Cyber Security Analyst Salary in Sri Lanka 2025
Monthly LKR Ranges, Job Duties, Required Certifications and Career Progression
Cyber security analysts are among the most in-demand IT professionals in Sri Lanka today. This guide breaks down exactly what analysts earn at every career stage, what certifications accelerate pay growth, and which employers are hiring.
What Does a Cyber Security Analyst Do in Sri Lanka?
A cyber security analyst is responsible for protecting an organisation's information systems by monitoring network activity, detecting threats, investigating security incidents, and implementing preventive controls. In Sri Lanka, most analysts work within Security Operations Centres (SOCs) — either in-house at banks or telecoms companies, or within managed security service providers (MSSPs) that serve multiple clients.
Day-to-day tasks include reviewing security alerts from SIEM platforms such as IBM QRadar or Splunk, conducting log analysis, performing vulnerability scans, documenting incidents, and liaising with IT teams to patch identified weaknesses. Senior analysts take on threat intelligence research, purple team exercises, and compliance reporting under frameworks such as ISO 27001 or PCI-DSS.
With Sri Lanka's banking regulator (CBSL) having issued detailed cyber security guidelines, every licensed bank and finance company now needs qualified analysts. This regulatory demand means analyst vacancies remain consistently available even when the broader IT job market tightens.
Key Facts: Cyber Security Analyst Jobs in Sri Lanka
- Entry Salary: LKR 60,000 – 90,000/month
- Mid-Level Salary: LKR 100,000 – 180,000/month
- Senior Salary: LKR 200,000 – 320,000/month
- Top Hiring Sectors: Banking, Telecom, MSSPs, Government
- Most Valued Certification: CompTIA Security+ (entry), CEH (mid), CISSP (senior)
- Typical Minimum Qualification: HND or BSc in IT / Computer Science
Cyber Security Analyst Salary Table — Sri Lanka 2025
| Analyst Level | Experience | Monthly Salary (LKR) | Typical Employer Type |
|---|---|---|---|
| SOC Analyst L1 | 0–2 years | 60,000 – 90,000 | MSSP, Bank IT Department |
| SOC Analyst L2 | 2–4 years | 95,000 – 150,000 | Bank, Telecom, MSSP |
| SOC Analyst L3 / Senior | 4–7 years | 160,000 – 250,000 | Large Bank, Telecom SOC |
| Threat Intelligence Analyst | 3–6 years | 130,000 – 220,000 | Bank, IT Outsourcing |
| Vulnerability Analyst | 2–5 years | 110,000 – 190,000 | MSSP, Corporate IT |
| Compliance / GRC Analyst | 3–6 years | 120,000 – 200,000 | Bank, Insurance, Regulator |
| Lead / Principal Analyst | 7–10 years | 220,000 – 320,000 | Commercial Banks, Telecos |
Monthly LKR figures. Colombo-based roles and MNCs typically pay 15–25% above these figures.
Certifications That Increase Cyber Security Analyst Salaries
CompTIA Security+
Entry to Mid | +15–25% vs uncertified
Globally recognised foundation cert. Required or preferred by most Sri Lankan banks and MSSPs for analyst roles.
CompTIA CySA+
Mid-Level | +10–20% at mid-level
Analyst-specific credential covering behavioural analytics, threat intelligence, and incident response.
CEH (Certified Ethical Hacker)
Mid to Senior | +20–30% for pen-test-adjacent roles
Demonstrates offensive security knowledge. Valued in red team or hybrid SOC/pen-test roles.
CISSP
Senior | +30–40% at senior level
The gold standard for experienced security professionals. Required for CISO-path and ISO roles.
ISO 27001 Lead Implementer
Mid to Senior | +15–25% in compliance roles
Highly valued at banks, corporates, and regulated entities needing ISMS implementation.
Splunk Core / Microsoft SC-200
Entry to Mid | +10–15% in SOC roles
SIEM-specific certifications signal hands-on tool proficiency employers look for in SOC hires.
Qualify as a Cyber Security Analyst through Ceylon Open Campus
Ceylon Open Campus offers an HND in Information Technology that covers the network administration, operating systems, and security principles that form the foundation of every SOC analyst role. Our students graduate with the theoretical grounding to sit CompTIA and EC-Council certification exams, and practical skills developed through lab-based modules that simulate real-world security scenarios.
Working professionals can study part-time and progress to a full BSc through our UK university partnerships — a qualification that moves you into the LKR 150,000+ analyst salary bracket. Our Kattankudy campus serves students across the Eastern Province, with course structures designed around the schedules of working adults.
Frequently Asked Questions
What does a cyber security analyst earn in Sri Lanka at entry level?
An entry-level cyber security analyst (also called a SOC Analyst Level 1) in Sri Lanka typically earns between LKR 60,000 and LKR 90,000 per month. Candidates who hold a CompTIA Security+ or similar foundation certification alongside their IT degree or HND can negotiate towards the top of that range from the outset.
What is the salary of a mid-level cyber security analyst in Sri Lanka?
Mid-level analysts with three to six years of experience in threat detection, incident response, or vulnerability management typically earn LKR 100,000 to LKR 180,000 per month. Holding a CEH (Certified Ethical Hacker) or CySA+ at this stage often places candidates in the LKR 140,000–180,000 band.
What qualifications do employers require for a cyber security analyst role?
Most Sri Lankan employers expect an HND or BSc in IT, Computer Science, or Cyber Security at minimum. Industry certifications such as CompTIA Security+, CEH, or CompTIA CySA+ are strongly preferred. Hands-on skills in SIEM tools (such as Splunk or Microsoft Sentinel), network traffic analysis, and incident response documentation are commonly tested at interview.
How does a cyber security analyst role differ from a cyber security engineer?
Analysts primarily monitor, detect, and respond to security incidents — they work within a SOC or security team, investigating alerts, triaging events, and writing incident reports. Engineers design and build the security infrastructure: firewalls, IDS/IPS systems, SIEM pipelines, and security architectures. Engineers generally command higher salaries (LKR 120,000–280,000) but typically need broader technical expertise.
Which certifications add the most value for a cyber security analyst in Sri Lanka?
CompTIA Security+ is the most widely recognised foundation certification and is a minimum requirement at many banks and outsourcing firms. For progression, CEH (EC-Council) demonstrates offensive knowledge valued in SOC and pen testing contexts. CompTIA CySA+ is specifically analyst-focused and is increasingly accepted by banks. At the senior level, CISSP or CISM signals management-readiness.
Can I become a cyber security analyst with an HND in Sri Lanka?
Yes. An HND in Information Technology from an accredited institution such as Ceylon Open Campus provides the networking, operating systems, and security fundamentals needed for SOC Analyst and junior information security roles. Pairing the HND with CompTIA Security+ makes you competitive for entry-level analyst vacancies. Many professionals then top up to a BSc degree while working, which accelerates salary progression.
Become a Cyber Security Analyst
Talk to Ceylon Open Campus about the IT programme that sets you on the path to a cyber security analyst career.
Phone
075 922 0083
Mon–Sat: 9AM – 6PM
coc.ceylon@gmail.com
24-hour response time
Campus
Ceylon Open Campus
Kattankudy, Sri Lanka