WHAT DOES A CYBER SECURITY ANALYST DO?

Published: May 27, 2025 - The Cyber Security Analyst performs cyber security risk assessments and collaborates with the Cyber Security Operations Center to monitor, analyze, and investigate threats affecting the organization’s security posture. This position facilitates the implementation of security policies and awareness programs while providing detailed impact reports to management regarding information and system security incidents. This role participates in incident response activities and conducts research on threat actors and mitigation strategies to enhance overall cyber defense measures.

A Review of Professional Skills and Functions for Cyber Security Analyst

1. Cyber Security Analyst Duties

  • Security Monitoring: Conduct security monitoring, threat hunting, security and data/log analysis, and forensic analysis to detect security incidents, and mount an incident response, utilizing commercial tools to find TTPs.
  • IPS/IDS Tuning: Perform IPS/IDS and proxy tuning to increase the accuracy and performance of security appliances.
  • Tech Research: Investigate and utilize new technologies and processes to enhance security capabilities and implement improvements.
  • Procedure Development: Develop and maintain procedures to efficiently deliver Systems Security testing services.
  • Issue Resolution: Create new ways to solve existing production security issues.
  • Security Collaboration: Collaborate with colleagues on authentication, authorization, and encryption solutions.
  • Policy Management: Collaborate on the definition, implementation, and maintenance of corporate security policies.
  • Security Assessment: Proactively conduct hands-on security assessments on systems and infrastructure equipment, identify security vulnerabilities/weaknesses, evaluate countermeasures, and recommend best security practices to mitigate the vulnerabilities.
  • Vulnerability Review: Review results and recommend effective remediation of vulnerability scans, penetration tests, and compliance reports.
  • Project Security: Participate and recommend security controls for IT and Systems related projects.
  • Security Advocacy: Be a champion of effective security best practices and promote acceptance, adoption, and socialization.
  • Incident Management: Participate in the information security incident management process.
  • Report Development: Develop and maintain regular information security reports for managers and the team.
  • Awareness Program: Assist with the development and promotion of a meaningful Systems Security Awareness Program.
  • Security Updates: Stay informed about the latest developments in the information security field, including new products and services.

2. Cyber Security Analyst Details

  • Alert Investigation: Investigation of IT security alerts and incidents.
  • Security Operations: Operational IT security, including the monitoring and maintenance of security tools, such as Security Incident & Event Management (SIEM), anti-virus and vulnerability management platforms.
  • Risk Assessment: Assist with IT security gap and risks assessments including PCI DSS, ISO 27001 and Cyber Security Essentials.
  • Vulnerability Identification: Identification and risk assessment of newly identified vulnerabilities.
  • Best Practice: Ensure that Information Security best practice is considered throughout and that any issues or concerns are escalated in line with Group procedures.
  • Change Review: Reviewing changes to determine the IT security impact.
  • Audit Support: Support internal and external audits.
  • Documentation Reporting: Production of relevant documentation and reporting.
  • Issue Escalation: Timely escalation of issues to Cyber Team Leader and Group Head of Technology.

3. Cyber Security Analyst Responsibilities

  • Certification Management: Plan, execute, and implement Certification and Accreditation (C&A) activities for Aviation Mission Planning System (AMPS) using the Risk Management Framework (RMF).
  • POA&M Management: Manage and update POA&M in eMASS for multiple accredited operating systems.
  • Deficiency Assessment: Assess system deficiencies and severities and recommend corrective actions to address identified vulnerabilities.
  • Port Registration: Register Ports and protocols in the Ports and Protocols System Management (PPSM).
  • Vulnerability Analysis: Perform, evaluate, and analyze impacts of vulnerability scans on a monthly basis utilizing Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP) and manual checks from the DISA Security Technical Implementation Guides (STIGs) for multiple baselines.
  • IA Representation: Serve as Information Assurance Representative to the AMPS Defect Review Board.
  • Support Services: Provide information assurance support to AMPS System Service Representatives and external organizations where AMPS resides.
  • FISMA Reviews: Conduct annual Federal Information Security Management Act (FISMA) Information Assurance Security Reviews of the AMPS builds.
  • Configuration Guidance: Must be able to employ configuration guidance based on DISA Security Technical Implementation Guides (STIG).
  • Assessment Support: Provide support for the attainment and sustainment of Assess only activities for independent applications.

4. Cyber Security Analyst Job Summary

  • System Auditing: Audit information systems according to NIST SP 800-37 and 800-53, 800-171, NISPOM and DFARs frameworks
  • Risk Analysis: Perform risk analysis and reporting on DFARs, NIST RMF, and NISPOM compliance
  • Exception Analysis: Perform complex analysis of the risk of security exceptions through the data security plan process
  • Mitigation Development: Recommend and develop mitigations to facilitate continued research despite exceptions from traditional security controls
  • Policy Development: Develop and enforce an information security policy
  • Security Outreach: Conduct staff security outreach and engagement
  • Risk Assessment: Assess the security risks of cutting-edge technology
  • Vulnerability Support: Support vulnerability management operations through documentation and reporting of findings to lab leadership
  • Incident Response: Support incident response and remediation efforts
  • Compliance Assessment: Perform risk assessments in Cyber Security Essentials, PCI DSS & ISO27001
  • Threat Monitoring: Monitor the threats and investigate breaches
  • Strategic Leadership: Play a lead role in the strategic implementation and the design, development, implementation, and monitoring of security policy and controls for the appropriate protection of company assets
  • Project Management: Manage projects with multiple stakeholders and engage with key people at all levels within the organization

5. Cyber Security Analyst Functions

  • Team Participation: Participate in a larger security team and focus on installing, configuring, investigating alerts, anomalies, errors, intrusions, malware, etc. to identify threats, sources, determine remediation, and recommend security improvements or actions
  • Vulnerability Management: Configure and manage vulnerability scanning and patch management as part of proactive risk prevention
  • Analytical Follow-up: Follow precise analytical paths (playbooks) to determine the nature and extent of problems being reported by tools, e-mails, etc.
  • Reporting Compliance: Follow strict guidance on reporting requirements
  • Management Reporting: Keep management informed with precise, unvarnished information about security posture and events – no surprises
  • Workflow Promotion: Promote standards-based workflow
  • Information Sharing: Engage with internal and external parties to get and share information to improve processes and security posture
  • Documentation Production: Produce design documentation
  • Threat Analysis: Lead analysis, investigation of anomalies, and threats
  • Cross-teamwork: Work across business lines, especially with IT, on the integration of products/services and DevOps and the cloud environment
  • Report Creation: Create management-friendly reporting from tools
  • User Support: Work with end-users to investigate threats
  • Tool Integration: Create interfaces with existing tools to extract logs
  • Tool Configuration: Configure tools to meet ongoing requirements for monitoring

6. Cyber Security Analyst Job Description

  • Access Monitoring: Monitor security access, security events and respond to alerts
  • Incident Support: Support security incidents through identification, containment, eradication and recovery
  • Firewall Management: Ongoing monitoring, management and configuration of firewall and security systems
  • Report Creation: Creation and modification of reports, dashboards and alerts
  • Configuration Support: Working with internal customers and managed service providers to address security configuration issues
  • Threat Hunting: Completed threat hunting engagements
  • Security Guidance: Provide security advice and guidance to other teams within the business
  • Workflow Automation: Development of automated workflows to minimise repetitive tasks and improve efficiency
  • Ticket Management: Ticket management for security incidents, requests and changes
  • Alert Investigation: Investigate security alerts and provide incident management support
  • Threat Intelligence: Support the Threat Intelligence pillar by gathering, analysing, evaluating and fusing Threat Intelligence information from a variety of sources, such as dedicated feeds, intelligence networks or from the open internet
  • Hunting Support: Support the Threat Hunting pillar through deep technical investigation and analyzing feeds from the Microsoft Defender ATP tool
  • Feed Onboarding: Conduct technical feed onboarding activities into the CSOC (Cyber Security Operations Centre) SIEM (Security Information and Event Management tool), tuning the feed once complete

7. Cyber Security Analyst Overview

  • Query Response: Respond to ad-hoc queries to the team mailbox
  • Security Advice: Provide professional advice to Vitality business areas on Information Security best practice
  • ISMS Management: Assist in the development, maintenance and improvement of the Information Security Management System (ISMS), so that certification to ISO27001 is maintained
  • Tool Configuration: Mature the configuration of technical Security tools within Vitality
  • Project Contribution: Contribute to Information Security initiatives/projects, including TPAM, RBAC, MSS
  • Penetration Support: Assist in facilitating penetration tests and manage remediation of findings
  • Risk Management: Engagement with project managers to ensure risks are identified and are being addressed through the SDLC
  • Supplier Due-Diligence: Undertake security due diligence on third-party suppliers including site visits
  • System Monitoring: Active monitoring of security systems and tools, respond to alerts from these and escalate
  • Incident Management: Participate in the management of Information Security incidents
  • Continuous Improvement: Contribute to the continuous improvement of Vitality’s Information Security posture
  • Threat Awareness: Maintain up-to-date knowledge of latest threats and trends
  • Training Development: Contribute to the development of information security training and awareness activities
  • Reporting Metrics: Provide accurate reporting metrics

8. Cyber Security Analyst Tasks

  • Event Response: Responding to security events, requests and incidents logged in management systems
  • Risk Monitoring: Ongoing identification and monitoring of security risks
  • Posture Monitoring: Monitoring the security posture of the IT estate and identifying anomalous activity and behaviors by the use of Security Information and Event Management (SIEM) tools
  • Log Analysis: Performing analysis of log files, systems, and network traffic
  • Threat Hunting: Hunting for suspicious activity based or anomalous activity and escalating
  • Incident Documentation: Documenting and maintaining incident response actions
  • SIEM Innovation: Innovating in the areas of SIEM and SOC
  • Initial Response: Monitoring and initial response to potentially-malicious or anomalous activity based on event data from a wide range of IT systems components, including SIEM, IDS/IPS, Firewalls, WAF, Web Access Security and DLP systems, and other sources
  • Issue Triage: Performing triage of incoming issues and escalation to, and liaison with, other operational areas as part of security incident identification and response
  • Vulnerability Scanning: Performing regular vulnerability scanning over internal and external infrastructure
  • Vulnerability Mitigation: Working with other teams to identify, resolve, and mitigate vulnerabilities in systems
  • Metrics Reporting: Produce and review daily, weekly and monthly metrics for security events
  • Reverse Engineering: Perform vulnerability scanning and reverse engineering
  • Trend Awareness: Stay up-to-date with trends in the information security community including new vulnerabilities, methodologies, and products

9. Cyber Security Analyst Roles

  • Shift Supervision: Ensuring all monitoring functions are covered for the full shift period
  • Reporting Compliance: Ensuring all reporting requirements are met
  • Task Completion: Ensuring all checks are completed
  • Analyst Supervision: Ensuring all Tier One analysts are supervised
  • Staffing Management: Ensuring manpower levels are kept at least at the minimum manning level
  • TAC Responsibility: Responsible for the TAC 24/7/365 function for the length of the shift
  • Handover Management: Conduct and document formal handover and takeover of shift
  • Liaison Coordination: Liaise with Tier 3 Analysts for daily continuity briefs
  • Issue Liaison: Liaise with Tier 3 Analyst for any new or ongoing service status issues
  • Service Monitoring: Monitor and maintain service status for CTAC

10. Cyber Security Analyst Additional Details

  • System Administration: Administer cybersecurity-related systems and global infrastructure
  • Log Supervision: Be the primary supervisor of all relevant system event logs to detect and respond to possible vulnerabilities, cyber-attacks/intrusions, anomalous activities, and internal misuse
  • Procedure Compliance: Ensure adherence to IT procedures to maintain a well-configured global cybersecurity program
  • Incident Exercises: Lead periodic tabletop incident response exercises and perform periodic data backup and disaster recovery procedure tests
  • Vulnerability Scanning: Conduct regular vulnerability scans, analyze the results, and suggest remediations
  • Remediation Oversight: Oversee all vulnerability remediation tasks required to ensure that known vulnerabilities are promptly addressed, and the root cause of new vulnerabilities is permanently corrected
  • Awareness Training: Help keep BOA employees educated and aware of threats by using real-world cyber events or risks as teaching opportunities, performing occasional employee awareness testing (e.g. internal phishing tests) and leading periodic cybersecurity awareness training sessions
  • Audit Collaboration: Work with external auditors to develop independent, objective measures of BOA's cybersecurity risk and regulatory compliance
  • Project Support: Work with Global IT team members to identify opportunities, determine project requirements, and serve as a subject matter expert for IT security enhancement projects
  • Professional Development: Seek professional education opportunities to remain well-informed of the evolving cybersecurity landscape and advise leadership on strategies for ensuring continued robust cybersecurity
  • Operations Assistance: Assist the IT Operations team in general operations tasks to support the team’s goals and strategy

11. Cyber Security Analyst Essential Functions

  • Issue Identification: Identify security-related issues, and ensure that they are acted upon by configuring and establishing monitoring, correlation and alerting solutions.
  • Event Correlation: Correlate all reported events from multiple systems and network areas where a potential security incident is identified.
  • Incident Response: Ensure the situation is handled promptly and effectively through a security incident response.
  • SIEM Configuration: Carry out proper configuration of security solutions applied in protecting company assets, such that the implemented SIEM solution reports all pertinent events.
  • SIEM Maintenance: Conduct configuration and maintenance of the implemented SIEM solution to enable it to effectively identify and raise alerts for potential security events, and simultaneously reduce false positives.
  • Investigation Support: Participate in the investigations carried out by the Information Security team.
  • DLP Maintenance: Help maintain a DLP solution to effectively give notice of violations to affected parties, and to reduce incidences of false positives.
  • Dashboard Production: Produce and maintain dashboards for monitoring security information for the management and Information Security team, to be able to provide different degrees of visibility both in real-time and over extended periods of the security events within the environment.
  • Solution Monitoring: Ensure that all solutions set up for security and monitoring can effectively monitor and report security events happening within the environment by assigning security solution agents to devices and systems.
  • Solution Review: Participate in the process of selecting and reviewing information security solutions.
  • Reporting Assistance: Assist in compiling and producing reports on monthly issues and trends to enhance the functioning of Enterprise Security and Support management.
  • Risk Recommendation: Make recommendations for changes to the environment to help remove vulnerabilities and reduce the risk of exploitation that leads to potential incidents.
  • Process Management: Participate in ensuring that team processes and documentation are effectively implemented and maintained.

12. Cyber Security Analyst Role Purpose

  • Regulatory Knowledge: Developing a deep understanding of clients' regulatory obligations for cybersecurity and the requirements of standards such as ISO27001, GDPR and Cyber Essentials Plus.
  • Leadership Support: Opportunity to work closely with the Head of Cyber Security.
  • Reporting Analysis: Producing regular reporting to demonstrate the effectiveness of technical security controls and identify gaps and recommendations.
  • Supplier Due Diligence: Working closely with Procurement and PG&R teams on supplier due diligence activity.
  • Audit Support: Acting as a point of contact in the support of cyber-related audits and certifications.
  • Vendor Management: Managing 3rd party security (supplier) relationships and assisting in the development of existing relationships and the competitive selection of new suppliers.
  • Security Training: Assisting with ongoing colleague education related to cyber security, helping with phishing simulations, awareness campaigns and ad-hoc queries that come into the team.
  • Incident Support: Supporting incident investigations.
  • Strategy Development: Helping to develop strategies for cyber security technology, in step with the IT Strategy and other business planning activity.
  • Process Improvement: Collaborate in designing and implementing improvements to the ticketing solution to simplify the process of monitoring and raising alerts, and streamline incident management tasks.
  • Continuous Improvement: Recommend and execute ideas to improve processes based on lessons learnt over time in performing assigned duties.
  • Escalation Point: Be the escalation point for all potential security incidents.
  • General Duties: Carry out other enterprise security and support duties that may be assigned by management.
  • Trend Awareness: Stay up-to-date on information technology trends and security standards.

13. Cyber Security Analyst General Responsibilities

  • Vulnerability Review: Review vulnerability reports, monitor the status of patching and remediation activities and deliver regular reports.
  • Dashboard Reporting: Review security dashboards in cloud infrastructure and deliver related security reports on a regular basis.
  • Incident Analysis: Contribute to incident impact assessments, root cause analysis, incident remediation planning, and threat research intelligence.
  • DLP Monitoring: Monitor DLP systems and monitor security elements of the DevOps environment.
  • Ticket Analysis: Analyze service request tickets in the ServiceNow ticketing system.
  • Environment Monitoring: Monitor the ICT environment using security toolsets.
  • Event Investigation: Investigate cybersecurity events.
  • Threat Hunting: Develop and execute threat hunting plans from threat intelligence.
  • Incident Response: Assist with cyber security incident response and recovery.
  • Communication Management: Communicate with employees, service providers and vendors about cyber security events and secure work practices.
  • Documentation Management: Timely and accurate documentation of work performed, using the systems, processes and/or methods specified including system documentation, Incident/Request/Problem ticket updates, Asset and Configuration records and time reporting.
  • Service Improvement: Actively participate in service improvement activities.

14. Cyber Security Analyst Roles and Details

  • Risk Management: Performs cybersecurity and cyber risk work, working closely with the Cyber Security Operations Center (CSOC) and other groups focused on the monitoring, analysis, and investigation of cybersecurity threats and events, both internal and external, that could potentially impact the security posture of the organization.
  • Client Facilitation: Facilitates client requests to ensure critical business tasks continue uninterrupted.
  • Risk Assessment: Performs assessments of cybersecurity risk and vulnerabilities, maintains security policies, and helps facilitate cybersecurity awareness throughout the organization.
  • Management Reporting: Provides updates and detailed information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information and systems.
  • Staff Collaboration: Work with other staff to assess the cybersecurity risk on the organization's network systems, applications, and solutions based upon user requests and business needs.
  • Technology Knowledge: Applies a basic understanding of IT technologies and develops an evolving knowledge of mitigation options and risk frameworks to assess the current threat landscape and improve security.
  • Policy Consultation: Consult with subject matter experts and business representatives to provide input on cyber security decisions, the establishment of cyber security policies, and to foster security awareness.
  • Incident Participation: Serve as a participant in the cyber security incident response program.
  • Teamwork Focus: Works in a team environment to mitigate cyber security threats, improve processes and security posture.
  • Threat Research: Conduct cyber threat research into threat actors and campaigns, as well as technological advances to combat unauthorized access.
  • Root Cause: Assist with root cause investigation and proper mitigation of cyber security events.

15. Cyber Security Analyst Responsibilities and Key Tasks

  • Cybersecurity Implementation: Work with the development and operations team to implement in-vehicle cybersecurity strategies and security features
  • Threat Modeling: Provide threat modeling service for cybersecurity-relevant vehicle features and modules
  • Security Reviews: Coordinate and conduct cybersecurity reviews, including penetration testing, fuzz testing, static code analysis, etc., by best practice and customer requirements
  • Vulnerability Identification: Find security vulnerabilities by generating various attack scenarios for target systems
  • Countermeasure Development: Development of countermeasures for identified security vulnerabilities
  • Customer Support: Support customer meetings on security-related feature implementation
  • Specification Writing: Write and interpret specifications for both internal and external stakeholders
  • Incident Response: Responding to Tier 3 cybersecurity incidents raised by the for UK and Investors markets
  • Detection Development: Development of new detection content for EDR, SIEM and other platforms from open source research
  • Threat Hunting: Hunting for malicious and anomalous activity across multiple platforms and toolsets
  • Exercise Participation: Responding to and participating in red-team and purple-team exercises
  • Project Involvement: Involvement in ongoing cyber projects
Relevant Information
What Does A Cyber Security Specialist Do?
What Does A Cyber Security Do?