A Cyber Security Analyst is responsible for implementing and administering information security controls. They perform security assessments and audit processes and track and report cyber security threats, events and incidents. In this blog post we describe the primary responsibilities and the most in-demand hard and soft skills for Cyber Security Analysts.

Get market insights and compare skills for other jobs here.

Main Responsibilities of Cyber Security Analyst

The following list describes the typical responsibilities of a Cyber Security Analyst:

Advocate

• Advocate best security practices for information and systems.

Aid in

• Aid in threat and vulnerability research across event data collected by systems.

• Aid in the investigation and analysis of cyber security events.

Analyze

• Analyze and evaluate anomalous network and system activity.

• Analyze IT specifications to assess security risks.

• Analyze large amounts of information to discover trends and patterns.

• Analyze log data for emerging or unusual patterns.

• Analyze system configurations per DISA STIG using STIGviewer, SCC, and OpenSCAP.

Anticipate

• Anticipate change and directs or redirects efforts.

Apply

• Apply process and controls knowledge to support NERC CIP compliance requirements.

Articulate

• Articulate security policies, guidelines and standards to customers and developers.

Assess

• Assess and respond to complex distributed control system (DCS) cyber security events and incidents.

Assist with

• Assist IA staff with Department of Assessment and Authorization (A&A) processes.

• Assist IA staff with ensuring that organization is meeting DoD 8570 requirements.

• Assist in development and revision of the ongoing strategy of the Cyber Security Program.

• Assist in development and revision of the ongoing strategy of the FHO Cyber Security Program.

• Assist in IT security investigations, exercises and tests.

• Assist in managing network scanning nodes running CentOS Linux for various applications.

• Assist in the maintenance of IT security incident response protocols.

• Assist network vulnerability and analysis team.

• Assist with developing threat detection signatures, analytics, and correlation rules.

• Assist with implementation of counter-measures or mitigating controls.

• Assist with obtaining or creating artifacts for audit and compliance.

• Assist with the collection and validation of evidence for time based triggered events.

• Assist with tracking of compliancy reporting for orders.

Assume

• Assume additional responsibilities and lead special projects as assigned.

Augment

• Augment operational cyber analysts and act as a consultant for detection and / or threat hunting.

Build

• Build alerts, reports, and dashboards to track cyber security events.

• Build stable working relationships internally.

Collaborate with

• Collaborate within our team of experienced vulnerability management analysts.

• Collaborate with the Cyber Security Officer in managing Information Security Policies.

Complete

• Complete on-site visits in support of cyber security risk assessments.

Compose

• Compose responses to legal and regulatory inquiries.

Conduct

• Conduct proactive threat research.

• Conduct risk assessments and provides recommendations for system and application design.

• Conduct RMF continuous monitoring, testing and analysis of IA Controls for NIWC Pacific.

• Conduct technical vulnerability assessments and prioritize and track remediation efforts.

• Conduct vulnerability and security risk assessments.

Configure

• Configure Security Center to maximize resources and network scanning.

Contribute to

• Contribute to continually improving our detection of security threats.

• Contribute to generation cyber security project teams and other efforts Required.

Control

• Control Lists / or other Firewall or Router configuration experience.

Coordinate

• Coordinate cross functional cyber security and fraud incident response events and teams.

• Coordinate, report and direct network responses through orders, policies, procedures and guidance.

Create

• Create and consistently delivers awareness material promoting security awareness.

• Create and maintains Incident Response Plans.

• Create, modify, and update IDS, IPS, and SIEM rules and policies.

• Create network architecture and data-flow diagrams.

• Create security controls that protect the devices and services that we and our customer's access.

• Create tickets and monitor the ticketing systems and respond to incident.

• Create tracking mechanisms for reporting and auditing needs.

Define

• Define control requirements and gates as per application risk profile.

Deliver

• Deliver an exceptional customer experience every day.

Design

• Design and implement safety measures and data recovery plans.

• Design and present monthly security awareness presentations to IT / OT personnel.

Develop

• Develop and carry out information security plans and policies.

• Develop and extends relationships with clients at executive levels.

• Develop and maintain relationships with OT and IT personnel at plant sites and corporate offices.

• Develop and publishes white papers.

• Develop competence by performing structured assignments.

• Develop resolutions to complex problems that require the frequent use of creativity.

• Develop strategies to respond to and recover from a security incident.

Document

• Document Security process and procedures.

Enhance

• Enhance and perform comprehensive vulnerability assessments across the enterprise.

Ensure

• Ensure computing platform compliance with Cybersecurity policies and directives.

• Ensure systems meet documented standards.

• Ensure the security and integrity of our SOX governed systems.

Evaluate

• Evaluate and deconstruct malware.

• Evaluate risks associated with extending the network boundary to the cloud.

• Evaluate SOC policies and procedures, and recommend updates to management as appropriate.

• Evaluate the technical security posture of newly proposed third-party solutions.

Examine

• Examine and authorize firewall rule requests prior to implementation.

Follow

• Follow a structured change control process.

• Follow directions, standards, and procedures to minimize system impact.

• Follow security operations processes and procedures.

Gather

• Gather and analyze metrics for risk management dashboard.

Handle

• Handle escalated internal or customer security issues from support or another operations team.

Help

• Help ensure solution requirements meet timing, technical, and financial constraints.

• Help monitor common channels for priority communications.

Identify

• Identify and analyze network vulnerabilities based on latest industry attacks.

• Identify and assist in the management of IT Enterprise Functions risk issues.

• Identify and design new security technologies and solutions in the ICS and DMZ environments.

• Identify and escalate potential policy gaps and enhancements that adapt to changing risk postures.

• Identify and fix detected vulnerabilities to maintain a high-security standard.

• Identify IT security risks from technical and functional perspectives.

• Identify opportunities for improvement and communicate them to management.

• Identify potential weaknesses and implement measures, such as firewalls and encryption.

• Identify, test and mitigate security related gaps with existing and new applications.

Implement

• Implement and administer information security controls using software and vendor security systems.

• Implement networking and TCP / IP protocols.

• Implement, monitor and maintain preventive and detective controls.

Improve

• Improve the security posture, by way of identifying gaps and driving home change.

Increase

• Increase your knowledge with Tuition.

Inspect

• Inspect hardware for vulnerable points of access.

Interact with

• Interact with customers by phone, chat, or trouble ticket on any customer facing security issues.

Interpret

• Interpret, analyze and execute Cyber Security policies, procedures and tactics.

• Interpret and analyze Cyber Security policies, procedures and tactics.

Investigate

• Investigate, document and assess security breaches and other cyber security incidents.

Lead

• Lead certification efforts for PCI Secure Software Life Cycle Standard.

• Lead proof-of-concept activities for innovative initiatives to ensure coverage of cybersecurity.

Learn

• Learn and document common processes with senior resources.

Leverage

• Leverage automation and orchestration solutions to automate repetitive tasks.

Maintain

• Maintain, configure, and troubleshoot network security platforms when needed.

• Maintain current knowledge of tools, techniques, and procedures of attackers.

• Maintain the confidentiality of review results and the status of the current security environment.

• Maintain the IT governance dashboard and report on governance activities.

Make

• Make sure procedures meet network security standards.

Manage

• Manage and enforce application and cloud security policy and guidelines.

• Manage and support security applications.

• Manage risk and maintain compliance.

• Manage security event investigations, partnering with other departments (e.g., IT) as needed.

• Manage the incident response process through to closure.

Mentor

• Mentor and educate product development and quality engineers on secure development.

Modify

• Modify, create or propose alerts for events of interest.

Monitor

• Monitor and respond to 'phishing' emails and 'pharming' activity.

• Monitor IT systems logs and security patch notification.

• Monitor our infrastructure systems, services, and applications against security concerns.

• Monitor computing resources for evidence of compromise and report security incidents.

• Monitor software compliance in the DoN Application and Database Management System (DADMS).

• Monitor the remediation status of IT & cybersecurity control gaps and deficiencies.

Participate

• Participate in and provide security awareness training.

• Participate in and provide security awareness training globally.

• Participate in ICS cyber security risk assessments.

• Participate in Incident Response Drills.

• Participate in penetration testing activities.

• Participate in post-engagement review.

• Participate in the Cyber Security Response Team for all Security incidents.

• Participate in the review and Change Control process of custom applications.

• Participate in threat modeling collaboration with other members of the security team.

• Participate or lead Cybersecurity awareness and training exercises.

Perform

• Perform 3rd party patching.

• Perform all of the following functions of a Cyber Security Analyst I, with proficiency.

• Perform daily in-depth analysis of current threat activity and trends.

• Perform daily, weekly, monthly maintenance and management tasks.

• Perform incident handling and forensic analysis.

• Perform in depth packet analysis.

• Perform log analysis and correlate disparate datasets to identify abnormal behavior.

• Perform other duties as assigned.

• Perform project leadership tasks on select security projects.

• Perform risk assessments and risk mitigation of networks, systems, and services.

• Perform root cause analysis on cybersecurity incidents.

• Perform scanning, assessments, and risk mitigation of Zayo Corporate networks, systems, and services.

• Perform security assessments and audit processes in accordance with ISO 27001 / 2.

• Perform security assessments for internal and external IT solutions and services.

• Perform shift handover and transfer of cases to other analyst for on-going incidents.

• Perform vulnerabilities scans and track remediation efforts.

Plan

• Plan and execute regular IT security testing.

Prepare

• Prepare presentation to present results to leadership.

Produce

• Produce and present compelling security-related training content.

• Produce and track security metrics.

Provide

• Provide assessments of technology risks and requirements to the requesting party.

• Provide continuous monitoring efforts of Program of Records (PORs).

• Provide Cyber Security support as required.

• Provide enforcement of security policies, standards and procedures.

• Provide engineering and technical support for the testing of systems, software, tools and products.

• Provide incident response support and identify and prioritize potential threats.

• Provide input into tool requirements to improve Cyber Fusion Center SOC capabilities.

• Provide input on process improvements to NERC Compliance program.

• Provide necessary documentation updates to the SOC team leads and the Manager for implementation.

• Provide quality customer service.

• Provide quality customer service with excellent communication skills.

• Provide recommendations for enhancements to systems, testing and processes.

• Provide reports from SKPI's to help improve security risk analysis and response procedures.

• Provide secure network design recommendations within ICS environments.

• Provide Security Subject Matter Expertise as needed to other BlackBerry employees and business units.

• Provide technical support and advice to other groups on security requirements.

• Provide training, informational and educational materials to impacted stakeholders.

Recognize

• Recognize problems by identifying security-related abnormalities and reporting violations.

• Recognize security risks and implement security controls.

Recommend

• Recommend and implement solutions.

• Recommend modifications to access control lists to prevent and mitigate intrusions.

• Recommend process and reporting improvements.

Report

• Report anomalous security incidents.

Research

• Research and test emerging threats.

• Research new ICS security technologies and solutions.

• Research security enhancements and make recommendations to management.

Respond to

• Respond to escalated malicious incidents that require additional investigation and response planning.

• Respond to security events, driving issues to closure, and engaging all appropriate resources.

• Respond to cyber security events in Microsoft Office 365.

Review

• Review and action on security updates for internal IT systems.

• Review and validation of vulnerability findings.

• Review current intelligence for relevant threats and develop appropriate actions / response.

• Review security controls and ensure proper security alerting is in place.

• Review security events and alerts within the monitoring systems.

• Review security related events, assessing severity, criticality and priority.

• Review security-related events, assess risk and validity, investigate, and report findings.

• Review security threats and determine / implement effective countermeasures, as required.

Secure

• Secure networks through firewalls, password protection and other systems.

Select

• Select, implement, validate, and establish DISA CCIs.

Setup

• Setup scans for detection of malicious hardware or software on the network.

Stay current on

• Stay current on IT security trends and news.

Suggest

• Suggest corrective actions.

• Suggest necessary changes to security policies for a more secure information system.

Support

• Support contract management with Siemens suppliers.

• Support IT initiatives and business projects.

• Support of the emerging program (cyber security training and awareness).

• Support security initiatives relating to ISO 27001 / 2 and ISMS.

• Support service request in-take process and communicate back to requestors promptly.

Synthesize

• Synthesize and analyze complex data, information and evidence to draw meaningful conclusions.

Take

• Take ownership of cyber security call queues ensuring tickets are closed based on defined SLAs.

• Take part in any security-oriented projects or critical initiatives.

• Take technical direction from GSOC incident response leads during an incident.

Track

• Track and report Cyber Security threats, events and incidents.

• Track and report performance and capability metrics.

Understand

• Understand how to design and implement security tests in accordance with stated criteria.

Undertake

• Undertake preprocessing of structured and unstructured data.

Update

• Update technical documentation as needed.

Use

• Use advanced forensic tools and techniques for investigation and attack reconstruction.

Work with

• Work calmly under pressure and with tight deadlines.

• Work with and guide IT teams to deploy security technologies within the ICS and DMZ environments.

• Work with business teams in order to analyze and prioritize business-related risks.

• Work with developers to ensure the image is compliant with DoD and Army policy.

• Work with engineers and architects to improve security workflows.

• Work with teams to investigate and resolve issues.

• Work with the IT outsourcing service provider to ensure the security of the IT infrastructure.

Write

• Write and review Standard Operating Procedures (SOPs).

Most In-demand Hard Skills

The following list describes the most required technical skills of a Cyber Security Analyst:

1. Security

2. Linux

3. Information Security

4. Cissp

5. Unix

6. Siem

7. CEH

8. Protocols

9. IA

10. Information Technology Security

11. Network Technologies

12. Windows OS Security

13. Firewalls

14. Computer Security Concepts

15. Wireshark

16. AWS

17. IDS

18. TCPdump

19. Host

20. Network Based Intrusion Detection Systems

21. Snort

22. System Vulnerability Assessment

23. Firewall

24. Scripting Languages

25. Network Hardware Devices

Most In-demand Soft Skills

The following list describes the most required soft skills of a Cyber Security Analyst:

1. Written and oral communication skills

2. Problem-solving attitude

3. Communicate effectively with various clients

4. Explain and elaborate on technical details

5. Interpersonal skills

6. Analytical ability

7. Organizational capacity

8. Self-motivated

9. Team player

10. Attention to detail

11. Self-starter

12. Creative

13. Detail-oriented

14. Collaborative

15. Multi-task

16. Decision-making skills

17. Professionalism

18. Make a difference and lasting impact

19. Capable of working in a fast paced environment

20. Critical thinker