Uncertain Times — Infosec's here to help. Learn about remote testing and other COVID-19 resources.

Cybersecurity analyst

A security analyst, or information security analyst, is an entry- to mid-level cybersecurity position responsible for protecting computer networks and systems. With an average U.S. salary of $99,730 and a projected 32% increase in demand through 2028, the security analyst role is an excellent career choice for any cybersecurity professional.

What does a cybersecurity analyst do?

Like many cybersecurity positions, security analyst job responsibilities vary depending on your employer size, industry and location. The security analyst position is typically an entry- to mid-level role dedicated to protecting networks and computer systems from cyberattacks. As an information security analyst, you’ll hold a comprehensive understanding of your employer’s network environment and develop strategies and processes to securely monitor, protect and defend sensitive data and assets from attack. 

According to the U.S. Bureau of Labor Statistics (BLS), information security analysts: 

  • Prevent and detect security incidents through careful network monitoring and analysis
  • Protect sensitive information by installing and configuring security software like firewalls and encryption programs. You’ll also monitor network traffic and analyze records like authentication logs to identify and investigate anomalies  
  • Pentest existing network environments to identify and patch security vulnerabilities before they are exploited by cybercrimimals 
  • Implement organization-wide security best practices to protect the business against existing, new and emerging security threats
  • Develop, test and analyze the organization’s business continuity and disaster recovery plan to ensure operations will continue in the event of a cyber attack or natural disaster

As an information security analyst, you’re never done learning. You’ll be responsible for staying current on all the latest cybersecurity trends, tools and threats. You’ll manage both up and down the organization — serving as counsel to senior IT and security staff as well as being the organization’s go-to resource for security insights, tips and best practices. 

Skill up. Move up. Get certified.

Ready to skill up for your security analyst career? Infosec Skills offers 1,000+ hours of hands-on training to build and validate the industry’s most in-demand cybersecurity skills.

Learn more

How can I become a security analyst?

You can become an information security analyst after earning the right combination of education, certifications and hands-on experience. Employers value education, certifications and experience differently, so it’s important to consider all three areas when drafting your resume or building your personal development plan. 

According to the BLS, successful security analysts are typically: 

  • Analytical: Security analysts spend a significant amount of time evaluating tools and plans, assessing security risks and improving outcomes. As a security analyst, effective data analysis is critical to your success and your employer’s security posture.
  • Detailed oriented: An eye for detail goes hand-in-hand with analytical skills. You must be able to detect and report anomalies quickly and effectively. 
  • Adaptive: As a security analyst, your work is never done. You must constantly look for ways to stay more than a step ahead of the bad guys, and select and implement new technologies needed to defend your organization’s network from attack.
  • Problem solvers: Using security alerts and other automation tools as your guide, you’ll regularly discover and patch security vulnerabilities in your environment. 

What education does a security analyst need?

Most security analysts positions look for candidates with a bachelor’s degree in computer science, programming, information assurance or related field. However, employer emphasis on four-year degrees has recently declined in favor of technical aptitude and in many cases, certifications. 

Unsurprisingly, employers typically look for candidates with previous experience in a similar role. If you’re transitioning from a help desk position or information assurance/auditing role, earning a security certification can increase your chances of getting hired as an information security analyst. 

If earning a bachelor’s degree or certification is not financially possible, learning and validating hands-on skills through cyber ranges or subscription-based learning platforms is a great, lower-cost option to getting your foot in the door as a security analyst. 

What certifications does a security analyst need?

Becoming a certified information security analyst is especially important if you’re federally employed or wish to work for a company in the defense industry. CompTIA’s intermediate-level Cybersecurity Analyst (CySA+) certification is an excellent certification option for any current or aspiring cybersecurity professional. The CySA+ meets the 8570.1 mandate for five job categories, including Information Assurance Technician Level II, Cybersecurity Service Provider (CSSP) – Analyst, CSSP – Incident Respond, CSSP – Infrastructure Support and CSSP – Auditor. 

Regardless of what industry you’d like to work in, most employers prefer certified candidates for open security analyst roles. If CySA+ is too advanced for where are you in your career now, consider earning the following certifications to validate your understanding of important security fundamentals: 

If you’re already a security analyst, but want to increase your earning potential or get ready for a promotion, earning the acclaimed Certified Information Systems Security Professional (CISSP) certification is an excellent choice. 

What skills does a security analyst need?

Most security analyst positions require foundational networking, security, incident response and documentation skills. In the NICE Cybersecurity Workforce Framework, a systems security analyst is categorized under the Operate and Maintain category. Essential security analyst skills outlined in the NICE Framework include: 

  • Designing the integration of hardware and software solutions
  • Determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations or the environment will affect these outcomes
  • Developing and applying security system access controls
  • Evaluating the adequacy of security designs
  • Writing code in a currently supported programming language (e.g., Java, C++)
  • Assessing security systems designs
  • Assessing security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.)
  • Recognizing vulnerabilities in security systems (e.g., vulnerability and compliance scanning) 
  • Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

How much can a security analyst earn?

According to BLS, the average information security analyst salary is $99,730. Salaries range widely based on location and industry, with the top 10% of analysts earning more than $150,000 and the bottom 10% bringing in just under $60,000. 

Here are average salaries for industries employing the most information security analysts: 

  • Finance and insurance: $103,510
  • Computer systems design and related services: $101,980
  • Information: $100,560
  • Management of companies and enterprises: $97,440
  • Administrative and support services: $96,190

Where do security analysts work?

BLS lists Virginia, District of Columbia, Maryland, Delaware and Colorado as the states with the highest number of employed information security analysts. 

Payscale reports the majority of U.S.-based security analysts work for firms like Northrop Grumman Corporation, Accenture and General Dynamics. Information security analysts in Seattle, Washington DC, Houston, Chicago and Atlanta typically earn the highest salaries among all security analysts. 

Related security analyst careers and job titles

Security analysts are often referred to as Information Security Analysts, IT Security Analysts, Cyber Security Analysts and Senior Security Analysts. A few years of security analyst experience could qualify you for a variety of similar or more advanced roles, including: 

  • Network architect
  • Computer and information systems manager
  • Computer systems analyst
  • Network and computer system administrator
  • Chief information security officer

Security analyst training resources

Ready to start preparing for your future as an information security analyst? Whether you need to get certified right now, or are looking to build and validate hands-on skills for an upcoming interview, Infosec Skills can help. You’ll learn by doing with unlimited access 70+ role-based learning paths and 100s of browser-based virtual labs.

Start learning today

CCNA Cyber Ops
Learning Path
CCNA Cyber Ops

CCNA Cyber Ops

This learning path teaches you the skills needed to pass the Cisco SECFND (210-250) and SECOPS (210-255) certification exams.

Certified Reverse Engineering Analyst (CREA)
Learning Path
Certified Reverse Engineering Analyst (CREA)

Certified Reverse Engineering Analyst (CREA)

The Certified Reverse Engineering Analyst (CREA) certification path teaches you the analysis skills needed to reverse engineer and analyze malware. You'll learn about how malware works, reversing different types of malware, common tools and more.

Certified SCADA Security Architect (CSSA)
Learning Path
Certified SCADA Security Architect (CSSA)

Certified SCADA Security Architect (CSSA)

The Certified SCADA Security Architect (CSSA) certification path covers everything from field-based attacks to automated vulnerability assessments for SCADA networks. You'll learn how to defend against both internal and external attackers to provide holistic security for critical industrial automation systems.

CompTIA CySA+
Learning Path
CompTIA CySA+

CompTIA CySA+

The CompTIA Cybersecurity Analyst (CySA+) certification path teaches you how to use behavioral analytics to prevent, detect and combat cyber threats. You'll learn how to configure and use threat detection tools, perform data analysis to identify threats and secure applications and systems.

Cybersecurity Data Science
Learning Path
Cybersecurity Data Science

Cybersecurity Data Science

The best hackers and security experts are using machine learning to break and secure systems. Learn everything you need to employ the latest cutting edge tools in cybersecurity data science.

ICS/SCADA Security Analyst
Learning Path
ICS/SCADA Security Analyst

ICS/SCADA Security Analyst

The ICS/SCADA Security Analyst skill path provides you with the knowledge needed to defend the systems that control critical infrastructure. You'll learn about assessing the security of industrial control and SCADA systems and protecting them from cyber threats.

Malware Analysis & Reverse Engineering
Learning Path
Malware Analysis & Reverse Engineering

Malware Analysis & Reverse Engineering

The Malware Analysis and Reverse Engineering skill path teaches you the fundamentals of reverse engineering malware, including anti-reversing techniques.

You're in good company

Award-winning training that you can trust

Best Software - Highest Satisfaction

Infosec Skills

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Education Provider & Best Security Education Platform

Infosec Skills

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Global Excellence - Cyber Security Education & Training

Infosec Skills