ZipRecruiter

Log In

1

Cybersecurity Metrics Analyst Jobs (NOW HIRING)

ASM Research

Cybersecurity Lead

Oak Ridge, TN · On-site

$96K - $130K/yr

... metrics program plan, including data collection, reporting, and oversight. * Direct daily cybersecurity operations for SC GSS domains, including detection, analysis, containment, eradication, and ...

PD Inc

Senior ITIL SME

Fort George G Meade, MD · On-site

$111K - $143K/yr

Provide metrics analysis and insight into Cybersecurity Division resource performance to include people, processes, and technology to improve Cybersecurity Division efficiency and effectiveness goals ...

Samprasoft

BUSINESS ANALYST II

Chicago, IL

$72K - $91K/yr

Cybersecurity & Digital Risk Analyst Work with different areas of Cybersecurity & Digital Risk (CDR) to determine data sources for analytics and metrics system. Drive the identification of ...

Mohegan

Cyber Security Analyst

Uncasville, CT · On-site

The Cybersecurity Analyst supports Mohegan's enterprise cybersecurity operations by executing and ... Track and report on operational performance metrics related to security alert handling, incident ...

Leidos

Cyber Network Defense Analyst

Washington, DC · On-site

$69K - $125K/yr

Capture cybersecurity metrics that support executive-level briefings (daily, weekly, monthly) * Articulate daily challenges to the Government Watch Officer (GWO) * Analyze web and host logs for ...

next page

Showing results 1-20

All JobsCybersecurity Metrics Analyst Jobs

Cybersecurity Metrics Analyst information

See salary details

$43K

$99.4K

$150K

How much do cybersecurity metrics analyst jobs pay per year?

As of Jun 9, 2026, the average yearly pay for cybersecurity metrics analyst in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cybersecurity Metrics Analyst, and why are they important?

To thrive as a Cybersecurity Metrics Analyst, you need a solid foundation in cybersecurity principles, data analysis, and risk management, typically supported by a relevant degree or certifications such as CISSP or CompTIA Security+. Familiarity with security information and event management (SIEM) tools, data visualization platforms like Tableau or Power BI, and metric frameworks is essential. Strong analytical thinking, attention to detail, and effective communication are standout soft skills in this role. These competencies enable analysts to interpret security data accurately, present actionable insights, and support informed decision-making to enhance an organization's security posture.

What is the difference between Cybersecurity Metrics Analyst vs Cybersecurity Analyst?

AspectCybersecurity Metrics AnalystCybersecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentData analysis, metrics reporting, security performance evaluationSecurity monitoring, incident response, threat analysis
Employer & Industry UsageOrganizations focusing on security metrics and performance measurementBroad cybersecurity roles across various industries

The Cybersecurity Metrics Analyst primarily focuses on analyzing security data and developing metrics to evaluate security performance. In contrast, a Cybersecurity Analyst handles broader security tasks like monitoring threats and responding to incidents. Both roles require similar certifications but differ in daily responsibilities and focus areas.

What does a Cybersecurity Metrics Analyst do?

A Cybersecurity Metrics Analyst collects, analyzes, and interprets data related to an organization's cybersecurity posture. They develop and maintain metrics to measure the effectiveness of security controls, identify trends, and report on vulnerabilities or incidents. Their work helps organizations make data-driven decisions to improve their security strategies and reduce risk. By transforming technical data into actionable insights, they play a key role in supporting compliance efforts and ensuring continuous improvement in cybersecurity programs.

How does a Cybersecurity Metrics Analyst typically collaborate with IT and security teams to improve organizational security posture?

A Cybersecurity Metrics Analyst works closely with IT and security teams by collecting, analyzing, and presenting data related to security incidents, vulnerabilities, and compliance metrics. They regularly meet with these teams to discuss findings, highlight trends, and recommend actionable improvements. Collaboration often includes developing dashboards, setting key performance indicators (KPIs), and ensuring that all stakeholders understand the impact of security initiatives. This cross-functional teamwork is essential for aligning data-driven insights with practical security strategies and organizational goals.
Cybersecurity Lead

Cybersecurity Lead

ASM Research

Oak Ridge, TN • On-site

$96K - $130K/yr

Full-time

Posted 19 days ago

ASM Research rating

8.6

Company rating: 8.6 out of 10

Based on 14 frontline employees who took The Breakroom Quiz

25th of 203 rated it services

Job description

The Cybersecurity Lead will serve as the primary technical and managerial authority overseeing all cybersecurity implementation support services. This role ensures the effective planning, execution, and monitoring of IT cybersecurity policy, operations, vulnerability management, and compliance across mission-critical systems. The Lead will coordinate with DOE stakeholders and contractors to safeguard organizational assets and maintain resilience against evolving threats.
A Cybersecurity Lead will set strategic directions and oversight for the entire Assessment & Authorization and Vulnerability Management teams, including A&A Analysts, A&A Specialists, A&A SMEs, A&A Security Engineers, A&A Architects, Vulnerability Management Analysts, and Vulnerability Management Engineers to deliver the cyber authorization services. A Cybersecurity Lead will develop project management plans such as Work Breakdown Structure, mentor and guide team members on the preparation of technical deliverables and resolve project issues, prepares progress/status reports on technical deliverables, and monitor contractual requirements bringing in help from outside the project as needed to mitigate risks. A Cybersecurity Lead will also serve as a primary interface for the client and ASM leadership to answer questions, address concerns, and provide status/updates. Additionally, a Cybersecurity Lead will have at least five years of working knowledge and experience with one or more of the following Federal security frameworks (FedRAMP, FISMA, Zero Trust Maturity Model, RMF, and NIST SP 800 series and NIST SP 800-53) and GRC tools (e.g. XACTA, ArchAngel, eMASS, CSAM)
A Cyber Security Lead is the manager of all SOC analysts and is the primary representative of the SOC to external stakeholders. The SOC Lead's primary responsibilities include managing the shift work analysts, developing training plans, developing and approving SLA monitoring solutions, ensuing ongoing analyst certification, conducting employee performance evaluations, and providing overall strategic direction for the SOC.
  • Implement and oversee baseline security configurations and controls.
  • Monitor and report on cybersecurity metrics, ensuring compliance with DOE and federal requirements.
  • Review and update processes to align with OIM guidance, policy, and best practices.
  • Lead the implementation of the OIM cybersecurity metrics program plan, including data collection, reporting, and oversight.
  • Direct daily cybersecurity operations for SC GSS domains, including detection, analysis, containment, eradication, and recovery.
  • Manage SIEM, IDS/IPS, EDR, DLP, ICAM, CDM, and cloud security tools.
  • Provide daily cyber health and status reports to leadership.
  • Lead proactive threat hunting and incident response, coordinating with DOE's iJC3.
  • Establish and maintain SOPs for incident response, escalation, and after-action reporting.
  • Ensure compliance with DOE Order 205.1, US-CERT requirements, and federal directives.
  • Oversee CDM program activities, including tool maintenance, upgrades, and analysis.
  • Coordinate with DOE contractors and vendors to ensure compliance with DOE Orders and regulations.
  • Provide continuous monitoring for unauthorized hardware/software and applied risk controls.
  • Lead vulnerability identification, risk assessment, and mitigation across IT infrastructure and cloud environments.
  • Direct patch management, configuration updates, and corrective actions.
  • Establish continuous monitoring processes leveraging automated tools and threat intelligence feeds.
  • Ensure compliance with FISMA, NIST 800-53, and evolving regulatory requirements.
  • Deliver regular vulnerability management reports with metrics, compliance status, and recommendations.

Minimum Qualifications
  • Bachelor's degree in Cybersecurity, Computer Science, or related field (Master's preferred).
  • 8+ years of progressive experience in cybersecurity operations, incident response, and vulnerability management.
  • Certifications such as CISSP, CISM, CEH, or equivalent. GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Incident Handler (GCIH), Certified Information System Security Professional or Associate (CISSP or Associate), ISC2 Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Project Management Professional (PMP), Certified Associate in Project Management (CAPM).

Other Job Specific Skills
  • Strong knowledge of DOE cybersecurity policies, federal directives, and industry best practices.
  • Hands-on expertise with SIEM, IDS/IPS, EDR, DLP, ICAM, CDM, and cloud security platforms.
  • Proven leadership in managing cross-functional teams.
  • Experience with: NIST 800-53 Rev 5, Risk Management Framework, NIST Cybersecurity Framework (CSF), FedRAMP Authorization, Tenable Nessus (ACAS), and DISA STIGs.

Desired Skills
  • Strategic thinker with ability to align cybersecurity initiatives to mission priorities.
  • Excellent communication skills for reporting to leadership and coordinating with stakeholders.
  • Strong analytical and problem-solving skills, especially in incident response and forensic analysis.
  • Ability to adapt to emerging technologies and evolving threat landscapes.
  • Able to build advanced alerts in SIEM.
  • Team lead with capability to train basic and advanced skills.
  • Able to translate events into incident response ticket with full information for SOC lead and provide briefings to leadership.
  • Advanced knowledge of security tools.
  • Assist Tier 2 and Tier 3 Analyst in incident response.
  • Has above basic Window and Linux CLI skills.
  • Has built understanding of multiple security tools i.e. EDR, IDP, IDS, Firewalls, etc..
  • Built full incident response and provides mitigation steps.
  • Leads and writes Tabletop Exercises.

Compensation Ranges
Compensation ranges for ASM Research positions vary depending on multiple factors; including but not limited to, location, skill set, level of education, certifications, client requirements, contract-specific affordability, government clearance and investigation level, and years of experience. The compensation displayed for this role is a general guideline based on these factors and is unique to each role. Monetary compensation is one component of ASM's overall compensation and benefits package for employees.
EEO Requirements
It is the policy of ASM that an individual's race, color, religion, sex, disability, age, sexual orientation or national origin are not and will not be considered in any personnel or management decisions. We affirm our commitment to these fundamental policies.
All recruiting, hiring, training, and promoting for all job classifications is done without regard to race, color, religion, sex, disability, or age. All decisions on employment are made to abide by the principle of equal employment.
Physical Requirements
The physical requirements described in "Knowledge, Skills and Abilities" above are representative of those which must be met by an employee to successfully perform the primary functions of this job. (For example, "light office duties' or "lifting up to 50 pounds" or "some travel" required.) Reasonable accommodations may be made to enable individuals with qualifying disabilities, who are otherwise qualified, to perform the primary functions.
Disclaimer
The preceding job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

What ASM Research employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom

Apply