Torchora
Back to Home

Key Responsibilities and Required Skills for Information Security Analyst

💰 $70,000 - $120,000

Information SecurityCybersecurityIT

🎯 Role Definition

The Information Security Analyst is responsible for protecting the confidentiality, integrity, and availability of organizational information assets. This role operates within the Security Operations Center (SOC) and across IT teams to detect, investigate, remediate, and prevent security incidents. The analyst uses SIEM tools, vulnerability scanners, endpoint protection, cloud-native security controls, and threat intelligence to reduce risk and ensure compliance with internal policies and external regulatory frameworks. Ideal candidates have hands-on technical experience, strong analytical skills, and the ability to translate security findings into business-driven remediation and risk reduction.

📈 Career Progression

Typical Career Path

Entry Point From:

  • SOC Analyst / Junior Security Analyst
  • Network/System Administrator with security responsibilities
  • Security Operations Specialist or IT Helpdesk with security focus

Advancement To:

  • Senior Information Security Analyst
  • Security Engineer or Threat Hunter
  • Security Architect or Incident Response Lead
  • Director of Information Security / CISO (long-term)

Lateral Moves:

  • GRC / Compliance Analyst
  • Risk Management Analyst
  • Cloud Security Engineer

Core Responsibilities

Primary Functions

  • Monitor security telemetry and alerts from SIEM platforms (e.g., Splunk, Elastic, IBM QRadar) to detect, triage, and investigate security events, escalating incidents per established runbooks and SLAs.
  • Lead incident response activities including evidence collection, containment strategies, eradication steps, remediation verification, and post-incident root cause analysis with formal incident reports and lessons-learned sessions.
  • Conduct continuous vulnerability management: schedule and perform scans with Qualys/Nessus/OpenVAS, validate findings, prioritize remediation by risk, and coordinate patching and configuration remediation with IT operations.
  • Perform threat hunting using threat intelligence feeds, IOC enrichment, analytics, and behavioral indicators to proactively identify malicious activity across endpoints, networks, and cloud environments.
  • Manage identity and access management (IAM) tasks: review privileged accounts, implement least-privilege controls, audit role-based access, and support SSO/MFA deployments (Okta, Azure AD, AWS IAM).
  • Implement and tune endpoint protection tools (EDR/XDR) such as CrowdStrike, SentinelOne, or Microsoft Defender to detect and respond to malware, ransomware, and lateral movement techniques.
  • Evaluate and harden cloud security configurations across AWS, Azure, and GCP: assess IAM policies, security groups, S3 buckets, logging (CloudTrail/CloudWatch/Azure Monitor), and IaC templates for misconfigurations.
  • Run regular security control assessments against frameworks (NIST SP 800-53/CSF, ISO 27001, PCI-DSS, HIPAA) and produce remediation plans aligned to business risk and compliance deadlines.
  • Develop, update, and maintain security playbooks, runbooks, SOPs, and incident response plans to ensure rapid, consistent handling of incidents and regulatory audits.
  • Perform network security monitoring and manage perimeter controls: firewalls (Palo Alto, Cisco, Check Point), IDS/IPS signatures, secure VPNs, and network segmentation to limit attack surface and lateral movement.
  • Conduct security architecture reviews and threat modeling for new systems or major changes to identify potential vulnerabilities and recommend security controls before deployment.
  • Execute and coordinate penetration testing, red team engagements, and third-party security assessments; validate findings, track remediation, and verify mitigations.
  • Implement data loss prevention (DLP) controls and encryption strategies for data at rest, in use, and in transit, including key management and secure backup verification.
  • Create and deliver security awareness training and phishing simulations to reduce human risk, measure user susceptibility, and produce actionable awareness metrics.
  • Support secure development practices by integrating SAST/DAST tools into CI/CD pipelines, reviewing code-level security findings, and advising development teams on secure coding standards.
  • Maintain log retention and forensic readiness: ensure collection and integrity of logs from servers, network devices, endpoints, and cloud platforms to support investigations and regulatory requirements.
  • Automate repetitive security workflows and reporting using scripting (Python, PowerShell) and SOAR playbooks to reduce mean time to detection (MTTD) and mean time to response (MTTR).
  • Conduct vendor and third-party security assessments, review SLAs and security questionnaires, and track remediation of third-party risks.
  • Prepare and present regular security metrics, dashboards, and executive summaries for IT leadership and board-level briefings to inform risk posture and investment decisions.
  • Coordinate business continuity and disaster recovery tabletop exercises related to cyber incidents, validate recovery procedures, and update incident response documentation accordingly.
  • Participate in change control and release management to ensure security reviews are completed for production changes and new deployments.
  • Support internal and external audits by preparing evidence, answering auditor queries, and remediating findings in accordance with audit timelines.

Secondary Functions

  • Support ad-hoc data requests and exploratory data analysis.
  • Contribute to the organization's data strategy and roadmap.
  • Collaborate with business units to translate data needs into engineering requirements.
  • Participate in sprint planning and agile ceremonies within the data engineering team.
  • Maintain and update security knowledge base and training materials for cross-functional teams.
  • Mentor junior analysts and provide on-the-job training for SOC procedures and tooling.
  • Evaluate new security products and proof-of-concept deployments to recommend strategic tools for detection and prevention.
  • Assist in budget planning and procurement of security solutions, providing technical justification and ROI analysis.
  • Maintain relationships with external law enforcement, incident response vendors, and cyber insurance partners as needed for escalated incidents.
  • Track threat actor campaigns relevant to the organization’s industry and map TTPs to existing defenses.

Required Skills & Competencies

Hard Skills (Technical)

  • Proficiency with SIEM platforms (Splunk, Elastic Stack, IBM QRadar) for log ingestion, correlation rules, alert tuning, and dashboard creation.
  • Hands-on experience with endpoint protection and EDR/XDR platforms (CrowdStrike, SentinelOne, Microsoft Defender for Endpoint) including detection and containment workflows.
  • Vulnerability assessment and remediation experience using scanners like Qualys, Nessus, Rapid7, and familiarity with CVSS scoring and patch management processes.
  • Strong incident response and digital forensics skills: evidence collection, memory analysis, disk forensics, chain-of-custody, and use of tools like Volatility, Autopsy, or FTK.
  • Cloud security expertise across AWS/Azure/GCP: IAM policies, cloud-native logging, security posture management (CSPM), and IaC security scanning (Terrascan, Checkov).
  • Network security administration: firewalls (Palo Alto, Cisco), VPNs, IDS/IPS, NAC, network segmentation, and deep packet inspection fundamentals.
  • Identity and Access Management tools and protocols: SAML, OAuth, OIDC, MFA deployments, Azure AD/Okta, and privileged access management (PAM) solutions.
  • Scripting and automation: Python, PowerShell, Bash for automating investigations, ingestion pipelines, and SOAR orchestration (e.g., Cortex XSOAR, Demisto).
  • Knowledge of compliance frameworks and standards: NIST CSF/SP 800-53, ISO 27001, SOC 2, PCI-DSS, HIPAA, and the ability to map controls to technical implementations.
  • Experience with DLP solutions, encryption technologies (TLS, PKI), key management, and secure backup strategies.
  • Familiarity with application security tooling: SAST/DAST (SonarQube, OWASP ZAP), dependency scanning (Snyk, Dependabot), and secure SDLC practices.
  • Threat intelligence platforms and feeds (MISP, Recorded Future) and experience translating IOCs into detection rules.
  • Container and orchestration security: Kubernetes security best practices, container scanning, runtime protection (Falco, Aqua, Twistlock).
  • Forensic and log analysis skills: understanding of log formats, parsing, normalization, and retention strategies for investigation readiness.

Soft Skills

  • Clear, concise communication tailored to technical teams and executive stakeholders; ability to write actionable reports and incident briefings.
  • Strong analytical and problem-solving skills with attention to detail and structured root cause analysis.
  • Ability to prioritize and manage multiple investigations under pressure while documenting decisions and evidence.
  • Stakeholder management and cross-functional collaboration to drive remediation and process improvements.
  • Continuous learning mindset and adaptability to evolving threat landscapes and new security technologies.
  • Ethical judgment, discretion handling sensitive data, and high integrity when managing incident responses.
  • Teaching and mentoring capabilities to upskill junior staff and elevate SOC maturity.
  • Project management skills for leading security initiatives and cross-team security projects.
  • Customer-service orientation when working with internal teams to remediate findings with minimal business disruption.
  • Initiative and proactivity in identifying security gaps and implementing controls before incidents occur.

Education & Experience

Educational Background

Minimum Education:

  • Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Systems, Engineering, or equivalent work experience and relevant industry certifications.

Preferred Education:

  • Master’s degree in Cybersecurity, Information Assurance, or relevant technical discipline.
  • Advanced certifications such as CISSP, GIAC (GCIH, GCIA), CISM, CCSP, or AWS/Azure security specialty certifications.

Relevant Fields of Study:

  • Computer Science
  • Information Security / Cybersecurity
  • Information Systems
  • Network Engineering
  • Computer Engineering

Experience Requirements

Typical Experience Range: 2–5 years of hands-on information security operational experience (SOC, incident response, vulnerability management, or security engineering).

Preferred: 5+ years with demonstrated incident response leadership, cloud security implementations, threat hunting, and experience operating or improving a SOC. Prior experience in regulated industries (financial services, healthcare, government) and participation in audits (SOC 2, ISO, PCI) is highly desirable.

Explore More Careers