Security AnalystJob Description, Salary, Career Path, and Trends

Protecting sensitive information is a significant concern for every company, and organizations need security analysts to determine best how to secure their data and make sure that data stays secure. A security analyst protects computer networks from cyber attacks, creates cybersecurity policies and practices for the entire organization, and documents security breaches.

Security testing is also a big part of a security analyst’s job. Security analysts work with an IT security team to test their networks and look for any weaknesses in their security measures. The security analyst then develops a plan to account for that weakness. A security analyst needs to stay adaptable. Cybersecurity is ever-changing and keeping up on the latest trends in cyber attacks and security measures is critical for every security analyst.

Security analysts also take part in creating an organization’s disaster recovery plan for the company to follow in an emergency. That often includes planning how data is stored and backed up as well as how the organization can restore its network to proper function after a disaster or emergency.

Sample job description

[Your Company Name] is hiring experienced security analysts. If you’re a reliable individual with experience researching novel threats and performing threat intelligence analyses looking to work in a fast-paced environment, our company might be the perfect fit for you. As a security analyst, you will report on security breaches, install software to protect sensitive information, monitor the company’s network to watch for and prevent breaches, create and implement a security plan, as well as run regular simulated cyber attacks to assess the strength and vulnerability of computer systems. This job requires an extremely responsible candidate with three or more years of experience. 

Typical duties and responsibilities

  • Monitor computer networks for security issues
  • Investigate security breaches and other cybersecurity incidents
  • Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs
  • Document security breaches and assess the damage they cause
  • Work with the security team to perform tests and uncover network vulnerabilities
  • Fix detected vulnerabilities to maintain a high-security standard
  • Stay current on IT security trends and news
  • Develop company-wide best practices for IT security
  • Perform penetration testing
  • Help colleagues install security software and understand information security management
  • Research security enhancements and make recommendations to management
  • Stay up-to-date on information technology trends and security standards

Education and experience

This position requires a bachelor’s degree in computer science or a related discipline. An MBA in information systems is strongly preferred.

Required skills and qualifications

  • Experience in information security or a related field
  • Experience with computer network penetration testing and techniques
  • Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
  • Ability to identify and mitigate network vulnerabilities and explain how to avoid them
  • Understanding of patch management with the ability to deploy patches in a timely manner while understanding business impact

Preferred qualifications

  • Ability to administer network and host-based tools for pen testing & ethical hacking products
  • Knowledge of host compromise & malware injection techniques
  • Experience with cloud infrastructure and provisioning technology
  • Excellent oral & written technical communication skills

Average salary and compensation

The average salary for a security analyst is $140,000 in the United States. Position salary will vary based on experience, education, company size, industry, and market.

LocationSalary LowSalary High
Phoenix, Arizona$139,250$188,350
Los Angeles, California$157,100$212,500
Denver, Colorado$130,900$177,100
Washington, DC$159,450$215,750
Miami, Florida$130,300$176,300
Orlando, Florida$120,200$162,600
Tampa, Florida$121,400$164,200
Atlanta, Georgia$127,350$172,250
Chicago, Illinois$146,350$198,050
Boston, Massachusetts$158,250$214,150
Minneapolis-St. Paul, Minnesota$126,150$170,650
New York City, New York$166,600$225,400
Philadelphia, Pennsylvania$135,650$183,550
Dallas, Texas$132,100$178,700
Houston, Texas$130,900$177,100
Seattle, Washington$152,300$206,100
National Average$119,000$161,000

Typical work environment

Security analysts typically work full time in an office setting for businesses from banks and financial institutions to consulting firms and computer companies. They will occasionally have to work evenings and weekends in case of emergencies and security breaches. Some work more than forty hours a week. 

Typical hours

The typical work hours in an office setting for a security analyst are usually from 9 AM to 5 PM. In an emergency, security analysts can be called upon to work outside of regular business hours.

Available certifications

With the onslaught of hackers, security analysts are increasingly more in demand to protect a company’s computer systems and databases from attacks. As such, many certifications are available to begin a career in information security.

  • Certified Ethical Hacker (CEH). A CEH is an expert in the latest tools and techniques hackers use, with the idea that to beat a hacker, you need to think like one. This certification is obtained by passing a four-hour exam that demonstrates your ability to consider vulnerabilities and weaknesses in a company’s security. 
  • Certified Security Analyst (CSA). This certification, offered by the EC-Council, is taken after becoming a CEH. The course is taught online at your own pace. In order to be certified, you must pass a 150 question, multiple choice test, followed by an intense, 12-hour practical exam. This certification may be challenging to obtain, but it can help you further your career as a security analyst. 
  • Certified Information Systems Security Professional (CISSP). For security analysts with at least five years of experience, the CISSP is a highly respected certification, recognized internationally. Candidates must pass an exam to be certified, and then earn forty continuing education hours a year to remain certified.

Career path

A security analyst must have at least a bachelor’s degree in computer science, IT, or a related discipline. Companies also recommend that students pursue coursework in cybersecurity, penetration testing, and computer forensics. Candidates who have served as interns in IT departments while pursuing a degree are also considered more desirable.

Most of the time, IT professionals don’t start as security analysts. Instead, most spend a year or two in entry-level computer programming or software developer roles, or as computer systems analysts. In those positions, you can gain experience working with various platforms, data transmission processes, and intrusion and detection software programs.

Industry certifications can also increase your chances of landing a position as a security analyst. Companies that create specific cybersecurity platforms offer certification courses, such as Cisco’s Certified Network Associate security certificate. Also, there are industry-specific certifications available. For example, security analysts in the manufacturing industry can get a certification in eCommerce fraud or retail crime from companies such as the McAfee Institute.

US, Bureau of Labor Statistics’ job outlook

SOC Code: 15-1212

2020 Employment141,200
Projected Employment in 2030188,300
Projected 2020-2030 Percentage Shift 33% increase
Projected 2020-2030 Numeric Shift47,100 increase

Cybersecurity jobs are in huge demand as our society starts digitally storing more and more sensitive data. The security analyst field is changing every day, and many industry analysts say the market for security analysts will only increase.

According to the industry news website Cyber Security Intelligence, there was a global cybersecurity staffing shortage of about three million people in 2019. In the years to come, cyberattacks are expected to become more frequent, and the role of a security analyst will expand. Companies are expected to begin looking for analysts who have skills in areas like digital forensics, which is recovering evidence like deleted files to trace and pursue cyber attackers.

Another trend in the security analyst field is ethical hacking. Security analysts could likely have to work with ethical hackers more often to aid them in testing weaknesses in security systems and software. After these weaknesses are exposed, a security analyst would work with their team to account for and eliminate those weaknesses.

Sample interview questions

  • Where do you see yourself in five years? In ten?
  • What makes you a good fit for this company?
  • What sparked your interest in information security? 
  • What makes you a great security analyst?
  • Describe three ways to authenticate someone.
  • Explain how to secure a network. What factors would you take into consideration?
  • What would you do if someone with more authority than you demands that you break protocol?

Security Analyst Jobs in Ashburn

    Loading RSS Feed

Need help hiring a Security Analyst?

We match top professionals with great employers across the country. Your next career move or star employee is just around the corner. Review our career content and advice, browse our latest job openings, or email us your resume. We look forward to connecting with you soon!

Browse A-Z Job Descriptions