System Security Analyst Job Profile

What is a Systems Security Analyst?

The Systems Security Analyst is responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.

Professional Certifications

System Security Analyst must know:

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • computer algorithms.
  • encryption algorithms
  • cryptography and cryptographic key management concepts
  • database systems.
  • installation, integration, and optimization of system components.
  • human-computer interaction principles.
  • vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
  • network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • operating systems.
  • how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • parallel and distributed computing concepts.
  • security system design tools, methods, and techniques.
  • software engineering.
  • telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
  • the systems engineering process.
  • network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • various types of computer architectures.
  • Personally Identifiable Information (PII) data security standards.
  • Payment Card Industry (PCI) data security standards.
  • Personal Health Information (PHI) data security standards.
  • information technology (IT) risk management policies, requirements, and procedures.
  • how to evaluate the trustworthiness of the supplier and/or product.
  • laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
  • configuration management techniques.
  • security management.
  • information technology (IT) service catalogues.
  • developing and applying user credential management system.
  • implementing enterprise key escrow systems to support data-at-rest encryption.
  • an organization’s information classification program and procedures for information compromise.
  • systems security testing and evaluation methods.
  • countermeasure design for identified security risks.
  • embedded systems.
  • network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • how to use network analysis tools to identify vulnerabilities.

Key skills of the Systems Security Analyst include:

  • designing the integration of hardware and software solutions.
  • determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • developing and applying security system access controls.
  • evaluating the adequacy of security designs.
  • writing code in a currently supported programming language (e.g., Java, C++).
  • assessing security systems designs.
  • assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
  • recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Systems Security Analyst must be able to:

  • conduct vulnerability scans and recognize vulnerabilities in security systems.
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel