Since the pandemic, enterprises of all sizes have increasingly relied on cloud-based services and software to help run and support their organization's infrastructure, especially as employees remain on their hybrid schedules. At the end of 2023, analyst firm Gartner published a report finding that spending on public cloud services alone will reach $679 billion by the end of this year.
This growing reliance on cloud infrastructure, services and software also means that organizations must address numerous vulnerabilities that threaten data and leave networks open to attack. An IBM Security X-Force study found that 35 percent of the cloud security incidents its teams responded to in one year’s time were traced back to compromised user credentials.
The need to support cloud infrastructures while keeping data and networks secure from cyber threats has increased the need for cloud security analyst positions. While this career offers a solid salary and benefits, there is room for advancement for tech professionals interested in starting or growing their security careers.
“Cloud environments present attractive targets due to the concentration of sensitive data and critical services, and cloud security analysts are tasked with critical responsibilities and challenges when it comes to safeguarding an organization’s systems from threats,” said Patrick Tiquet, vice president for security and architecture at Keeper Security.
For tech professionals looking to move up into a mid- to senior-level position and younger workers thinking about where their career might lead, a cloud security analyst job offers multiple opportunities. Those interested, however, need the right combination of tech and security skills to compete, according to several cyber experts and industry insiders.
Here’s a look at the outlines of the cloud security analyst position, what skills and certifications are needed to compete for these jobs and what tech pros need to know about advancing their security careers.
Cloud Security Analyst: What Is the Job?
As with other cybersecurity positions, there is no set definition of what a cloud security analyst is, but industry observers, job postings and training materials offer an outline of what many organizations are looking for when interviewing tech pros for these jobs.
In many cases, cloud security analysts are responsible for:
Ensuring the integrity and security of an organization’s entire cloud infrastructure, including SaaS applications – this includes assessing threats and developing defenses that can stop or mitigate cyber issues such as attacks and data breaches.
Assisting in creating and designing cloud security architectures.
Developing best practices and reviewing security measures related to an organization’s cloud infrastructure.
Evaluating third-party vendors and providers to ensure their platforms and services meet enterprise standards.
With increasing government regulation and compliance standards, Tiquet noted that cloud security analysts also need to understand changes to the law – especially at the federal level – which can have wide-ranging consequences for the entire organization.
“This [part of the job] can include compliance with evolving data privacy regulations, managing identity and access permissions across devices, implementing robust encryption processes and establishing effective security monitoring and incident response procedures,” Tiquet told Dice.
While the cloud security analyst is a multifaceted position, Tiquet added that managing various third-party vendors and understanding the nuances of service-level agreements (SLAs) is becoming increasingly important. This aspect of the job requires not only tech know-how but business savvy as well.
“Many organizations rely on third-party cloud service providers to host their infrastructure and applications – adding layers of complexity to the defense strategy. Ensuring organizations select the correct vendors – via multiple facets including cost, functionality, usability, compatibility and security – has become increasingly important,” Tiquet said. “Analysts must conduct thorough assessments of vendor security controls, negotiate robust service-level agreements and implement monitoring mechanisms to ensure compliance with security standards and mitigate the risks associated with third-party cloud providers.”
Salaries and Opportunities for Cloud Security Analysts
A cloud security analyst is considered a mid- or senior-level position and the compensation is in line with similar jobs within the cybersecurity industry.
The total pay range for a cloud security analyst ranges from $91,000 to $152,000 annually in the U.S. with the average pay of base salary and additional compensation estimated at $117,000, according to Glassdoor.
Since cloud infrastructure, software and services are used throughout almost every sector, tech professionals can search across a wide range of industries for open positions if they have the skills to match. Experts note that financial services, government and healthcare are likely to have a greater need for these positions especially since they face stricter government regulations regarding how data is stored and secured.
“Virtually all sectors require skilled professionals due to the widespread adoption of cloud technology,” Claude Mandy, chief Evangelist for data security at Symmetry Systems, told Dice. “While finance, healthcare and government may have stricter security and compliance needs, particularly around data, and budgets commensurate with those needs, the adoption of cloud is pervasive across the board, and the need for securing it essential.”
Education and Certifications for Cloud Security Analysts
Most job listings for cloud security analysts require that candidates have at least a four-year bachelor's degree or relevant experience that equals a college degree. (The Biden administration is encouraging more businesses to hire cyber talent, especially those without degrees.)
Several industry insiders also noted that candidates can distinguish themselves and boost their resumes by specializing in one of the major IaaS offerings. These include:
Amazon Web Service (AWS)
Google Cloud Platform (GCP)
For those who want to demonstrate their cloud knowledge but remain vendor and platform agnostic, several experts recommend certifications and training offered by the Cloud Security Alliance, especially the Certificate of Cloud Security Knowledge (CCSK).
As with other cybersecurity positions, broad knowledge in other technology topics, as well as written skills and communication, are essential, experts noted.
“Broad skill sets in IT and security, such as networking, applications, services operating systems, etc, plus a willingness to learn curiosity and communication skills” can all help in developing a career, Omri Weinberg, co-founder and chief revenue officer at security firm DoControl, told Dice.
Since the cloud touches nearly every aspect of an enterprise, a cloud security analyst needs to have a broad knowledge of various technologies and how they operate, which can help detect an attack, a breach or another problem that can cause company-wide disruption.
“[Cloud security analysts] need a wide-ranging series of specialties: Understanding of applications and application deployment models, understanding of application vulnerabilities and DevSecOps, understanding of the relevant cloud platforms' various services and how the use of each has different security implications based on which service, how it's used, where it's used, what it's used for, etc.,” Weinberg added.
DevOps and Cloud Security Analysts
Several cybersecurity experts noted that with the increasing emphasis on securing the cloud, creating applications with secure code and adhering to DevSecOps best practices mean that cloud security analysts need to understand the DevOps process.
In turn, cloud use within the DevOps process creates cyber issues and challenges that cloud security analysts need to understand and solve.
“Increasingly, developers are leveraging more and more services from cloud providers. However, what makes it more challenging is that these services need to be well understood from a security risk and monitoring perspective,” Weinberg added. “Even a same function service may operate very differently from one cloud platform to another.”
Keeper Security’s Tiquet noted that as cloud and DevOps become more critical to enterprises, cloud security analysts will have a larger role in developing secure apps while ensuring constant iteration.
“Cloud security analysts also must integrate security seamlessly into DevOps processes. DevOps practices generally prioritize rapid and continuous delivery of software, often at the expense of security,” Tiquet said. “By incorporating security through embedded security controls and practices throughout the software development lifecycle, cloud security analysts can ensure that security measures are implemented consistently, without impeding the speed of development operations.”