{"schemaVersion":"1.0","exportedAt":"2026-05-15T12:51:30.226Z","occupation":{"soc":"15-1212.00","title":"Information Security Analysts","group":"Computer & Mathematical","sector":"54","jobZone":4,"jobZoneInferred":false},"framework":{"version":null,"description":"Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.","contextCovered":"Enterprise security operations, application security, GRC, threat intel, incident response, and security engineering across financial services, healthcare, tech, and government.","levels":{"emerging":{"label":"Emerging","statements":["SIEM alert triage (Splunk, Sentinel, Chronicle) — investigate per runbook under a senior analyst's review.","Phishing analysis and email-threat investigations — work the queue on a tier-1 rotation.","Vulnerability-scan output (Nessus, Qualys, Wiz) — interpret and prioritize routine findings.","Standard runbooks for common alerts — execute correctly and document outcomes.","Tickets and case-tracking in the ITSM platform — log accurately for downstream investigation.","Endpoint-detection tools (CrowdStrike, SentinelOne) — interpret detections on a standard threat profile.","Common attack frameworks (MITRE ATT&CK) — recognize techniques in alerts at the tactic level.","Authentication and identity basics (SSO, MFA, SAML, OIDC) — explain and apply correctly.","Network-traffic analysis basics (firewall logs, DNS, NetFlow) — read and pattern-match on routine sessions.","Compliance frameworks (SOC 2, ISO 27001 high-level) — recognize control families in audit prep."]},"developing":{"label":"Developing","statements":["Multi-source alert investigations — correlate across SIEM, EDR, identity, and network with reduced oversight.","Routine incident response — execute tier-2 containment and eradication on familiar threat types.","Vulnerability prioritization — assess CVSS, exploitability, and asset context to drive patching decisions.","Threat-intel ingestion and operationalization — turn IOCs and TTPs into detection rules.","Cloud-security configuration (AWS, Azure, GCP IAM and network controls) — review and remediate in routine cases.","Detection engineering (basic SIEM queries, custom rules) — write and tune for the SOC's standard threats.","Junior analysts on alert triage — coach during their first 90 days.","On-call shifts in the SOC rotation — handle independently with senior backstop.","Compliance audit evidence collection — produce for SOC 2 / ISO 27001 cycles without manager involvement.","Tabletop exercises — participate substantively in SOC and broader-IR drills."]},"proficient":{"label":"Proficient","statements":["Complex incident response — lead investigation, containment, eradication, and recovery on owned incidents.","Adversary-simulation findings (red-team, pentest) — translate into detection and prevention improvements.","Security-tool selection and deployment — own a category (EDR, SIEM, CSPM) end-to-end.","Risk assessments and threat models for new systems — produce credibly with engineering teams.","Detection engineering at scale — design and tune across a comprehensive rule set.","On-call leadership — manage the SOC rotation, training, and escalation across a quarter.","Mentorship across the analyst team — provide on technique, tools, and career development.","Cross-functional partnerships (engineering, legal, privacy) — collaborate substantively on security initiatives.","Compliance and audit findings — represent the security team in audit closure discussions.","Security-awareness program contributions — design content and measure effectiveness."]},"advanced":{"label":"Advanced","statements":["Security strategy and roadmap — set, communicate, and execute across the organization.","Major incident response — lead through containment, executive comms, and regulator notification on a real breach.","Security architecture at organization scale — design, evolve, and defend across the enterprise.","Security-team hiring, leveling, and development — shape across the org over multi-year horizons.","Vendor and tooling strategy — set the framework and trade-offs at scale.","Board and executive reporting on security posture — represent credibly across regulatory and stakeholder contexts.","Industry presence (BSides, BlackHat, ISACs) — engage at expert level across a specialty.","Threat-intelligence program — own at organization or sector level.","Crisis leadership (regulator inquiry, public breach, ransomware) — lead the organization through with composure.","Security culture and practices — shape through standards, rituals, and partnerships across the enterprise."]}}},"sources":{"onet":"v30.2 (CC BY 4.0)","crosswalk":"https://skillscrosswalk.com","generator":"LER.me"},"attribution":"© EBSCOed"}