What Does a Security Analyst Do?
The Short Version
A Security Analyst detects and prevents cyber threats to an organization.
Every day, you will ferret out the weaknesses of your infrastructure (software, hardware and networks) and find creative ways to protect it.
Security Analyst Responsibilities
In any given week, you may be required to:
- Plan, implement and upgrade security measures and controls
- Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
- Maintain data and monitor security access
- Perform vulnerability testing, risk analyses and security assessments
- Conduct internal and external security audits
- Anticipate security alerts, incidents and disasters and reduce their likelihood
- Manage network, intrusion detection and prevention systems
- Analyze security breaches to determine their root cause
- Recommend and install appropriate tools and countermeasures
- Define, implement and maintain corporate security policies
- Train fellow employees in security awareness and procedures
- Coordinate security plans with outside vendors
Security Analyst vs. Security Administrator
Confused about the difference between a Security Analyst and a Security Administrator? Analysts and Administrators are peers, but they do not have the same job responsibilities.
- Security Analysts are responsible for analyzing data and recommending changes to higher ups. But they are usually not the ones responsible for authorizing and implementing changes. Their main job is keeping attackers out.
- Security Administrators ensure that systems are working as designed. Unlike analysts, they make changes, apply patches and set up new admin users. Their main job is keeping systems up.
In both cases, the immediate supervisor is usually a Security Manager.
Security Analyst Career Paths
The next logical career steps for a Security Analyst include:
From there, you can work your way towards becoming a:
The role of “Security Analyst” encompasses job titles such as:
- Data Security Analyst
- Information System Security Analyst
- IT Security Analyst
Security Analyst Salaries
According to Payscale, the median salary for a Security Analyst is $65,261 per year (2014 figures). Overall, you can expect to take home a total pay of $44,285 – $95,851. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Security Analyst Job Requirements
This will depend on the complexity of your organization’s security needs. The majority of job postings ask for 1-5 years of experience. Many folks with 5+ years of experience don’t want the stress of working as an Incident Responder and will opt for a lifelong career as an analyst instead. Employers are usually happy to accept them.
There is no firm and fast degree requirement for Security Analysts. Nevertheless, most employers are going to be looking for a bachelor’s degree in Computer Science, Cyber Security or a related field.
Having said that, there are a lot of current analysts who have gone through weird and wonderful routes. If you don’t have a technical degree, you may be able to impress hiring agencies with experience, training and certifications.
Consider honing your technical skills in:
- IDS/IPS, penetration and vulnerability testing
- DLP, anti-virus and anti-malware
- TCP/IP, computer networking, routing and switching
- Firewall and intrusion detection/prevention protocols
- Windows, UNIX and Linux operating systems
- Network protocols and packet analysis tools
- C, C++, C#, Java or PHP programming languages
- Cloud computing
- SaaS models
- Security Information and Event Management (SIEM)
Soft skills like writing, teaching and public speaking are equally important. As part of your job, you’ll be expected to draft policies, talk over issues with upper management and explain how your security plans fit into the larger corporate picture.
Overall, analysts are expected to be curious, creative thinkers who are deeply interested in the latest security developments and tools.
Certifications for Security Analysts
Security certifications look good on résumés, but they’re not always necessary for certain positions – check the job requirements. In addition, some of these certifications (e.g. CISSP) require a number of years of experience:
- CEH: Certified Ethical Hacker
- ECSA: EC-Council Certified Security Analyst
- GSEC / GCIH / GCIA: GIAC Security Certifications
- CISSP: Certified Information Systems Security Professional