Pay for security analysts varies depending on skills and experience. According to AbsoluteIT, security analysts in the :
lowest-paid group earn an average of $92,000 a year
middle pay range earn an average of $117,000
highest-paid group earn an average of $137,000.
IT security analysts working as contractors earn an average of $85 to $140 an hour.
Source : AbsoluteIT, 'Tech Remuneration Report', January 2018.
This information is a guide only. )
What you will do
Security analysts may do some or all of the following :
analyse risks and security alerts, and identify and manage security breaches
install and implement hardware and software to prevent unauthorised access to information and networks
monitor information coming into and leaving organisations, and employees' internet access
write and enforce security policies
work with law enforcement agencies to manage security threats
make employees aware of security issues and their responsibilities as users of information systems.
Skills and knowledge
Security analysts need to have :
strong analytical and diagnostic skills
knowledge of computer and network systems, devices and software
knowledge of security monitoring and how to conduct security investigations
up to date understanding of internet threats
knowledge of current IT security standards, practices and methods.
Security analysts :
usually work full time and may also work evenings and weekends, and be on call
work in offices in conditions that may be stressful when working to strict deadlines whilst responding to security threats
may travel locally or overseas to meet clients.
There are no specific requirements to become a security analyst. However, you usually need one or more of :
a diploma or degree, preferably in an IT-related subject such as network engineering, computer science or cyber security
a relevant industry-based certification, such as Certified Information Systems Security Professional (CISSP), which people usually study for after they have IT experience
three to seven years’ experience in intermediate-level security roles or related roles such as network or systems administrator.
Common ways of gaining IT-related knowledge include learning through online courses and tutorials, and working on your own projects.
If you are a graduate from a field other than IT, you can gain a fast-tracked IT-related qualification through ICT Graduate Schools.
A tertiary entrance qualification is needed to enter tertiary training. Useful school subjects include digital technologies, maths, physics and English.
For Year 11 to 13 students, the Gateway programme is a good way to gain industry experience.
Security analysts need to be :
detail-oriented, curious and eager to work in-depth on technical questions
analytical thinkers and problem solvers
good at seeing the big picture, to examine problems and solutions from all sides
interested in continuous learning as they need to keep up to date with fast-changing technology
Useful experience for security consultants includes :
work in entry-level IT jobs such as information technology helpdesk / support technician
on-the-job training through IT internships and graduate recruitment programmes
hacking experience gained through study or hacking conferences
working on individual IT projects such as setting up your own penetration testing lab or assembling computers.
Security analystsspend a lot of time using computers, so they need to know how to use computer equipment properly to avoid occupational overuse syndrome (OOS).
Security analysts may choose to become certified or chartered through associations such as the Institute of IT Professionals.