What Does a Security Analyst Do?
Protecting sensitive information is a significant concern for every company, and organizations need security analysts to determine best how to secure their data and make sure that data stays secure. A security analyst protects computer networks from cyber attacks, creates cybersecurity policies and practices for the entire organization, and documents security breaches.
Security testing is also a big part of a security analyst’s job. Security analysts work with an IT security team to test their networks and look for any weaknesses in their security measures. The security analyst then develops a plan to account for that weakness. A security analyst needs to stay adaptable. Cybersecurity is ever-changing and keeping up with the latest trends in cyber attacks and security measures is critical for every security analyst.
Security analysts also take part in creating an organization’s disaster recovery plan for the company to follow in an emergency. That often includes planning how data is stored and backed up as well as how the organization can restore its network to proper function after a disaster or emergency.
Are you a job seeker?
of job openings
and apply online
National Average Salary
Security analyst salaries vary by experience, industry, organization size, and geography. To explore salary ranges by local market, please visit our sister site zengig.com.
The average U.S. salary for a Security Analyst is:
Security Analyst Job Descriptions
- Operational support for information security tool alerts, triaging, and maintenance
- Execute information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
- Perform first-level incidence response and computer forensics activities
- Assess security controls and evaluate the security posture of organizational internal controls
- Evaluate third-party relationships for compliance with organization security standards
- Collaborate with IT department and Business colleagues to develop security programs as an SME
- Researches security trends, new methods, and techniques used in order to preemptively eliminate the possibility of a system breach
- Serve as Subject Matter Expert (SME) on information security-related projects and initiatives assigned
- Maintain confidentiality on all sensitive security matters
- Excellent time management and communication skills
- Strong ability to research technical challenges and learn quickly to provide security guidance
- Familiarity with compliance regulations (e.g. FERPA, HIPAA)
- Demonstrated ability of analytical expertise, close attention to detail, critical thinking, logic, and solution-oriented
- Minimum three years of experience directly related to Information Security
- Have an undergraduate degree from an accredited institution in an IT-related field (preferred)
- Must have industry-recognized certifications in CISSP, GIAC, or similar (or achieve within one year of employment)
- Must be able to travel 0-10% of the time
- Must be able to lift 20 lbs.
- Typical office setting
- Mobility within the office including movement from floor to floor
- Travel via plane, car, and metro may be required to perform this job
- Must be able to work more than 40 hours per week when business needs warrant
- Access information using a computer
- Effectively communicate, both up and down the management chain
- Effectively cope with stressful situations
- Strong mental acuity
- Regular, dependable attendance and punctuality are essential functions of this job
ABC Company is currently seeking an Information Security Analyst to join our client’s team in (State). This is a fully remote, contract-to-hire position. Must live in (State).
- Monitor events and triage alerts across various security platforms
- Identify and resolve false positive findings reported by information security tools
- Monitor email and ticketing systems for security-related issues and follow through until resolution
- Stay up-to-date with adversary tactics, techniques, and procedures (TTPs) and IT news
- Knowledge of Information Security Concepts
- Experience with log analysis and familiarity with various SIEM tools (Splunk, Elastic, ArcSight, QRadar, etc.)
- Experience with various scripting languages (Bash/PowerShell/Python)
- Familiarity with the functionality of Windows, Mac OS X, and Linux operating systems
- General Information Technology and Computer Networking knowledge preferred
As a GCP Cloud Security Analyst, you will be at the front lines with our clients supporting them with their cloud security needs to securely navigate their journey to the cloud on the leading cloud platforms, by supporting the implementation of industry-leading practices around cyber risks and cloud security for clients. You will execute cloud security engagements during different phases of the lifecycle – assessment, design, implementation, and post-implementation reviews, particularly you will:
- Have foundational knowledge of cloud cyber risk for the Google Cloud Platform
- Assist in guiding clients on their transition from on-premise security technologies to cloud-native options and assist clients with the deployment of cloud-native and third-party technologies to secure cloud platforms
- Support cloud security assessments and provide recommendations on required configurations for client’s google cloud platforms and environments based on ABC Company’s Cloud Cyber Risk Framework
- Design, develop, and implement cloud platform-specific security policies, standards, and procedures
- Troubleshoot problems with cloud infrastructure (e.g., domain name service, virtual network peering, dedicated cloud connectivity services – Google Cloud Dedicated Interconnect) and resources (e.g., virtual machines, virtual networks, cloud databases) in a multi-cloud vendor environment and document technical platform issues, analysis, client communication, and resolution as part of cyber risk mitigation steps
- Assist in the design, implementation, management, and automation of DevSecOps capabilities in cloud offerings (e.g., Google Functions, Python, JSON, Terraform)
- Support the team on proposals, whitepapers, proof of concepts, technical eminence materials, and firm initiatives
- BA/BS Degree is required. Ideally in Computer Science, Cyber Security, Information Security, Engineering, Information Technology
- Ability to work independently and manage multiple projects/assignments/responsibilities in a fast-paced environment
- Demonstrated leadership and strong verbal and written communication skills
- Demonstrated problem-solving and critical-thinking skills
- Ability to travel up to 50% (While up to 50% travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
- Strong academic track record (GPA of 3.2 preferred)
- Relevant work experience or work experience in a professional environment (e.g. internships, summer positions, school jobs)
- Foundational knowledge of cloud computing and/or cybersecurity
- Full stack development experience
- Experience with JSON, Python, XML, and the ability to write automation scripts
- Experience with Terraform or other IaC tools
- Foundational knowledge of security and privacy-related industry standards and frameworks (e.g., ISO 27001/2, NIST 800-53, NIST CSF, CSA CCM) is a plus
- Knowledge of IP networking, VPNs, DNS, load balancing, and firewalling concepts
How to Hire a Security Analyst
When hiring a security analyst, first consider the following:
- Recruiting: Do you have the knowledge, tools, and resources to attract and screen candidates?
- Complexity: Do you need a senior professional, or will mid or junior-level skills and experience suffice?
- Duration: Is this a one-time project or an ongoing need?
- Management: Do you have the time and expertise to direct the work effectively?
- Urgency: How soon does the work need to be completed?
- Headcount: Do you have the budget and approval for an internal employee, or should you consider alternate options?
Answering these questions will help determine the best course of action for your current hiring need. Fortunately, great options exist for every scenario. These are our recommendations:
1. Use 4 Corner Resources (or another professional recruiting firm)
The heavy lifting is done for you when working with a top-tier staffing company like 4 Corner Resources. We source, screen, recruit, and deliver only the most qualified candidate(s), saving you significant time and effort throughout the hiring process while you remain focused on your core business. Understanding your needs and ensuring the right candidate for the position is the key to our success.
This is the best route to take when:
- You need to fill the position quickly
- You want access to a vast talent pool of high-quality, prescreened candidates
- Your position is suited for temporary hiring services, contract staffing, or contract-to-hire recruiting, and you intend to direct the work activity.
- You are hiring an employee as a direct placement but aren’t able to recruit effectively or efficiently with your internal staff.
- You aren’t familiar with current salary rates, market trends, and available skill sets
2. Hire an experienced freelancer
The freelance, or gig, economy continues to grow, with more talent available daily. Freelancers provide high-quality work without a long-term commitment. They can offer you a fresh perspective, more flexibility, and increase efficiency. While the freelance market isn’t ideal for every position, security analysts are often a great fit.
We recommend this option when:
- Your need is project-based
- The work can be performed remotely
- You do not intend to direct the daily work activity
- You are hiring for expertise your internal team does not possess
- You do not require an employee to work onsite or follow a specific schedule
When hiring a security analyst, we recommend using Upwork.
Upwork is a freelance talent network that helps individuals connect with experts in a variety of fields to accomplish project-based needs. When you have a specific, well-defined goal in mind, this can be a great path to hiring an experienced security analyst. If you are satisfied with the outcome you can continue to book the same freelancer through Upwork’s easy-to-use project interface.
3. Advertise your opening on a top job board
Your best option may be to advertise your opening on a proven job board. There are many widely used job sites out there that draw visits from qualified candidates. If you have someone internally who can dedicate the time and energy to sort through applications and screen individuals effectively, this can be a great choice.
We recommend using a job board when:
- Your internal recruiting team has the knowledge and experience to assess candidate qualifications
- You are hiring a direct employee and have time to manage the entire recruiting effort
- You have a process for receiving, screening, and tracking all resumes and applications
- You are prepared to respond to all applicants
There are many career sites out there. Here are the two we recommend for a security analyst opening:
CareerBuilder has been a trusted source for hiring since 1995. Reach 80+ million unique, diverse U.S. job seekers annually by posting your jobs through their talent acquisition channels. Through CareerBuilder, you can engage candidates and drive them into your sourcing pipeline. We recommend using CareerBuilder for hiring when you have the internal resources and processes to review, screen, and reply to all applicants.
LinkedIn is a social network for job seekers, professionals, and businesses. With this popular job site, you can enhance your brand and advertise your open position to a wide audience of motivated, qualified candidates. Job postings on LinkedIn are also extremely streamlined and user-friendly, making it even easier for candidates to apply. Additionally, applicants can use their LinkedIn profile instead of a resume to expedite the process.
4. Leverage your internal resources
You can utilize your own website, social media, and employees to assist in your search for top candidates.
A company website posting should be the first step in notifying prospective candidates that you are hiring. Social media can also be a powerful tool for spreading the word about your new opening. As far as exposure is concerned, this option can be as good as some job boards when you have a large enough following across various platforms, like LinkedIn, Instagram, Facebook, TikTok, and Twitter.
Current employees are every organization’s greatest asset. Encourage your internal team to promote job openings to their network by offering cash and other incentives.
We recommend these options when:
- Your brand has great name recognition
- You can consistently monitor and respond to candidate activity through your website and social media accounts
- You have a process in place to quickly and broadly communicate job openings and requirements
- You have an effective employee referral program in place
If you aren’t sure which path is best, schedule a discovery call today with our seasoned recruiting professionals. The 4 Corner team is on standby to help you find the best option for your unique hiring need.
Sample Interview Questions
- Where do you see yourself in five years? In ten?
- What makes you a good fit for this company?
- What sparked your interest in information security?
- What makes you a great security analyst?
- Describe three ways to authenticate someone.
- Explain how to secure a network. What factors would you take into consideration?
- What would you do if someone with more authority than you demands that you break protocol?