Security analysts create and monitor security processes and frameworks to protect an organisations information systems and computer networks from being illegally accessed.
Security analysts usually earn
$120K-$200K per year
Chief security officers usually earn
$180K-$400K per year
Source: Absolute IT and Recruit IT, 2022.
Pay for security analysts varies depending on skills and experience.
- Security analysts usually earn $120,000 to $180,000 a year.
- Security analyst managers can earn $150,000 to $200,000 a year.
- Chief security officers can earn $180,000 to $400,000 a year.
Sources: Absolute IT, ’IT Job Market and Remuneration Report 2022’, 2022; Recruit IT, 'Technology & Digital Salary Update, Auckland, December 2022’; and Recruit IT, ‘Technology & Digital Salary Update, Wellington, December 2022’, 2022.
(This information is a guide only. Find out more about the sources of our pay information)
What you will do
Security analysts may do some or all of the following:
- analyse risks and security alerts, and identify and manage security breaches
- install and implement hardware and software to prevent unauthorised access to information and networks
- monitor information coming into and leaving organisations, and employees' internet access
- write and enforce security policies
- work with law enforcement agencies to manage security threats
- make employees aware of security issues and their responsibilities as users of information systems.
Skills and knowledge
Security analysts need to have:
- strong analytical and diagnostic skills
- knowledge of computer and network systems, devices and software
- knowledge of security monitoring and how to conduct security investigations
- up to date understanding of internet threats
- knowledge of current IT security standards, practices and methods.
- usually work full time and may also work evenings and weekends, and be on call
- work in offices in conditions that may be stressful when working to strict deadlines whilst responding to security threats
- may travel locally or overseas to meet clients.
There are no specific requirements to become a security analyst. However, you usually need one or more of:
- a diploma or degree, preferably in an IT-related subject such as network engineering, computer science or cyber security
- a relevant industry-based certification, such as Certified Information Systems Security Professional (CISSP)
- three to seven years’ experience in intermediate-level security roles or related roles such as network or systems administrator.
Common ways of gaining IT-related knowledge include learning through online courses and tutorials, and working on your own projects.
- Cyber Degrees website – find out about certifications for cyber security
- ISC website - find out about CISSP certification
A tertiary entrance qualification is needed to enter tertiary training. Useful subjects include digital technologies, maths, physics and English.
For Year 11 to 13 students, the Gateway programme is a good way to gain industry experience.
Security analysts need to be:
- detail-oriented, curious and eager to work in-depth on technical questions
- analytical thinkers and problem solvers
- good at seeing the big picture, to examine problems and solutions from all sides
- interested in continuous learning as they need to keep up to date with fast-changing technology
- skilled communicators.
Useful experience for security consultants includes:
- work in entry-level IT jobs such as information technology helpdesk/support technician
- on-the-job training through IT internships and graduate recruitment programmes
- hacking experience gained through study or hacking conferences
- working on individual IT projects such as setting up your own penetration testing lab or assembling computers.
Security analysts spend a lot of time using computers, so they need to know how to use computer equipment properly to avoid occupational overuse syndrome (OOS).
Security analysts may choose to become certified or chartered through associations such as the Institute of IT Professionals.
Find out more about training
- IT Professionals NZ
- 0800 252 255 – email@example.com – www.itp.nz
- (09) 475 0204 – firstname.lastname@example.org – www.nztech.org.nz
What are the chances of getting a job?
Security analysts in demand
Security analysts are in high demand due to:
- organisations shifting services and systems online
- increasing numbers of devices that are connected to the internet, including vehicles, which hackers can access and damage online.
Shortage of experienced security analysts
There are not enough experienced security analysts to meet demand. Nearly two thirds of IT employers report skills shortages, and there aren't enough information technology (IT) trainees.
As a result, ICT security specialist appears on Immigration New Zealand's long-term skill shortage list. This means the Government is actively encouraging skilled security analysts from overseas to work in New Zealand.
How to get your first IT job
You can improve your chances of getting a job through:
- internships like Summer of Tech
- graduate programmes offered by IT companies
- mentoring programmes.
- NxtStep website - find IT internships
- Summer of Tech website - information on the IT internship programme
Types of employers varied
Security analysts can work for:
- private companies that provide web, database and network services
- software development companies
- private companies
- government departments and educational institutions.
- Hays, 'IT Salary Guide and Recruiting Trends', accessed November 2021, (www.hays.net.nz).
- Immigration New Zealand, 'Long Term Skill Shortage List', 27 May 2019, (www.immigration.govt.nz).
- Recruit I.T., 'Technology and Digital Salary Update Auckland', and 'Recruit I.T. 'Technology and Digital Salary Update Wellington', July 2021, (www.recruitit.co.nz).
(This information is a guide only. Find out more about the sources of our job opportunities information)
Progression and specialisations
Security analysts may progress to set up their own business, or move into roles such as:
- security consultant
- security architect
- security manager
- IT project manager
- security director
- chief information and security officer (CISO).
- Security consultant job information
- Information technology manager job information
- Information technology architect job information
Security analysts may specialise in:
- cloud security – protecting data stored on servers hosted on the internet rather than on a local server or personal computer
- internet security – protecting against internet crime, especially unauthorised access to computer systems and data
- mobile security – protecting smartphones and other portable devices, and the networks they connect to, from threats
- network security – protecting the internal computer network of an organisation.
Last updated 25 August 2023