A computer security analyst is responsible for monitoring computer systems for breaches of security. They monitor computer systems for breaches, investigate any breaches or other cybersecurity incidents, install and manage security measures to prevent intrusions, implement and operate security software systems, maintain firewalls and data encryption processes, and document and maintain the procedures used in security management.
A security analyst typically works in a team that is tasked with performing penetration testing through stress tests and other techniques that are used to uncover vulnerabilities in a networked system. For instance, some networks establish poorly secured network areas called honeypots that are designed to draw an attacker so that the analyst can examine how they penetrate the system and to what areas in the system they are mainly drawn. Sometimes entire networks are used for this purpose (called honeynets).
Often automated systems are used to detect intrusions and the analyst is tasked with investigating them, fixing the problem if possible, or deciding when they should be escalated in the threat hierarchy. A significant part of their function is establishing and managing user security access to the computer. This involves issuing security credentials, monitoring their use to identify suspicious activity, and taking action when such activity is found – especially when credentials with administrator access are operating beyond expected bounds.
Computer security analyst are also usually key employees in a company’s disaster recovery plan which details what procedures are followed in the event of an emergency that can stop a firm from operating. A disaster recovery plan sets out how a company will recover from such an event and enable the continued operation of the IT department. This could include, for example, processes to ensure data is backed up regularly to an off-site location from which a recovery can be performed. In some cases, companies operate a mirror network that is exactly the same as that in the main office and can be switched to seamlessly in the event of a catastrophic outage.
An analyst must possess a bachelor’s degree or MBA either specifically in network security or in information technology. Security vulnerabilities are constantly evolving so an analyst will need to undertake constant study and be current on the latest trends and techniques in the industry. This is because they are also tasked with providing management with advice and research on advances in security management techniques and making recommendations for security policy.