Torchora
Back to Home

Key Responsibilities and Required Skills for Info Security Analyst

πŸ’° $80,000 - $130,000

Information SecurityCybersecurityIT

🎯 Role Definition

Information Security Analyst (InfoSec Analyst) is responsible for protecting organizational information assets through proactive monitoring, rapid incident detection and response, vulnerability and configuration management, security tool administration, and cross-functional collaboration to ensure compliance with regulatory frameworks. This role operates within a Security Operations Center (SOC) or distributed security team to translate security telemetry into actionable remediation, perform threat hunting and forensics, and continuously improve security controls and processes.

πŸ“ˆ Career Progression

Typical Career Path

Entry Point From:

  • Security Operations Center (SOC) Analyst I / II
  • Network Administrator or Systems Administrator with security responsibilities
  • IT Support / Desktop Support with exposure to security tooling and processes

Advancement To:

  • Senior Information Security Analyst / Incident Response Lead
  • Security Engineer / Threat Hunter
  • Security Architect or Security Operations Manager

Lateral Moves:

  • Compliance & Risk Analyst (GRC)
  • Cloud Security Engineer
  • Penetration Tester / Red Team Analyst

Core Responsibilities

Primary Functions

  • Monitor and triage security alerts from SIEM, EDR, IDS/IPS, cloud-native monitoring, and other telemetry sources; prioritize incidents based on business impact and documented severity criteria.
  • Lead incident response activities from detection through containment, eradication, recovery and post-incident lessons learned, including coordination with IT, legal, communications, and business stakeholders.
  • Conduct deep-dive forensic analysis on endpoints and network traffic using EDR telemetry, packet captures, logs and host artifacts to determine root cause, scope of compromise and recommended remediation steps.
  • Perform proactive threat hunting using threat intelligence, behavioral analytics and hypothesis-driven queries across logs and telemetry to identify stealthy or emerging adversary activity.
  • Manage vulnerability scanning programs using tools such as Qualys, Nessus or OpenVAS; analyze scan results, perform risk-based prioritization and coordinate remediation with system owners.
  • Maintain and tune SIEM (e.g., Splunk, Azure Sentinel, IBM QRadar) rules, parsers, correlation searches and dashboards to reduce false positives and increase detection coverage for high-risk use cases.
  • Administer and optimize EDR solutions (e.g., CrowdStrike, Carbon Black, Microsoft Defender for Endpoint) β€” configure policies, investigate detections and deploy containment actions as required.
  • Implement and maintain network security controls including firewall rule review, IDS/IPS signatures, VPN configuration, segmentation enforcement and secure remote access policies.
  • Support identity and access management (IAM) operations: perform access reviews, investigate anomalous authentication events, implement conditional access policies and support privileged access management (PAM) workflows.
  • Translate technical security findings into clear, prioritized remediation recommendations and tactical guidance for server, application and network teams; drive ticketing and remediation SLAs.
  • Execute and document security assessments and configuration reviews against frameworks such as NIST SP 800-53/800-171, CIS Benchmarks, ISO 27001, PCI-DSS and HIPAA.
  • Collaborate with cloud engineering and platform teams to assess cloud configurations, implement cloud-native security controls, validate IAM role scopes, enable logging/monitoring, and remediate insecure deployments in AWS/Azure/GCP.
  • Develop, maintain and run playbooks, runbooks and run-through tabletop exercises for common incident scenarios including malware outbreaks, data exfiltration, ransomware and misconfiguration events.
  • Conduct regular log reviews and threat intel ingestion (OTX, MISP, commercial feeds) to map Indicators of Compromise (IOCs) to internal telemetry and escalate potential compromises.
  • Support secure software development lifecycle (SDLC) initiatives by reviewing security findings from static and dynamic application security testing (SAST/DAST), and by advising developers on secure coding and remediation priorities.
  • Create and maintain security metrics, SOC dashboards and executive-level reporting to communicate trends, maturity improvements and residual risks to leadership.
  • Participate in on-call rotations and after-hours incident handling, ensuring timely response to critical security incidents and maintaining escalations per incident response policy.
  • Coordinate external engagements such as third-party forensics vendors, law enforcement or regulatory bodies when incidents require specialized investigation or disclosure.
  • Drive continual security improvements through lessons learned, root cause analysis, policy updates and collaboration with IT and business units to reduce attack surface and increase organizational resilience.
  • Maintain and document asset inventories, data classification mappings and critical application owners to support incident response, risk assessments and regulatory compliance.
  • Evaluate and pilot new security products and detection technologies; run proof-of-concepts, measure effectiveness and provide procurement recommendations aligned with security architecture.
  • Conduct phishing simulation analysis, investigate suspicious user-reported emails and advise on email security controls (DMARC/DKIM/SPF, secure email gateway policies).
  • Ensure log retention, chain-of-custody and evidence preservation processes are followed precisely for incidents that may require forensics or legal action.
  • Participate in disaster recovery and business continuity planning activities related to cybersecurity incidents to ensure rapid recovery and minimal business disruption.

Secondary Functions

  • Provide security awareness coaching and incident-specific guidance to end users and application owners to reduce likelihood of repeat incidents.
  • Support periodic internal and external security audits by preparing evidence, responding to audit queries and implementing audit remediation items.
  • Contribute to cross-functional project reviews, secure configuration baselines and change control approvals to enforce security-by-design principles.
  • Maintain up-to-date documentation of SOC processes, standard operating procedures (SOPs), runbooks and playbooks to ensure consistent response and knowledge transfer.
  • Assist in the development and reporting of security KPIs and maturity assessments used in strategic planning and budgeting for security programs.
  • Mentor junior SOC analysts and provide on-the-job training in detection engineering, alert triage and basic forensic techniques.

Required Skills & Competencies

Hard Skills (Technical)

  • SIEM administration and query writing (Splunk, ELK, Azure Sentinel, QRadar) β€” detection engineering, parser development and dashboarding.
  • Endpoint Detection & Response (EDR) platform expertise (CrowdStrike, Carbon Black, Microsoft Defender for Endpoint) for containment, remediation and forensic collection.
  • Network security fundamentals and hands-on experience with IDS/IPS, firewalls, VPNs, NAT, routing, and packet capture analysis (Wireshark/tcpdump).
  • Vulnerability management and remediation workflows using tools such as Nessus, Qualys, Rapid7; competency in CVSS scoring and risk-based prioritization.
  • Incident response and digital forensics: host and memory forensics, log correlation, timeline building and evidence preservation processes.
  • Cloud security (AWS IAM, CloudTrail, GuardDuty, Azure AD, Azure Sentinel, GCP logging) β€” configuration review and cloud-native controls deployment.
  • Scripting and automation for detection and response (Python, PowerShell, Bash) to accelerate triage, enrichment and remediation tasks.
  • Identity and Access Management (IAM) concepts and practical experience implementing conditional access, MFA, single sign-on and privilege escalation detection.
  • Threat intelligence consumption and IOC enrichment (YARA, STIX/TAXII, MISP) and integration into detection pipelines.
  • Secure configuration and hardening standards (CIS Benchmarks, NIST, ISO 27001) and experience performing security assessments and gap analyses.
  • Log analysis, regular expressions, and structured data parsing for large-scale telemetry analysis (JSON, CSV, syslog).
  • Familiarity with compliance regimes (PCI-DSS, HIPAA, SOC 2, GDPR) and ability to produce evidence and remediation plans.
  • Familiarity with red team/penetration testing outputs and translating findings into mitigations; basic understanding of offensive techniques and tools (Metasploit, Burp Suite).
  • Experience with data loss prevention (DLP), email security (Secure Email Gateways), and web/proxy security controls.
  • Knowledge of container and orchestration security (Docker, Kubernetes) and related monitoring for runtime anomalies.

Soft Skills

  • Clear, concise technical and non-technical communication for executive briefings, incident reports and stakeholder updates.
  • Strong analytical and investigative mindset with attention to detail and ability to synthesize multifaceted telemetry into a single narrative.
  • Problem-solving orientation and calm, decisive action under time pressure during active incidents.
  • Collaborative team player able to coordinate across IT, engineering, legal, HR and business units.
  • Time management and prioritization skills to balance monitoring, project work, remediation follow-through and on-call responsibilities.
  • Continuous learner mindset: curiosity about attacker techniques, new security tooling and evolving compliance requirements.
  • Professionalism and discretion handling sensitive incident data and potential breach communications.
  • Coaching and mentorship capability to elevate junior analysts and drive consistent SOC practices.
  • Stakeholder management skills to influence remediation and secure necessary resources for security projects.
  • Documentation and process-orientation to maintain up-to-date runbooks, SOPs and audit-ready evidence.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Computer Engineering, or equivalent practical experience.

Preferred Education:

  • Master’s degree in Cybersecurity, Information Assurance, Computer Science, or related field; or equivalent advanced training and certifications.

Relevant Fields of Study:

  • Cybersecurity / Information Security
  • Computer Science or Computer Engineering
  • Information Systems / Management Information Systems
  • Network Engineering / Telecommunications
  • Digital Forensics

Experience Requirements

Typical Experience Range: 2–5 years of hands-on information security, SOC, or systems/network administration experience with security responsibilities.

Preferred: 3–7+ years experience in SOC operations, incident response, threat hunting, vulnerability management or security engineering; demonstrated experience with cloud security and enterprise-scale SIEM/EDR deployments. Preferred certifications: CISSP, CISM, GIAC (GCIH/GCIA/GSEC), CEH, CompTIA Security+, AWS/Azure cloud security certs.

Explore More Careers