Summary Report for:
15-1212.00 - Information Security Analysts
Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.
Sample of reported job titles: Information Security Officer, Information Security Specialist, Information Systems Security Analyst, Information Systems Security Officer (ISSO), Information Technology Security Analyst (IT Security Analyst), Network Security Analyst, Security Analyst, Systems Analyst
Tasks | Technology Skills | Tools Used | Knowledge | Skills | Abilities | Work Activities | Detailed Work Activities | Work Context | Job Zone | Education | Credentials | Interests | Work Styles | Work Values | Related Occupations | Wages & Employment | Job Openings | Additional Information
- Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Monitor current reports of computer viruses to determine when to update virus protection systems.
- Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
- Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
- Modify computer security files to incorporate new software, correct errors, or change individual access status.
- Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
- Document computer security and emergency measures policies, procedures, and tests.
- Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.
- Monitor use of data files and regulate access to safeguard information in computer files.
- Coordinate implementation of computer system plan with establishment personnel and outside vendors.
- Train users and promote security awareness to ensure system security and to improve server and network efficiency.
- Maintain permanent fleet cryptologic and carry-on direct support systems required in special land, sea surface and subsurface operations.
- Access software — Access management software; Citrix ; IBM Tivoli Access Management TAM
- Administration software — Cisco Systems CiscoWorks
- Analytical or scientific software — SAS ; The MathWorks MATLAB
- Application server software — Docker ; Oracle WebLogic Server ; Red Hat OpenShift ; Red Hat WildFly (see all 5 examples)
- Authentication server software — Diameter; IBM Tivoli Identity Management TIM; Password management software; Remote authentication dial-in user service RADIUS software
- Backup or archival software — Backup and archival software; System and data disaster recovery software; Veritas NetBackup
- Business intelligence and data analysis software — Apache Spark ; MicroStrategy ; Oracle Business Intelligence Enterprise Edition ; Qlik Tech QlikView (see all 6 examples)
- Cloud-based data access and sharing software — Microsoft SharePoint
- Cloud-based management software — Amazon Web Services AWS CloudFormation ; IBM WebSphere ; Splunk Enterprise
- Cloud-based protection or security software — Qualys Cloud Platform
- Communications server software — IBM Domino
- Configuration management software — Chef; Perforce Helix software; Puppet ; VMware (see all 6 examples)
- Content workflow software — Atlassian JIRA
- Customer relationship management CRM software — Salesforce software
- Data base management system software — Amazon DynamoDB ; Apache Hive ; Elasticsearch ; MongoDB (see all 13 examples)
- Data base reporting software — Microsoft SQL Server Reporting Services ; SAP Crystal Reports
- Data base user interface and query software — Amazon Elastic Compute Cloud EC2 ; Amazon Redshift ; Blackboard software; Oracle JDBC (see all 10 examples)
- Desktop communications software — Secure shell SSH software
- Development environment software — Apache Ant ; Apache Kafka ; Common business oriented language COBOL ; Go (see all 18 examples)
- Electronic mail software — IBM Notes ; Microsoft Exchange
- Enterprise application integration software — Atlassian Bamboo ; Extensible markup language XML ; Microsoft SQL Server Integration Services SSIS ; Oracle Fusion Middleware
- Enterprise resource planning ERP software — Microsoft Dynamics ; Oracle Hyperion ; Oracle JD Edwards EnterpriseOne ; Oracle PeopleSoft (see all 7 examples)
- Enterprise system management software — IBM Power Systems software
- Expert system software — Ansible software
- File versioning software — Apache Subversion SVN ; Git ; WinMerge
- Filesystem software — Computer forensic software
- Financial analysis software — Delphi Technology; Oracle E-Business Suite Financials
- Geographic information system — ESRI ArcGIS software ; Geographic information system GIS software
- Graphics or photo imaging software — Adobe Systems Adobe Flash
- Human resources software — Human resource management software HRMS
- Industrial control software — Supervisory control and data acquisition SCADA software
- Information retrieval or search software — LexisNexis
- Instant messaging software — Blink
- Internet directory services software — Active directory software; Berkeley Internet Domain Name BIND; Domain name system DNS; Network directory services software
- Internet protocol IP multimedia subsystem software — Voice over internet protocol VoIP system software
- License management software
- Medical software — Epic Systems
- Network monitoring software — Nagios ; Network intrusion prevention systems NIPS; Symantec Blue Coat Data Loss Prevention; Wireshark (see all 19 examples)
- Network security and virtual private network VPN equipment software — Imperva SecureSphere; IpFilter; Trend Micro TippingPoint; Virtual private networking VPN software (see all 9 examples)
- Network security or virtual private network VPN management software — HP Fortify; Intrusion prevention system IPS; Network and system vulnerability assessment software; Websense Data Loss Prevention (see all 8 examples)
- Object or component oriented development software — Advanced business application programming ABAP ; Apache Groovy ; Objective C ; Scala (see all 10 examples)
- Object oriented data base management software — PostgreSQL
- Office suite software — Microsoft Office
- Operating system software — Microsoft Windows Server ; Oracle Solaris ; Red Hat Enterprise Linux ; UNIX Shell (see all 15 examples)
- Point of sale POS software — Smart card management software
- Portal server software — Apache HTTP Server
- Presentation software — Microsoft PowerPoint
- Process mapping and design software — Microsoft Visio
- Program testing software — Conformance and validation testing software; Kali Linux; Selenium ; System testing software
- Project management software — Confluence ; Microsoft Project ; Microsoft Teams
- Requirements analysis and system architecture software — Unified modeling language UML
- Risk management data and analysis software — ArcSight Enterprise Threat and Risk Management
- Spreadsheet software — Microsoft Excel
- Storage networking software — Amazon Simple Storage Service S3
- Transaction security and virus protection software — HP WebInspect; Ping Identity; Portswigger BurP Suite; Symantec (see all 26 examples)
- Transaction server software — Customer information control system CICS
- Web page creation and editing software — Google Sites
- Web platform development software — Django ; Google AngularJS ; Microsoft ASP.NET ; Spring Framework (see all 19 examples)
- Word processing software — 3M Post-it App; Microsoft Word
Hot Technology — a technology requirement frequently included in employer job postings.
- Computers and Electronics — Knowledge of circuit boards, processors, chips, electronic equipment, and computer hardware and software, including applications and programming.
- English Language — Knowledge of the structure and content of the English language including the meaning and spelling of words, rules of composition, and grammar.
- Administration and Management — Knowledge of business and management principles involved in strategic planning, resource allocation, human resources modeling, leadership technique, production methods, and coordination of people and resources.
- Engineering and Technology — Knowledge of the practical application of engineering science and technology. This includes applying principles, techniques, procedures, and equipment to the design and production of various goods and services.
- Telecommunications — Knowledge of transmission, broadcasting, switching, control, and operation of telecommunications systems.
- Customer and Personal Service — Knowledge of principles and processes for providing customer and personal services. This includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction.
- Public Safety and Security — Knowledge of relevant equipment, policies, procedures, and strategies to promote effective local, state, or national security operations for the protection of people, data, property, and institutions.
- Education and Training — Knowledge of principles and methods for curriculum and training design, teaching and instruction for individuals and groups, and the measurement of training effects.
- Reading Comprehension — Understanding written sentences and paragraphs in work-related documents.
- Critical Thinking — Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems.
- Active Listening — Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
- Complex Problem Solving — Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
- Speaking — Talking to others to convey information effectively.
- Writing — Communicating effectively in writing as appropriate for the needs of the audience.
- Judgment and Decision Making — Considering the relative costs and benefits of potential actions to choose the most appropriate one.
- Monitoring — Monitoring/Assessing performance of yourself, other individuals, or organizations to make improvements or take corrective action.
- Systems Analysis — Determining how a system should work and how changes in conditions, operations, and the environment will affect outcomes.
- Active Learning — Understanding the implications of new information for both current and future problem-solving and decision-making.
- Time Management — Managing one's own time and the time of others.
- Coordination — Adjusting actions in relation to others' actions.
- Operations Monitoring — Watching gauges, dials, or other indicators to make sure a machine is working properly.
- Quality Control Analysis — Conducting tests and inspections of products, services, or processes to evaluate quality or performance.
- Systems Evaluation — Identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
- Deductive Reasoning — The ability to apply general rules to specific problems to produce answers that make sense.
- Inductive Reasoning — The ability to combine pieces of information to form general rules or conclusions (includes finding a relationship among seemingly unrelated events).
- Oral Comprehension — The ability to listen to and understand information and ideas presented through spoken words and sentences.
- Problem Sensitivity — The ability to tell when something is wrong or is likely to go wrong. It does not involve solving the problem, only recognizing that there is a problem.
- Written Comprehension — The ability to read and understand information and ideas presented in writing.
- Information Ordering — The ability to arrange things or actions in a certain order or pattern according to a specific rule or set of rules (e.g., patterns of numbers, letters, words, pictures, mathematical operations).
- Written Expression — The ability to communicate information and ideas in writing so others will understand.
- Near Vision — The ability to see details at close range (within a few feet of the observer).
- Oral Expression — The ability to communicate information and ideas in speaking so others will understand.
- Category Flexibility — The ability to generate or use different sets of rules for combining or grouping things in different ways.
- Flexibility of Closure — The ability to identify or detect a known pattern (a figure, object, word, or sound) that is hidden in other distracting material.
- Speech Clarity — The ability to speak clearly so others can understand you.
- Speech Recognition — The ability to identify and understand the speech of another person.
- Selective Attention — The ability to concentrate on a task over a period of time without being distracted.
- Fluency of Ideas — The ability to come up with a number of ideas about a topic (the number of ideas is important, not their quality, correctness, or creativity).
- Originality — The ability to come up with unusual or clever ideas about a given topic or situation, or to develop creative ways to solve a problem.
- Perceptual Speed — The ability to quickly and accurately compare similarities and differences among sets of letters, numbers, objects, pictures, or patterns. The things to be compared may be presented at the same time or one after the other. This ability also includes comparing a presented object with a remembered object.
- Working with Computers — Using computers and computer systems (including hardware and software) to program, write software, set up functions, enter data, or process information.
- Getting Information — Observing, receiving, and otherwise obtaining information from all relevant sources.
- Identifying Objects, Actions, and Events — Identifying information by categorizing, estimating, recognizing differences or similarities, and detecting changes in circumstances or events.
- Evaluating Information to Determine Compliance with Standards — Using relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.
- Analyzing Data or Information — Identifying the underlying principles, reasons, or facts of information by breaking down information or data into separate parts.
- Processing Information — Compiling, coding, categorizing, calculating, tabulating, auditing, or verifying information or data.
- Documenting/Recording Information — Entering, transcribing, recording, storing, or maintaining information in written or electronic/magnetic form.
- Updating and Using Relevant Knowledge — Keeping up-to-date technically and applying new knowledge to your job.
- Communicating with Supervisors, Peers, or Subordinates — Providing information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person.
- Making Decisions and Solving Problems — Analyzing information and evaluating results to choose the best solution and solve problems.
- Monitoring Processes, Materials, or Surroundings — Monitoring and reviewing information from materials, events, or the environment, to detect or assess problems.
- Interpreting the Meaning of Information for Others — Translating or explaining what information means and how it can be used.
- Organizing, Planning, and Prioritizing Work — Developing specific goals and plans to prioritize, organize, and accomplish your work.
- Thinking Creatively — Developing, designing, or creating new applications, ideas, relationships, systems, or products, including artistic contributions.
- Establishing and Maintaining Interpersonal Relationships — Developing constructive and cooperative working relationships with others, and maintaining them over time.
- Developing Objectives and Strategies — Establishing long-range objectives and specifying the strategies and actions to achieve them.
- Performing Administrative Activities — Performing day-to-day administrative tasks such as maintaining information files and processing paperwork.
- Estimating the Quantifiable Characteristics of Products, Events, or Information — Estimating sizes, distances, and quantities; or determining time, costs, resources, or materials needed to perform a work activity.
- Communicating with People Outside the Organization — Communicating with people outside the organization, representing the organization to customers, the public, government, and other external sources. This information can be exchanged in person, in writing, or by telephone or e-mail.
- Judging the Qualities of Objects, Services, or People — Assessing the value, importance, or quality of things or people.
- Providing Consultation and Advice to Others — Providing guidance and expert advice to management or other groups on technical, systems-, or process-related topics.
Detailed Work Activities
- Develop computer or information security policies or procedures.
- Update knowledge about emerging industry or technology trends.
- Implement security measures for computer or information systems.
- Test computer system operations to ensure proper functioning.
- Collaborate with others to resolve information technology issues.
- Document operational procedures.
- Troubleshoot issues with computer applications or systems.
- Coordinate project activities with other personnel or departments.
- Monitor the security of digital information.
- Train others in computer interface or software use.
- Electronic Mail — 98% responded “Every day.”
- Indoors, Environmentally Controlled — 89% responded “Every day.”
- Face-to-Face Discussions — 63% responded “Every day.”
- Telephone — 65% responded “Every day.”
- Contact With Others — 46% responded “Constant contact with others.”
- Spend Time Sitting — 47% responded “More than half the time.”
- Work With Work Group or Team — 46% responded “Extremely important.”
- Duration of Typical Work Week — 62% responded “More than 40 hours.”
- Importance of Being Exact or Accurate — 40% responded “Extremely important.”
- Structured versus Unstructured Work — 54% responded “Some freedom.”
- Freedom to Make Decisions — 64% responded “Some freedom.”
- Impact of Decisions on Co-workers or Company Results — 39% responded “Very important results.”
- Time Pressure — 49% responded “Once a month or more but not every week.”
- Consequence of Error — 33% responded “Extremely serious.”
- Coordinate or Lead Others — 43% responded “Important.”
- Importance of Repeating Same Tasks — 37% responded “Important.”
- Frequency of Decision Making — 31% responded “Every day.”
- Level of Competition — 36% responded “Moderately competitive.”
- Physical Proximity — 55% responded “Slightly close (e.g., shared office).”
- Spend Time Using Your Hands to Handle, Control, or Feel Objects, Tools, or Controls — 33% responded “Continually or almost continually.”
- Responsibility for Outcomes and Results — 25% responded “Limited responsibility.”
- Letters and Memos — 34% responded “Once a year or more but not every month.”
|Title||Job Zone Four: Considerable Preparation Needed|
|Education||Most of these occupations require a four-year bachelor's degree, but some do not.|
|Related Experience||A considerable amount of work-related skill, knowledge, or experience is needed for these occupations. For example, an accountant must complete four years of college and work for several years in accounting to be considered qualified.|
|Job Training||Employees in these occupations usually need several years of work-related experience, on-the-job training, and/or vocational training.|
|Job Zone Examples||Many of these occupations involve coordinating, supervising, managing, or training others. Examples include real estate brokers, sales managers, database administrators, graphic designers, chemists, art directors, and cost estimators.|
|SVP Range||(7.0 to < 8.0)|
Interest code: CIR Want to discover your interests? Take the O*NET Interest Profiler at My Next Move.
- Conventional — Conventional occupations frequently involve following set procedures and routines. These occupations can include working with data and details more than with ideas. Usually there is a clear line of authority to follow.
- Investigative — Investigative occupations frequently involve working with ideas, and require an extensive amount of thinking. These occupations can involve searching for facts and figuring out problems mentally.
- Realistic — Realistic occupations frequently involve work activities that include practical, hands-on problems and solutions. They often deal with plants, animals, and real-world materials like wood, tools, and machinery. Many of the occupations require working outside, and do not involve a lot of paperwork or working closely with others.
- Attention to Detail — Job requires being careful about detail and thorough in completing work tasks.
- Dependability — Job requires being reliable, responsible, and dependable, and fulfilling obligations.
- Integrity — Job requires being honest and ethical.
- Analytical Thinking — Job requires analyzing information and using logic to address work-related issues and problems.
- Cooperation — Job requires being pleasant with others on the job and displaying a good-natured, cooperative attitude.
- Adaptability/Flexibility — Job requires being open to change (positive or negative) and to considerable variety in the workplace.
- Initiative — Job requires a willingness to take on responsibilities and challenges.
- Persistence — Job requires persistence in the face of obstacles.
- Self-Control — Job requires maintaining composure, keeping emotions in check, controlling anger, and avoiding aggressive behavior, even in very difficult situations.
- Achievement/Effort — Job requires establishing and maintaining personally challenging achievement goals and exerting effort toward mastering tasks.
- Leadership — Job requires a willingness to lead, take charge, and offer opinions and direction.
- Stress Tolerance — Job requires accepting criticism and dealing calmly and effectively with high-stress situations.
- Independence — Job requires developing one's own ways of doing things, guiding oneself with little or no supervision, and depending on oneself to get things done.
- Innovation — Job requires creativity and alternative thinking to develop new ideas for and answers to work-related problems.
- Concern for Others — Job requires being sensitive to others' needs and feelings and being understanding and helpful on the job.
- Social Orientation — Job requires preferring to work with others rather than alone, and being personally connected with others on the job.
- Working Conditions — Occupations that satisfy this work value offer job security and good working conditions. Corresponding needs are Activity, Compensation, Independence, Security, Variety and Working Conditions.
- Independence — Occupations that satisfy this work value allow employees to work on their own and make decisions. Corresponding needs are Creativity, Responsibility and Autonomy.
- Support — Occupations that satisfy this work value offer supportive management that stands behind employees. Corresponding needs are Company Policies, Supervision: Human Relations and Supervision: Technical.
Wages & Employment Trends
|Median wages (2020)||$49.80 hourly, $103,590 annual|
|Employment (2020)||141,200 employees|
|Projected growth (2020-2030)||Much faster than average (15% or higher)|
|Projected job openings (2020-2030)||16,300|
|Top industries (2020)|
Source: Bureau of Labor Statistics 2020 wage data and 2020-2030 employment projections . "Projected growth" represents the estimated change in total employment over the projections period (2020-2030). "Projected job openings" represent openings due to growth and replacement.
Job Openings on the Web
Sources of Additional Information
Disclaimer: Sources are listed to provide additional information on related jobs, specialties, and/or industries. Links to non-DOL Internet sites are provided for your convenience and do not constitute an endorsement.
- Association for Computing Machinery
- CompTIA Association of IT Professionals
- Computing Research Association
- Cyber Degrees EDU
- High Technology Crime Investigation Association
- IEEE Computer Society
- Information Systems Security Association
- National Center for Women and Information Technology
- National Initiative for Cybersecurity Education
- Occupational Outlook Handbook: Information security analysts