practices

Physical requirements

Climbing, balancing, stooping, kneeling, crouching, crawling, reaching, standing, walking, pushing, pulling, lifting, grasping, feeling, talking, hearing, seeing, and repetitive motions. Exerting up to 50 pounds of force occasionally, and/or up to 20 pounds of force frequently, and/or up to 10 pounds of force constantly to move objects

Sample job description #2

The Information Security Analyst will

  • Provide Information Assurance (IA) oversight for unclassified and classified networks and systems
  • Analyze IT system concepts, provide recommendations for design and optimization, and facilitate the assessment and authorization process
  • Employ best practices and provide recommendations for the implementation of security controls
  • Work with stakeholders to define and analyze system security requirements and provide technical solutions to best fit the customer’s needs
  • Identify and communicate technical risks and mitigation strategies
  • Develop and maintain security documentation for corporate policy and standards
  • Assist with completing documentation and implementation of information security requirements for IT systems throughout the Risk Management Framework (RMF)
  • Assist in creating POAMs and provide recommendations for mitigation strategies
  • Work with company System Administrators to ensure the appropriate controls are implemented
  • Perform technical vulnerability test analysis utilizing tools such as Retina, WASSP, and SECSCN
  • Ensure continuous monitoring is in place for all classified assets
  • Perform Operational Security (OPSEC) review and response
  • Perform network monitoring (FireEye/Splunk)
  • Manage Service Now tickets assigned to Information Security Ops

Requirements and skills

  • Six (6) to 10 years experience performing in the role of Information Security Analyst or SOC
  • Demonstrated experience in responding to, managing, and resolving security incidents
  • Experience with LAN/WAN networking concepts, IP addressing and routing concepts, Windows/Linux/Unix operating systems, Information Security concepts, and best practices
  • Experience with Windows/Linux/Unix server administration is a plus
  • Experience working with a Security Information and Event Management (SIEM) system is a plus

Education

  • Bachelor’s degree in an IT related field preferred, not required
  • IAT Level-2 technical certification preferred (CompTIA Security+ or CISSP) or ability to obtain within 90 days of start date

Overall requirements

  • Submit/Pass a 10-year Dept. of Defense background check, criminal history, drug screening, and fingerprints
  • Valid driver’s license/Real-ID with clean driver’s history
  • Applicant must have a strong work ethic, be extremely organized and detail-oriented, be a self-starter with excellent time-management, problem solving, and multitasking skills
  • Applicant must have excellent front-facing/face-to-face customer service skills
  • Problem solving skills from active listening to, and educating, customers through resolution and a set of delivery expectations
  • Excellent communication skills (in English), both verbal and written, to articulate details in a professional manager
  • Position may require ability to sit, stand, walk extended distances, bend, stoop, squat, and lift to 35 lbs. from the floor to desktop for extended periods of time

Sample job description #3

Essential job functions

  • Work with and HR, IT, and Business to ensure timely logical access entitlements
  • Coordinate and complete annual user access recertification requests in a timely manner for SOX and GLBA Applications
  • Review and analyze network and application user roles and access entitlement reports and ensure accurate access provisions and document those processes
  • Perform impact assessments for delayed terminations/transfers and ensure there are no unauthorized transactions in the Bank systems. Implement necessary access changes within the environment based on the received change requests
  • Responsible for communicating the relevant access procedures and/or processes throughout the organization
  • Conduct basic Information Security training for onboarding new employees of the Bank
  • Assist with audit queries (internal and external)
  • Partake in DR test and table-top exercises
  • Plan and coordinate MFA Token management for customers, employees, and contractors
  • Coordinate and complete annual application password recertification
  • Coordinate with senior management/Board for logical access requests
  • Coordinate with Accounting for appropriate expense workflows are aligned with new hire requests and terminations in the Bank
  • Monitor department expense versus budget and approval of vendor invoices in the expense system
  • Reinstate external user access in Proofpoint
  • Work closely with vendors, Information Technology, and Information Security manager to implement logical access stemming from new projects and initiatives
  • Train and manage interns and Information Security associates and delegate day-to-day work for performing timely Logical access operations functions seamlessly
  • Perform risk assessment for new applications as per privacy policy of the Bank
  • Perform other duties as directed

Knowledge, skills, and experience requirements

  • Bachelor’s degree or equivalent experience
  • Minimum of 2+ years of experience in Application access entitlement management
  • Advance knowledge of Microsoft Excel
  • Understanding of logical access user entitlement provisioning and de-provisioning procedures
  • Deep familiarity with banking applications and security administration
  • Knowledge of Segregation of Duties & role-based access
  • Familiarity of Identity and Access Management tools
  • Awareness of regulatory requirements such as DFS 500, SOX, GLBA, etc. as it pertains to Logical access
  • Knowledge of security frameworks– ISO 27001, NIST, etc.
  • Certification such as SSCP or GSEC desirable
  • Strong analytical ability
  • Excellent verbal/written communication and interpersonal skills

Average salary and compensation

The average salary for an information security analyst is $86,500 in the United States. Position salary will vary based on experience, education, company size, industry, and market.

LocationSalary LowSalary High
Phoenix, Arizona$91,050$111,300
Los Angeles, California$102,750$125,550
Denver, Colorado$85,600$104,650
Washington, DC$104,300$127,500
Miami, Florida$85,200$104,150
Orlando, Florida$78,600$96,100
Tampa, Florida$79,400$97,050
Atlanta, Georgia$83,300$101,800
Chicago, Illinois$95,750$117,000
Boston, Massachusetts$103,550$126,550
Minneapolis-St. Paul, Minnesota$82,500$100,850
New York City, New York$108,900$133,200
Philadelphia, Pennsylvania$88,700$108,450
Dallas, Texas$86,400$105,600
Houston, Texas$86,000$105,100
Seattle, Washington$99,600$121,750
National Average$77,850$95,150

Sample interview questions

  • What are three ways to authenticate a user?
  • What factors do you take into account when securing a network?
  • What is a three-way handshake?
  • How do you permanently disable bad actors from accessing sensitive data?
  • What is data leakage? What are the factors that can cause it?
  • What is the 80/20 rule of networking?
  • What is phishing? How can it be prevented?
  • What techniques would you use to prevent web server attacks?
  • How would you handle this data breach?
  • What is the difference between a threat, a vulnerability, and a risk?
  • What are the steps involved in securing a server?
  • What is SSL?
  • What is the protocol used for secure file transfers?
  • What is a polymorphic virus?
  • What is the difference between a worm and a virus?
  • What steps do you take to ensure the security of a system using outdated software?
  • What anomalies would you look for if a system was compromised?
  • How would you monitor and log cyber security events?
  • What’s the difference between symmetric and asymmetric encryption?
  • What is the difference between a white box test and a black box test?

Need help hiring an Information Security Analyst?

We match top professionals with great employers across the country. Your next career move or star employee is just around the corner. Review our career content and advice, browse our latest job openings, or email us your resume. We look forward to connecting with you soon!

Browse A-Z Job Descriptions