Back to all careers

🛡️

Security · Mid level

Cybersecurity Analyst

Protect organizations from cyber threats. Monitor networks, respond to incidents, and implement security frameworks.

Salary

$100,000

$70,000 to $145,000

Demand

Very High

Time to entry

4 to 6 months

Difficulty

Mid

A Day in the Life

What a typical day looks like

Cybersecurity is more reactive than people expect. My day starts with checking overnight alerts from our SIEM (Microsoft Sentinel in our case). Most are false positives — automated rules flagging benign events. I triage them, mark them as handled, and look for the 2-3 that are genuine. Mornings are usually spent on these investigations: tracing a suspicious login, figuring out if a user clicked a phishing link, or working out whether a flagged process is malware or just a noisy update. After lunch I switch to proactive work: writing new detection rules, helping engineering harden a service, running a tabletop exercise with the team. Once a month I'm on incident response on-call. When that happens, I'm glued to my phone. The rest of the time, I'm fairly normal hours — security teams burn out fast otherwise.

Hour-by-hour

8:30

Coffee. Triage overnight alerts in Sentinel. 47 alerts, most are routine.

9:00

Investigate one suspicious login from Nigeria for a user based in Manchester. Check VPN, travel patterns. Confirm legit (work trip).

9:45

Standup. Mention the false positive pattern and propose tuning the rule.

10:00

Deep work: write a new detection rule for unusual outbound DNS queries. Test it against historical data.

11:30

Phishing report from an employee. Investigate the email. Confirm malicious. Block sender, scan inboxes for similar.

12:30

Lunch. Read about a new CVE affecting Apache. Check if we use the affected version.

13:30

Security review of a new microservice. Pair with the engineering team on threat modelling.

15:00

Update our access review report. Find 3 ex-employees still in Active Directory. Escalate to HR/IT.

16:00

Tabletop exercise with the team: 'What if our CFO's email gets hijacked?' Walk through detection and response.

17:30

Wrap up. Document today's investigations in the case log. Done.

Skills you need

Required

NetworkingSecurity ConceptsSIEM ToolsIncident ResponseVulnerability Assessment

Nice to have

Cloud SecurityPythonForensicsPenetration Testing

Portfolio Projects

Build these to stand out

Hands-on projects beat any CV bullet point. Pick one and finish it.

Intermediate 2 to 3 weekends

Home Security Lab with Wazuh + Suricata

Set up an open-source SIEM and IDS in your home lab using a Raspberry Pi or old laptop. Generate logs, write detection rules, document attacks (using a deliberately vulnerable VM like Metasploitable). Publish on GitHub.

Tech: Wazuh, Suricata, Linux, Docker, Metasploitable

Why it helps

Shows you can run security tooling end-to-end. Most candidates only have theoretical knowledge.

Beginner Several weeks part-time

Capture the Flag Write-ups

Complete 10 CTFs on TryHackMe or HackTheBox. Write a clear, public write-up for each (after the official solution is allowed). Show your reasoning, not just the steps.

Tech: Linux, Burp Suite, Metasploit, nmap, Python

Why it helps

Demonstrates hands-on skills and the ability to communicate clearly. Recruiters love write-ups.

Advanced 1 to 2 weekends

Threat Hunting Report

Take a public threat intelligence report (e.g. from Mandiant, CrowdStrike). Build detection rules in Sigma format for the techniques described. Publish on GitHub with explanations.

Tech: Sigma rules, YAML, MITRE ATT&CK framework

Why it helps

Senior-level project. Few candidates do this. Stands out hugely.

Recommended certifications

Microsoft Security, Compliance & Identity Fundamentals

Microsoft Azure Fundamentals

Your next steps

Check your skills gap

See what you need to learn

Prep for interviews

Real questions, model answers

Free, auto-saves, print to PDF

Help someone else find this

This is free, no ads. Share with anyone preparing for the test.

WhatsApp Post on X LinkedIn Facebook