Information Security Analysts
15-1212.00
Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.
Sample of reported job titles: Computer Security Specialist, Computer Systems Security Analyst, Cyber Security Specialist, Data Security Analyst, Information Security Analyst, Information Security Officer, Information Security Specialist, Information Systems Security Analyst, Information Systems Security Officer (ISSO), Information Technology Analyst (IT Analyst), Information Technology Security Analyst (IT Security Analyst), Network Security Analyst, Security Analyst, Security Specialist, Systems Analyst
Occupation-Specific Information
Tasks
- Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
- Monitor current reports of computer viruses to determine when to update virus protection systems.
- Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
- Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
- Modify computer security files to incorporate new software, correct errors, or change individual access status.
- Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
- Document computer security and emergency measures policies, procedures, and tests.
- Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.
- Monitor use of data files and regulate access to safeguard information in computer files.
- Coordinate implementation of computer system plan with establishment personnel and outside vendors.
- Train users and promote security awareness to ensure system security and to improve server and network efficiency.
- Maintain permanent fleet cryptologic and carry-on direct support systems required in special land, sea surface and subsurface operations.
Technology Skills
- Access software - Access management software; Citrix cloud computing software; IBM Tivoli Access Management TAM
- Administration software - Cisco Systems CiscoWorks
- Analytical or scientific software - SAS π₯; The MathWorks MATLAB π₯
- Application server software - Docker π₯; GitHub π₯; Oracle WebLogic Server; Red Hat OpenShift π₯; Red Hat WildFly
- Authentication server software - Diameter; IBM Tivoli Identity Management TIM; Password management software; Remote authentication dial-in user service RADIUS software
- Backup or archival software - Backup and archival software; System and data disaster recovery software; Veritas NetBackup
- Business intelligence and data analysis software - Apache Spark π₯; IBM Cognos Impromptu; MicroStrategy; Oracle Business Intelligence Enterprise Edition; Qlik Tech QlikView; Tableau π₯
- Cloud-based data access and sharing software - Microsoft SharePoint π₯
-
Cloud-based management software -
Amazon Web Services AWS CloudFormation π₯; IBM WebSphere; Splunk Enterprise
- Cloud-based protection or security software - Qualys Cloud Platform
- Clustering software - VMware
- Communications server software - IBM Domino
- Configuration management software - Automated installation software; Chef π₯; Patch and update management software; Perforce Helix software; Puppet π₯
- Content workflow software - Atlassian JIRA π₯
- Customer relationship management CRM software - Salesforce software π₯
- Data base management system software - Amazon DynamoDB π₯; Apache Cassandra π₯; Apache Hadoop π₯; Apache Hive π₯; Apache Pig; Apache Solr; Elasticsearch π₯; MongoDB π₯; MySQL π₯; NoSQL π₯; Oracle PL/SQL π₯; Relational database management software; Teradata Database π₯
- Data base reporting software - Microsoft SQL Server Reporting Services SSRS π₯; SAP Crystal Reports
-
Data base user interface and query software -
Amazon Elastic Compute Cloud EC2 π₯; Amazon Redshift π₯; Amazon Web Services AWS software ; Blackboard software; Microsoft Access π₯; Microsoft SQL Server π₯; Oracle Database π₯; Oracle JDBC; Structured query language SQL π₯
- Desktop communications software - Secure shell SSH software
-
Development environment software -
Adobe ActionScript; Apache Ant; Apache Kafka π₯; Apache Maven π₯; C π₯; Common business oriented language COBOL; Eclipse IDE π₯; Go π₯; Integrated development environment IDE software; Microsoft .NET Framework π₯; Microsoft Azure software ; Microsoft PowerShell π₯; Microsoft Visual Basic π₯; Microsoft Visual Basic for Applications VBA π₯; Microsoft Visual Basic Scripting Edition VBScript; Microsoft Visual Studio π₯; National Instruments LabVIEW; Ruby π₯
- Electronic mail software - IBM Notes; Microsoft Exchange
- Enterprise application integration software - Atlassian Bamboo π₯; Extensible markup language XML π₯; Microsoft SQL Server Integration Services SSIS π₯; Oracle Fusion Middleware
- Enterprise resource planning ERP software - Microsoft Dynamics π₯; Oracle Fusion Applications; Oracle Hyperion; Oracle JD Edwards EnterpriseOne; Oracle PeopleSoft π₯; Oracle PeopleSoft Financials; SAP software π₯
- Enterprise system management software - IBM Power Systems software
- Expert system software - Ansible software π₯
- Filesystem software - Computer forensic software
- File versioning software - Apache Subversion SVN π₯; Git π₯; WinMerge
- Financial analysis software - Delphi Technology; Oracle E-Business Suite Financials
- Geographic information system - ESRI ArcGIS software π₯; Geographic information system GIS software
- Human resources software - Human resource management software HRMS
- Industrial control software - Supervisory control and data acquisition SCADA software
- Information retrieval or search software - LexisNexis
- Instant messaging software - Blink
- Internet directory services software - Active directory software; Berkeley Internet Domain Name BIND; Domain name system DNS; Microsoft Active Directory π₯; Network directory services software
- Internet protocol IP multimedia subsystem software - Voice over internet protocol VoIP system software
- License management software - License management software
- Medical software - Epic Systems π₯
- Network monitoring software - AccessData FTK; Automated audit trail analysis software; Automated media tracking software; Ethereal; Guidance Software EnCase Forensic; IBM QRadar SIEM; Integrity verification software; Keystroke monitoring software; Micro Focus OpenView; Nagios; Network intrusion prevention systems NIPS; Network, hardware, and software auditing software; Oracle Net Manager; Quest BigBrother; Sniffer Investigator; Snort; Symantec Blue Coat Data Loss Prevention; Tcpdump; Wireshark
- Network security and virtual private network VPN equipment software - Cryptographic key management software; Firewall software; Imperva SecureSphere; IpFilter; IpTables; Juniper Networks NetScreen-Security Manager; Palo Alto Networks Next-Generation Security Platform; Trend Micro TippingPoint; Virtual private networking VPN software
- Network security or virtual private network VPN management software - HP Fortify; Intrusion detection system IDS; Intrusion prevention system IPS; ISS RealSecure; Network and system vulnerability assessment software; Network security auditing software; Security incident management software; Websense Data Loss Prevention
-
Object or component oriented development software -
Advanced business application programming ABAP; Apache Groovy; C# π₯; C++ π₯; Objective C π₯; Oracle Java π₯; Perl π₯; Python ; Scala π₯; Swift π₯
- Object oriented data base management software - PostgreSQL π₯
-
Office suite software -
Microsoft Office software
-
Operating system software -
Apple macOS π₯; Bash π₯; Hewlett Packard HP-UX; Job control language JCL; KornShell; Linux ; Microsoft Hyper-V Server; Microsoft Windows π₯; Microsoft Windows Server π₯; Operating system software; Oracle Solaris; Red Hat Enterprise Linux; Shell script π₯; Ubuntu; UNIX π₯; UNIX Shell π₯
- Point of sale POS software - Smart card management software
- Portal server software - Apache HTTP Server
- Presentation software - Microsoft PowerPoint π₯
- Process mapping and design software - Microsoft Visio π₯
- Program testing software - Conformance and validation testing software; Kali Linux; Selenium π₯; System testing software
- Project management software - Atlassian Confluence π₯; Microsoft Project π₯; Microsoft Teams π₯
- Requirements analysis and system architecture software - Unified modeling language UML
- Risk management data and analysis software - ArcSight Enterprise Threat and Risk Management
-
Spreadsheet software -
Microsoft Excel
- Storage networking software - Amazon Simple Storage Service S3 π₯
- Switch or router software - Border Gateway Protocol BGP π₯
- Transaction security and virus protection software - Anti-phishing software; Anti-spyware software; Anti-Trojan software; Check Point Next Generation Secure Web Gateway; End-to-end encryption software; Honeypot; HP WebInspect; Link encryption software; McAfee; McAfee VirusScan; Metasploit; Norton AntiVirus; NortonLifeLock cybersecurity software; Password cracker software; Penetration testing software; Ping Identity; Portswigger BurP Suite; Program checksumming software; Rapid7 Nexpose; Root kit detection software; Secure internet filtering software; Security risk assessment software; Stack smashing protection SSP software; Symantec Endpoint Protection; Tenable Nessus; Virus scanning software
- Transaction server software - Customer information control system CICS
- Web page creation and editing software - Google Sites
- Web platform development software - AJAX π₯; Apache Struts; Apache Tomcat π₯; Django π₯; Drupal π₯; Enterprise JavaBeans; Extensible hypertext markup language XHTML; Google Angular π₯; Hypertext markup language HTML π₯; JavaScript π₯; JavaScript Object Notation JSON π₯; LAMP Stack; Microsoft Active Server Pages ASP π₯; Microsoft ASP.NET π₯; Node.js π₯; Oracle JavaServer Pages JSP π₯; PHP π₯; Ruby on Rails π₯; Spring Framework π₯
- Word processing software - 3M Post-it App; Microsoft Word π₯
Occupational Requirements
Work Activities
- Getting Information - Observing, receiving, and otherwise obtaining information from all relevant sources.
- Monitoring Processes, Materials, or Surroundings - Monitoring and reviewing information from materials, events, or the environment, to detect or assess problems.
- Identifying Objects, Actions, and Events - Identifying information by categorizing, estimating, recognizing differences or similarities, and detecting changes in circumstances or events.
- Inspecting Equipment, Structures, or Materials - Inspecting equipment, structures, or materials to identify the cause of errors or other problems or defects.
- Estimating the Quantifiable Characteristics of Products, Events, or Information - Estimating sizes, distances, and quantities; or determining time, costs, resources, or materials needed to perform a work activity.
- Judging the Qualities of Objects, Services, or People - Assessing the value, importance, or quality of things or people.
- Processing Information - Compiling, coding, categorizing, calculating, tabulating, auditing, or verifying information or data.
- Evaluating Information to Determine Compliance with Standards - Using relevant information and individual judgment to determine whether events or processes comply with laws, regulations, or standards.
- Analyzing Data or Information - Identifying the underlying principles, reasons, or facts of information by breaking down information or data into separate parts.
- Making Decisions and Solving Problems - Analyzing information and evaluating results to choose the best solution and solve problems.
- Thinking Creatively - Developing, designing, or creating new applications, ideas, relationships, systems, or products, including artistic contributions.
- Updating and Using Relevant Knowledge - Keeping up-to-date technically and applying new knowledge to your job.
- Developing Objectives and Strategies - Establishing long-range objectives and specifying the strategies and actions to achieve them.
- Scheduling Work and Activities - Scheduling events, programs, and activities, as well as the work of others.
- Organizing, Planning, and Prioritizing Work - Developing specific goals and plans to prioritize, organize, and accomplish your work.
- Performing General Physical Activities - Performing physical activities that require considerable use of your arms and legs and moving your whole body, such as climbing, lifting, balancing, walking, stooping, and handling materials.
- Handling and Moving Objects - Using hands and arms in handling, installing, positioning, and moving materials, and manipulating things.
- Controlling Machines and Processes - Using either control mechanisms or direct physical activity to operate machines or processes (not including computers or vehicles).
- Operating Vehicles, Mechanized Devices, or Equipment - Running, maneuvering, navigating, or driving vehicles or mechanized equipment, such as forklifts, passenger vehicles, aircraft, or watercraft.
- Working with Computers - Using computers and computer systems (including hardware and software) to program, write software, set up functions, enter data, or process information.
- Drafting, Laying Out, and Specifying Technical Devices, Parts, and Equipment - Providing documentation, detailed instructions, drawings, or specifications to tell others about how devices, parts, equipment, or structures are to be fabricated, constructed, assembled, modified, maintained, or used.
- Repairing and Maintaining Mechanical Equipment - Servicing, repairing, adjusting, and testing machines, devices, moving parts, and equipment that operate primarily on the basis of mechanical (not electronic) principles.
- Repairing and Maintaining Electronic Equipment - Servicing, repairing, calibrating, regulating, fine-tuning, or testing machines, devices, and equipment that operate primarily on the basis of electrical or electronic (not mechanical) principles.
- Documenting/Recording Information - Entering, transcribing, recording, storing, or maintaining information in written or electronic/magnetic form.
- Interpreting the Meaning of Information for Others - Translating or explaining what information means and how it can be used.
- Communicating with Supervisors, Peers, or Subordinates - Providing information to supervisors, co-workers, and subordinates by telephone, in written form, e-mail, or in person.
- Communicating with People Outside the Organization - Communicating with people outside the organization, representing the organization to customers, the public, government, and other external sources. This information can be exchanged in person, in writing, or by telephone or e-mail.
- Establishing and Maintaining Interpersonal Relationships - Developing constructive and cooperative working relationships with others, and maintaining them over time.
- Assisting and Caring for Others - Providing personal assistance, medical attention, emotional support, or other personal care to others such as coworkers, customers, or patients.
- Selling or Influencing Others - Convincing others to buy merchandise/goods or to otherwise change their minds or actions.
- Resolving Conflicts and Negotiating with Others - Handling complaints, settling disputes, and resolving grievances and conflicts, or otherwise negotiating with others.
- Performing for or Working Directly with the Public - Performing for people or dealing directly with the public. This includes serving customers in restaurants and stores, and receiving clients or guests.
- Coordinating the Work and Activities of Others - Getting members of a group to work together to accomplish tasks.
- Developing and Building Teams - Encouraging and building mutual trust, respect, and cooperation among team members.
- Training and Teaching Others - Identifying the educational needs of others, developing formal educational or training programs or classes, and teaching or instructing others.
- Guiding, Directing, and Motivating Subordinates - Providing guidance and direction to subordinates, including setting performance standards and monitoring performance.
- Coaching and Developing Others - Identifying the developmental needs of others and coaching, mentoring, or otherwise helping others to improve their knowledge or skills.
- Providing Consultation and Advice to Others - Providing guidance and expert advice to management or other groups on technical, systems-, or process-related topics.
- Performing Administrative Activities - Performing day-to-day administrative tasks such as maintaining information files and processing paperwork.
- Staffing Organizational Units - Recruiting, interviewing, selecting, hiring, and promoting employees in an organization.
- Monitoring and Controlling Resources - Monitoring and controlling resources and overseeing the spending of money.
Detailed Work Activities
- Develop computer or information security policies or procedures.
- Update knowledge about emerging industry or technology trends.
- Implement security measures for computer or information systems.
- Test computer system operations to ensure proper functioning.
- Document operational procedures.
- Troubleshoot issues with computer applications or systems.
- Collaborate with others to resolve information technology issues.
- Monitor the security of digital information.
- Coordinate project activities with other personnel or departments.
- Train others in computer interface or software use.