Cyber security engineer vs analyst: What's the difference?

Somebody with glasses thinking while looking at a screen in a dark room
(Image credit: Getty Images)

There’s never been a better time to carve out a good career in cyber security. The dangers and threats to an organisation’s infrastructure are increasing all the time, with both cyber security analysts and engineers standing on the front line.

These professionals are battling all manner of threats – from ransomware to distributed denial of service (DDoS) attacks – with cyber criminals turning the screw on businesses. While there may be a wealth of learning and training opportunities available, in the form of university degrees, certifications and online cyber security courses, there are several paths one can traverse.

Although there are similarities between cyber security engineers and cyber security analysts, for instance, they are two distinct career pathways. Those embarking on either route should make sure they’re best suited to that particular career, given their slightly different requirements, expectations and future cyber security career prospects.

What does a cyber security engineer do?

A cyber security engineer is responsible for creating and deploying highly secure networks that protect an organisation from potential cyber security breaches. Such professionals will most likely be found in larger organisations, and businesses that often have to deal with highly sensitive data.

The duties of a cyber security engineer include carrying out assessments and penetration testing while identifying system and network vulnerabilities. This comes alongside developing and deploying security measures to protect systems, networks and data. They must also be able to troubleshoot and detect unlawful access, as well as offer solutions regarding an organisation’s infrastructure.

An engineer must also ensure that suitable security controls are reliably in place to protect their organisation’s data and infrastructure.

What does a cyber security analyst do?

A cyber security analyst helps to protect an organisation from cyber attacks and unauthorised access. To do this, analysts must predict and defend against cyber threats, and respond to security breaches as and when they happen.

The duties of a cyber security analyst include monitoring network traffic for security incidents and events, investigating incidents, and responding to events as they happen. They must compile comprehensive incident response reports, deploy and run firewalls, manage encryption programmes, optimise other security software and patch vulnerabilities.

They may also develop and support best practice for information security, perform threat research, and conduct recurring risk assessments and penetration tests.

What skills do cyber security engineers and cyber security analysts need?


2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms


A cyber security engineer should have at least a bachelor’s degree in computer science or another related field of study. They should also have a comprehension of cyber security methodologies and practices.

Professionals in this field must also have the aptitude to assess system changes for security implications, and the awareness to make recommendations to enhance the security posture of an organisation. They should also have an understanding for emerging trends and hacking techniques in the wider realm of cyber security.

Among the technical skills a cyber security engineer should have is expertise in Java, Python, .NET, C++, bash, and PowerShell as well as knowledge of the TCP/IP stack, and the Open Systems Interconnection (OSI) model. This is the conceptual model that standardises connections between computers.

Like cyber security engineers, it’s recommended that a cyber security analyst has a bachelor’s degree in an IT or a tech-related field. While there is on-the-job training, analysts should, as a prerequisite, be very familiar with the core IT platforms that a prospective employer is using, what their weaknesses are and how best to overcome them. They should also know how systems within an organisation influence the overall security posture.

Cyber security analysts should also have skills in languages such as JavaScript, Shell, Python, C++, and more programming languages, to give them an understanding of written code, enabling them to find threats and deal with them in any form. An emerging form of ransomware, for instance, are those written in Rust, with analysts required to keep on top of developments like this.

Cyber security analysts should be able to think like a hacker when it comes to gaining access to infrastructure, so any qualifications in ethical hacking can help to diversify their knowledge and comprehend threats to defend systems proficiently.

The soft skills a cyber security analyst should also have include good written and verbal communication skills. They should be able to lead and follow in teams, and work with other departments to deploy security solutions across the wider business.

What are the differences and similarities between cyber security engineers and analysts?

Both cyber security engineers and analysts are responsible for preventing data breaches and securing infrastructure and systems, so it may seem there’s a fine line between the two roles. The essential difference between the two, though, is that while security engineers design and deploy security architecture, security analysts oversee the network and other operations to detect and thwart breaches.

Another key difference between the two is that while a cyber security engineer prepares infrastructure to be defended against in an attack, a cyber security analyst is looking for weaknesses in that defensive posture in order to make it less vulnerable.


A strategic guide for controlling and securing your data

Forrester's data security control framework


There are several key similarities between the two as well. Both engineers and analysts contribute in all facets of a company’s data security planning and operations. They must also both stay abreast of the latest trends in information and network security to stay one step ahead of hackers. Analysts, too, need to keep up with developments as their responsibilities include advocating security improvements to management and senior IT staff.

They also both need good analytical skills, attention to detail, problem-solving abilities, and original thinking. Both roles also need capabilities in documenting, shaping, and communicating an organisation’s security policies.

How do training and learning pathways, as well as career prospects, differ?

For cyber security analysts, training can often take place while on the job. There are several industry-related qualifications that analysts can take, such as the Systems Security Certified Practitioner (SSCP), the Certified Professional (CCP) scheme, or Certified Information System Security Professional (CISSP). Those wanting to move onto leadership, management and supervisory roles can undertake a qualification such as the Certified Information Security Manager (CISM) certification.

For cyber security engineers, meanwhile, although the job requires some years of working in cyber security, there are several qualifications and certifications they can take to improve their career prospects. These can be qualifications such as Certified Network Defender Certification, ISACA’s Certified Information Security Manager (CISM) certification, and Certified Information Systems Auditor (CISA) certification.

Starting salaries for cyber security analysts typically range from £25,000 to £35,000 per year, while more experienced and senior cyber security analysts can expect to earn anything up to £60,000. The average starting salary of a cyber security engineer, meanwhile, is £43,000, according to Technojobs. This rises to £68,750 for a mid-level position and £85,500 for an engineer at a high level.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.