Information Security Analyst
Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.
Annual openings
553
BLS median wage
$135,220
Typical education
Flexible / varies by employer
10-year growth
+19%
Career requirements
What does this career require?
The education, credentials, and on-the-job competencies Colorado employers expect for this role.
Typical education
Flexible / varies by employer
Credential requirement
No specific credential listed yet
Credential detail
Getting a security-related certification (not just taking the class, but actually getting the certification) often helps to get a job – however, it’s important to understand which certifications employers value. You can do this by looking at current job postings. For Entry-level jobs, a CompTIA Security+ accompanied by a Network+ or vendor specific certification (such as a CCNA or MCSA) was identified as valued by employers. A security clearance is a requirement for some government roles. A CISSP is highly valued for experienced Information Security Analysts. Certifications that are valued by some employers include: Certified Information Systems Security Professional (CISSP) Cisco Certified Network Associate (CCNA) GIAC Security Essentials Security+ Systems Security Certified Practitioner (SSCP) Certified Ethical Hacker (CEH-EC Council) CompTIA Advanced Security Practitioner (CASP) Microsoft Technology Associate (MTA) (Basic Certification) Microsoft Certified Solutions Associate (MCSA) SANS Training Security+ Systems Security Certified Practitioner Certified Ethical Hacker (CHE-EC Council) CompTIA Advanced Security Practitioner (CASP) Microsoft Technology Associate (MTA) (Basic Certification) Microsoft Certified Solutions Associate (MCSA) SANS Training
Work experience
Two to five years as a Software Developer, Application or significant experience in a related occupation.
Experience detail
The normal path is two to five years as a Computer/Network Systems Administrator, Computer Network Engineer, Software Developer, a Computer User Support Specialist, Computer Systems Analyst. However, some companies fill this directly after completion of an IT-related degree that includes an internship and the recommended credentials.
Work-based learning
Teamwork is crucial - no one person can understand the depth and breadth of Cybersecurity, so you must work effectively as a team to maintain secure operations.
Remote work
More companies employing "blue team" or cyber defense capabilities are open to remote work, including from rural locations. To see if a job offers this opportunity, please review job postings from job banks such as ZipRecruiter, Indeed or ConnectingColorado, and look for key words such as "location independent", "remote", "virtual", "telecommute", "flex" or for companies posting the same job in many locations.
Employer competency information
- Problem Solving & Decision Making — Independently identifying complex problems and reviewing related information to develop, evaluate, and implement solutions; moving around roadblocks by collecting additional insights or resources. Applying logic when considering the relative risks and rewards of potential actions to choose the most appropriate one; evaluating impact of vulnerabilities and possible solutions; considering both micro and macro impacts of a decision; willingness to take a step back to gather enough information before acting. Determining how a system should work and the downstream business impact of changes in conditions, operations, or the environment; applying risk analysis in the evaluation of inputs/outputs when determining expected outcomes.
- Critical & Analytical Thinking — Using thorough critical analysis to identify risks and rewards of alternative solutions, conclusions, or approaches to problems related to security controls; using independent thought to think outside the box and read between the lines when looking for problems.
- Communication — Giving full attention to what seniors and clients are saying, taking care to fully understand by restating observation, and asking questions to clarify needs over wants; providing enough feedback to make sure the other person is comfortable you thoroughly understood.
Is this work a fit?
What the work actually feels like
How people in this career tend to spend their time, the interests it draws on, and a look at a typical day.
Work style
- With kids/peopleOccasionally
- On a computerOccasionally
- Outdoors / on-siteOccasionally
- With your handsOccasionally
Interests it draws on
- Technology
- Cybersecurity
Automation exposure
Low exposure
Tasks here lean on judgement and people skills that are hard to automate.
A typical day
- Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Monitor current reports of computer viruses to determine when to update virus protection systems.
- Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
- Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
- Modify computer security files to incorporate new software, correct errors, or change individual access status.
- Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
