Favourite this Job

Security Analyst

Kaitātari Whakamarumaru

Alternative titles for this job

Security analysts create and monitor security processes and frameworks to protect an organisation's information systems and computer networks from being illegally accessed.

Pay

Security analysts usually earn

$92K-$137K per year

Source: AbsoluteIT, 'Tech Remuneration Report', 2018.

Job opportunities

Chances of getting a job as a security analyst are good due to a shortage workers.

Pay

Pay for security analysts varies depending on skills and experience. According to AbsoluteIT, security analysts in the:

  • lowest-paid group earn an average of $92,000 a year
  • middle pay range earn an average of $117,000
  • highest-paid group earn an average of $137,000.

IT security analysts working as contractors earn an average of $85 to $140 an hour.

Source: AbsoluteIT, 'Tech Remuneration Report', January 2018.

(This information is a guide only. Find out more about the sources of our pay information)

What you will do

Security analysts may do some or all of the following:

  • analyse risks and security alerts, and identify and manage security breaches
  • install and implement hardware and software to prevent unauthorised access to information and networks
  • monitor information coming into and leaving organisations, and employees' internet access 
  • write and enforce security policies
  • work with law enforcement agencies to manage security threats
  • make employees aware of security issues and their responsibilities as users of information systems.

Skills and knowledge

Security analysts need to have:

  • strong analytical and diagnostic skills
  • knowledge of computer and network systems, devices and software
  • knowledge of security monitoring and how to conduct security investigations
  • up to date understanding of internet threats
  • knowledge of current IT security standards, practices and methods.

Working conditions

Security analysts:

  • usually work full time and may also work evenings and weekends, and be on call
  • work in offices in conditions that may be stressful when working to strict deadlines whilst responding to security threats
  • may travel locally or overseas to meet clients.

Entry requirements

There are no specific requirements to become a security analyst. However, you usually need one or more of:

  • a diploma or degree, preferably in an IT-related subject such as network engineering, computer science or cyber security
  • a relevant industry-based certification, such as Certified Information Systems Security Professional (CISSP), which people usually study for after they have IT experience
  • three to seven years’ experience in intermediate-level security roles or related roles such as network or systems administrator.

Common ways of gaining IT-related knowledge include learning through online courses and tutorials, and working on your own projects. 

If you are a graduate from a field other than IT, you can gain a fast-tracked IT-related qualification through ICT Graduate Schools.

Secondary education

A tertiary entrance qualification is needed to enter tertiary training. Useful school subjects include digital technologies, maths, physics and English.

For Year 11 to 13 students, the Gateway programme is a good way to gain industry experience.

Personal requirements

Security analysts need to be:

  • detail-oriented, curious and eager to work in-depth on technical questions
  • analytical thinkers and problem solvers
  • good at seeing the big picture, to examine problems and solutions from all sides
  • interested in continuous learning as they need to keep up to date with fast-changing technology
  • skilled communicators.

Useful experience

Useful experience for security consultants includes: 

  • work in entry-level IT jobs such as information technology helpdesk/support technician
  • on-the-job training through IT internships and graduate recruitment programmes
  • hacking experience gained through study or hacking conferences
  • working on individual IT projects such as setting up your own penetration testing lab or assembling computers.

Physical requirements

Security analysts spend a lot of time using computers, so they need to know how to use computer equipment properly to avoid occupational overuse syndrome (OOS).

Registration

Security analysts may choose to become certified or chartered through associations such as the Institute of IT Professionals.

Find out more about training

Engineering New Zealand
(04) 473 9444  – hello@engineeringnz.org – www.engineeringnz.org
IT Professionals NZ
0800 252 255 – info@itp.nz – www.itp.nz
NZTech
(09) 475 0204 – info@nztech.org.nz – www.nztech.org.nz
Check out related courses

What are the chances of getting a job?

Security analysts are in high demand due to:

  • increasing numbers of organisations shifting services and systems online
  • the ease with which hackers can access and damage online information or networks, because information is increasingly available through multiple devices and the "Internet of Things" – anything connected to the internet, including vehicles and home appliances. 

Shortage of security analysts

The need for security analysts is increasing but there are not enough to meet demand, and not enough information technology (IT) trainees or juniors who can progress into the role.

As a result, ICT security specialist appears on Immigration New Zealand's long-term skill shortage list. This means the Government is actively encouraging skilled security analysts from overseas to work in New Zealand.

How to get your first IT job 

You can improve your chances of getting an IT job by gaining experience through government and IT industry initiatives, which include:

  • internships such as Summer of Tech
  • graduate programmes offered by IT companies
  • events such as hackathons
  • mentoring programmes
  • programmes to encourage more women into IT, such as ShadowTech.

Types of employers varied

Security analysts may work for a wide range of organisations including:

  • software and web development companies
  • companies that provide computer, database and network services
  • internet providers
  • large retailers, banks, media organisations and government departments.

Security analysts may also be self-employed. 

Sources

  • AbsoluteIT, 'Employer Report', March 2017, (www.absoluteit.co.nz).
  • Hays, 'Hotspots of Skills in Demand, January – June 2018', (www.hays.net.nz).
  • Immigration New Zealand, 'Long-term Skill Shortage List', 19 February 2018, (www.immigration.govt.nz).
  • Paredes, D, 'The Untrammelled Rise of the Cyber Security Professional', CIO, accessed 24 March 2017. 
  • Seath, S, and Drew, C, 'Cyber Security Skills Report', Greater Wellington Regional Council, September 2016.
  • The Domain Name Commission, '.nz Statistics by Financial Year', accessed February 2018, (www.dnc.org.nz).
  • University of Waikato website, 'Students Urged to Combat Cybercrime', 30 March 2017, (www.waikato.ac.nz).
  • Vaughan, J, 'Job Openings in Cybersecurity Expected to Skyrocket in 2017', accessed 23 March 2017.

(This information is a guide only. Find out more about the sources of our job opportunities information)

Progression and specialisations

Security analysts may progress to set up their own business, or move into roles such as:

  • security consultant
  • security architect
  • security manager
  • IT project manager
  • security director
  • chief information and security officer (CISO).

Security analysts may specialise in:

  • cloud security – protecting data stored on servers hosted on the internet rather than on a local server or personal computer
  • internet security – protecting against internet crime, especially unauthorised access to computer systems and data
  • mobile security – protecting smartphones and other portable devices, and the networks they connect to, from threats
  • network security – protecting the internal computer network of an organisation.
Two people in a server room, one changing cables and the other checking off items on a list

Security analysts upgrade hardware and software to keep organisations safe from cyber attacks

Last updated 23 May 2019