Information Security Analyst Career Guide

Sample job description

This position assists the information security officer (ISO) in developing and maintaining a comprehensive security program for [Your Company Name]. Providing functional and technical support is important to maintaining security posture and protection of electronically and physically stored information assets across our systems. Tasks include reviewing and updating university-wide policy relating to information security, supporting design, implementation, configuration, and maintenance to mitigate risk to the university and its computing endpoints.

Typical duties and responsibilities

• Designs, evaluates, and implements IT security systems
• Monitors computer networks for security issues
• Investigates security breaches and cybersecurity incidents
• Documents security breaches and assesses impact
• Performs security tests, risk assessments, and audits to uncover network vulnerabilities and provides training to ensure violations do not persist
• Mitigates vulnerabilities to maintain a high-security standard
• Develops best practices for IT security
• Performs penetration testing
• Researches security enhancements and makes recommendations to management
• Stays current on information technology trends and security standards
• Prepares reports that detail risk assessment findings 
• Installs and updates security and antivirus software
• Uses data encryption, firewalls, and other related security tools and applications to protect confidential digital information

Education and experience

• Bachelor’s degree in computer science or related field
• MBA in information systems preferred
• 3+ years experience in information security or related field 

Required skills and qualifications

• Experience with computer network penetration testing and techniques
• Solid understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts
• Ability to identify and mitigate network vulnerabilities 
• Good understanding of patch management
• Proficient with various OS
• Excellent written and verbal communication skills
• Knowledge of firewalls, antivirus, and intrusion detection system concepts

Preferred qualifications

• Experience installing security software and documenting security issues
• Experience administering information security software and controls
• Experience defining process for managing network security
• Network and system administration experience

Available certifications

Information security analysts work in a variety of industries. Many institutions offer certifications for information security analysts, including:

• CompTIA Security+ Certification. The CompTIA Security+ is for entry-level professionals and demonstrates that you have the baseline skills needed to perform core security functions. The program provides hands-on troubleshooting, equipping you with practical security problem-solving skills. Certification proves your ability to assess the security of an enterprise environment and recommend and implement appropriate security solutions. It also shows you can monitor and secure hybrid environments and identify, analyze, and respond to security events and incidents.

• Certified Penetration Tester (CPT). The CPT certification is offered by the Information Assurance Certification Review Board and designates your working knowledge and skills in the field of penetration testing. The program covers nine domains, including penetration testing methodologies, network protocol attacks, network reconnaissance, vulnerability identification, windows exploits, and Unix/Linux exploits. The CPT certification is good for four years.

• Systems Security Certified Practitioner (SSCP). The International Information Systems Security Certification Consortium administers the SSCP certification, which demonstrates your advanced technical skills and knowledge in implementing, monitoring, and administering IT infrastructure using security best practices, policies, and procedures. Candidates for certification must have at least one year of experience in the field.