Security AnalystJob Description, Salary, Career Path, and Trends
Protecting sensitive information is a significant concern for every company, and organizations need security analysts to determine best how to secure their data and make sure that data stays secure. A security analyst protects computer networks from cyber attacks, creates cybersecurity policies and practices for the entire organization, and documents security breaches.
Security testing is also a big part of a security analyst’s job. Security analysts work with an IT security team to test their networks and look for any weaknesses in their security measures. The security analyst then develops a plan to account for that weakness. A security analyst needs to stay adaptable. Cybersecurity is ever-changing and keeping up on the latest trends in cyber attacks and security measures is critical for every security analyst.
Security analysts also take part in creating an organization’s disaster recovery plan for the company to follow in an emergency. That often includes planning how data is stored and backed up as well as how the organization can restore its network to proper function after a disaster or emergency.
Sample job description
[Your Company Name] is hiring experienced security analysts. If you’re a reliable individual with experience researching novel threats and performing threat intelligence analyses looking to work in a fast-paced environment, our company might be the perfect fit for you. As a security analyst, you will report on security breaches, install software to protect sensitive information, monitor the company’s network to watch for and prevent breaches, create and implement a security plan, as well as run regular simulated cyber attacks to assess the strength and vulnerability of computer systems. This job requires an extremely responsible candidate with three or more years of experience.
Typical duties and responsibilities
Monitor computer networks for security issues
Investigate security breaches and other cybersecurity incidents
Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs
Document security breaches and assess the damage they cause
Work with the security team to perform tests and uncover network vulnerabilities
Fix detected vulnerabilities to maintain a high-security standard
Stay current on IT security trends and news
Develop company-wide best practices for IT security
Perform penetration testing
Help colleagues install security software and understand information security management
Research security enhancements and make recommendations to management
Stay up-to-date on information technology trends and security standards
Education and experience
This position requires a bachelor’s degree in computer science or a related discipline. An MBA in information systems is strongly preferred.
Required skills and qualifications
Experience in information security or a related field
Experience with computer network penetration testing and techniques
Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
Ability to identify and mitigate network vulnerabilities and explain how to avoid them
Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact
Ability to administer network and host-based tools for pen testing & ethical hacking products
Knowledge of host compromise & malware injection techniques
Experience with cloud infrastructure and provisioning technology
Excellent oral & written technical communication skills
Average salary and compensation
The average salary for a security analyst is $140,000 in the United States. Position salary will vary based on experience, education, company size, industry, and market.
Los Angeles, California
Minneapolis-St. Paul, Minnesota
New York City, New York
Typical work environment
Security analysts typically work full time in an office setting for businesses from banks and financial institutions to consulting firms and computer companies. They will occasionally have to work evenings and weekends in case of emergencies and security breaches. Some work more than forty hours a week.
The typical work hours in an office setting for a security analyst are usually from 9 AM to 5 PM. In an emergency, security analysts can be called upon to work outside of regular business hours.
With the onslaught of hackers, security analysts are increasingly more in demand to protect a company’s computer systems and databases from attacks. As such, many certifications are available to begin a career in information security.
Certified Ethical Hacker (CEH). A CEH is an expert in the latest tools and techniques hackers use, with the idea that to beat a hacker, you need to think like one. This certification is obtained by passing a four-hour exam that demonstrates your ability to consider vulnerabilities and weaknesses in a company’s security.
Certified Security Analyst (CSA). This certification, offered by the EC-Council, is taken after becoming a CEH. The course is taught online at your own pace. In order to be certified, you must pass a 150 question, multiple choice test, followed by an intense, 12-hour practical exam. This certification may be challenging to obtain, but it can help you further your career as a security analyst.
Certified Information Systems Security Professional (CISSP). For security analysts with at least five years of experience, the CISSP is a highly respected certification, recognized internationally. Candidates must pass an exam to be certified, and then earn forty continuing education hours a year to remain certified.
A security analyst must have at least a bachelor’s degree in computer science, IT, or a related discipline. Companies also recommend that students pursue coursework in cybersecurity, penetration testing, and computer forensics. Candidates who have served as interns in IT departments while pursuing a degree are also considered more desirable.
Most of the time, IT professionals don’t start as security analysts. Instead, most spend a year or two in entry-level computer programming or software developer roles, or as computer systems analysts. In those positions, you can gain experience working with various platforms, data transmission processes, and intrusion and detection software programs.
Industry certifications can also increase your chances of landing a position as a security analyst. Companies that create specific cybersecurity platforms offer certification courses, such as Cisco’s Certified Network Associate security certificate. Also, there are industry-specific certifications available. For example, security analysts in the manufacturing industry can get a certification in eCommerce fraud or retail crime from companies such as the McAfee Institute.
US, Bureau of Labor Statistics’ job outlook
SOC Code: 15-1212
Projected Employment in 2030
Projected 2020-2030 Percentage Shift
Projected 2020-2030 Numeric Shift
Cybersecurity jobs are in huge demand as our society starts digitally storing more and more sensitive data. The security analyst field is changing every day, and many industry analysts say the market for security analysts will only increase.
According to the industry news website Cyber Security Intelligence, there was a global cybersecurity staffing shortage of about three million people in 2019. In the years to come, cyberattacks are expected to become more frequent, and the role of a security analyst will expand. Companies are expected to begin looking for analysts who have skills in areas like digital forensics, which is recovering evidence like deleted files to trace and pursue cyber attackers.
Another trend in the security analyst field is ethical hacking. Security analysts could likely have to work with ethical hackers more often to aid them in testing weaknesses in security systems and software. After these weaknesses are exposed, a security analyst would work with their team to account for and eliminate those weaknesses.
Sample interview questions
Where do you see yourself in five years? In ten?
What makes you a good fit for this company?
What sparked your interest in information security?
What makes you a great security analyst?
Describe three ways to authenticate someone.
Explain how to secure a network. What factors would you take into consideration?
What would you do if someone with more authority than you demands that you break protocol?
We match top professionals with great employers across the country. Your next career move or star employee is just around the corner. Review our career content and advice, browse our latest job openings, or email us your resume. We look forward to connecting with you soon!