If you’re currently working in cybersecurity and looking to get ahead, you may already know about CompTIA Cybersecurity Analyst (CySA+). CompTIA CySA+ is the only intermediate, high-stakes cybersecurity analyst certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats through continuous security monitoring. What you may not know, however, is which cybersecurity jobs you can get once you become CompTIA CySA+ certified.
Let’s take a closer look at how IT professionals who have CompTIA CySA+ are qualified for the following cybersecurity jobs:
- Cybersecurity analyst
- Cybersecurity engineer
- Threat intelligence analyst
- Threat hunter
- Application security analyst
Before we dig deep into these job roles, let’s take a high-level view of how CompTIA CySA+ prepares IT pros for these positions. Right off the bat, it’s important to note that CompTIA exams are developed through an intensive process that includes workshops where IT pros come together and discuss what knowledge, skills and abilities are required to perform certain job roles. So, you can be sure the topics covered by CompTIA CySA+ match the knowledge, skills and abilities cybersecurity pros need today.
For example, to be successful in any of the above listed cybersecurity jobs, an individual should be able to do the following:
- Leverage intelligence and threat detection techniques
- Analyze and interpret data
- Identify and address vulnerabilities
- Suggest preventative measures
- Effectively respond to and recover from incidents
It’s no coincidence that these skills are exactly what CompTIA CySA+ covers. (Check out the exam objectives for yourself – they’re free!) Companies are looking to hire qualified IT pros that can confidently handle these tasks to bring new techniques for combating threats inside and outside of the security operations center (SOC) – and the median salaries for these position back that up.
5 Jobs You Could Get with CompTIA Cybersecurity Analyst (CySA+)
If you have CompTIA CySA+, you may be interested in one of the following in-demand, cybersecurity jobs.
1. Cybersecurity Analyst
If you like to identify threats, attacks and vulnerabilities in your network and stop cybercriminals in their tracks, then cybersecurity analyst may be the job for you.
A cybersecurity analyst detects cyberthreats and performs incident response to protect an organization in the following ways:
- Manage and configure tools to monitor activity on the network
- Analyze reports from those tools to identify unusual behavior on the network
- Proactively identify network vulnerabilities through penetration testing, vulnerability scans and vulnerability assessment reports
- Plan and recommend changes to increase the security of the network
- Apply security patches to protect the network
CompTIA CySA+ can train you to do these exact things – and your certification shows potential employers that you can step up to the plate.
For example, under the domain of Threat and Vulnerability Management on the CompTIA CySA+ exam objectives, you’ll need to know how to implement controls to mitigate attacks and software vulnerabilities in a given scenario (1.7).
Security vulnerabilities helped lead to an overall 68% increase in threats, attacks and vulnerabilities in 2020 alone. One of many reasons is the increase in cloud-based software development. This growth has led to an overall increase in software production. The end result is a larger number of software vulnerabilities across the internet.
Security analysts must be aware and knowledgeable in a slew of software vulnerabilities, such as the following:
- Improper error handling
- Insecure object reference
- Race condition
There are a few options for cybersecurity analysts depending on where you land. Smaller businesses may ask you to manage information security analysis tasks and intrusion detection, while larger companies may deploy a security operations center (SOC) and divide those responsibilities amongst a team. A global organization may ask you to specialize in a SOC on a team that centralizes cybersecurity efforts.
It’s no surprise that the demand for cybersecurity analysts is huge. In the next eight years, CompTIA projects an increased demand of 32% for cybersecurity analysts. And, you’ll be rewarded for your knowledge. According to CyberSeek, cybersecurity analysts earn an average salary of $96,000.
2. Cybersecurity Engineer
Cybersecurity engineers work to build and maintain a system that’s safe against cyberattacks. They focus on fixing and protecting these systems and stay up to date on new technology so they can keep their system secure by doing the following things:
- Create new solutions to solve existing security issues
- Enhance security capabilities by evaluating new technologies and processes
- Define, implement and maintain corporate security policies
- Configure and install firewalls and intrusion detection systems
- Respond to information security issues
- Supervise changes in software, hardware, facilities, telecommunications and user needs
- Recommend modifications in legal, technical and regulatory areas that affect IT security
CompTIA CySA+ can train you to think like an engineer and carry out these responsibilities in order to build an emergency plan to get things up and running quickly following a disaster.
For example, in the Software and Systems Security domain of the CompTIA CySA+ exam objectives, you’ll need to apply security solutions for infrastructure management in a given scenario (2.1).
This means you will learn how to implement cybersecurity solutions for both cloud and on-premise systems, understand asset and risk management, and be able to analyze and build cybersecurity operations within an enterprise network, among many other skills.
The huge responsibility cybersecurity engineers carry often puts them at the top of the food chain in cybersecurity teams – making a graduate degree an almost standard pre-requisite. But if you have the training and the experience, companies are willing to pay for your expertise. According to CyberSeek, the average salary for a cybersecurity engineer is $99,000 per year.
3. Threat Intelligence Analyst
A threat intelligence analyst detects cyber threats and malware and analyzes the level of threat to inform cybersecurity business decisions. They know what risks are of most concern, what assets need to be protected and how to focus efforts.
The role of a threat intelligence analyst is generally threefold:
- Technical research
- Intelligence research
- Communicating the findings to the proper people
This can be done via an in-house, full-time position or outsourced as a consultant.
On a daily basis, this is what a threat intelligence analyst does:
- Predict trends in cybercrime based on current activity
- Describe threats in layman’s terms to stakeholders and executives
- Analyze emails, blog posts and social media presences to determine what level threat something or someone poses
- Conduct digital forensics
CompTIA CySA+ can train you to identify and understand emerging threats – and your certification validates this knowledge.
For example, in the Security Operations and Monitoring domain of the CompTIA CySA+ exam objectives, you’ll need to analyze data as part of security monitoring activities (3.1). This research includes heuristics, trend analysis, endpoint and network data, log review and query writing – just to name a few on a very long list.
As cyberthreats become more complex and their potential for damage increases, the demand for this type of position has grown.
If you can make sense out of data, companies will compensate you nicely. The median advertised salary for a threat intelligence analyst is $98,000 according to Burning Glass Technologies Labor Insights Jobs. What’s more, this position is in demand. The U.S. Bureau of Labor Statistics projects that employment in information security will grow 31 by 2029 – much faster than the average for all occupations.
4. Threat Hunter
A threat hunter is exactly what it sounds like. These IT pros proactively find cybersecurity threats outside of the security operations center (SOC) and help mitigate them before they compromise an organization – and it’s not an easy task. Predicting the next cyberattack is difficult because advanced threats have no defined indicators.
That’s why threat hunters have the following responsibilities:
- Search for cyberthreats and risks hiding inside the data before attacks occur
- Gather as much information on threat behavior, goals and methods as possible
- Organize and analyze the collected data to determine trends in the security environment of the organization
- Make predictions for the future and eliminate the current vulnerabilities
CompTIA CySA+ can not only train you to think and act like a hunter, but earning this certification shows employers you can defend their organization by applying new techniques to find threats before they find you.
For example, in the Security Operations and Monitoring domain of the CompTIA CySA+ exam objectives, you’ll need to understand the importance of proactive threat hunting (3.3). This includes establishing a hypothesis, profiling threat actors and activities, reducing the attack surface area, bundling critical assets and much more.
To some degree, the threat hunter position is pretty new. Many think of this role as an extension of the cybersecurity analyst job role (see above). The difference is that a threat hunter is tasked specifically with advanced threats that might evade the SOC.
The compensation and job outlook for this position is very similar to that of a cybersecurity analyst – given the parallels in responsibilities. Threat hunters earn a median annual salary of $99,730 according to the U.S. Bureau of Labor Statistics, and job growth is imminent.
5. Application Security Analyst
An application security analyst (or a systems security analyst) is responsible for examining security systems and web applications by scanning them against known vulnerabilities and attacks.
These IT pros actively identify and fix vulnerabilities in the following ways:
- Integrate security tools, standards and processes into the product lifecycle
- Improve and support application security tool deployments
- Maintain and improve secure development standards
- Manage penetration testing services
- Manage application framework and perimeter security projects
CompTIA CySA+ can train you to leverage your skills and knowledge in web application security and show employers you have the skills to protect enterprise data.
For example, in the Software Systems and Security domain of the CompTIA CySA+ exam objectives, you’ll need to be able to explain software assurance best practices (2.2). This includes platforms like mobile and web apps as well as (but not limited to) DevSecOps, secure coding best practices and software assessment methods.
IT pros looking to become an application security analyst should be competent in threat detection, analysis and protection and have some basic knowledge in web development, HTML, HTTP and application security. According to the U.S. Bureau of Labor Statistics, application security analysts make a median annual salary of $99,730.
As attackers have learned to evade traditional signature-based solutions, such as firewalls and antivirus software, an analytics-based approach within the IT security industry is increasingly important for organizations. CompTIA CySA+ addresses this need and validates an IT pro’s ability to proactively defend and continuously improve the security posture of an organization.
Looking to get ahead? Download the CompTIA CySA+ exam objectives and plot your pathway to cybersecurity success.