These days, most of the company’s sensitive data are stored in cloud environment as digitization rise. With this the role of SOC analyst for all company also become increasingly important. This means, you have bigger change to get the job especially if you plan to enter cybersecurity field.
What is SOC Analyst
SOC Analyst is someone who works with fellow SOCs team member to analyze, respond and monitor various security issue that the company face. The main goal that you need to do on this job is preventing cyberattack from happening in the company’s network.
SOC itself is “Security Operation Center” which consist of a few analysts as the member. This team is the one that will implement and integrate the company’s cybersecurity strategy. So, you will become the main person to contact to help monitor and avoid cyberattack.
That is why, you will need to monitor the activities on the company’s network and look for suspicious movement that can be a sign of breach. Then when the breach is detected you will need to investigate it together with your team member by performing vulnerability assessment. For lower tier analyst you can then report what you find to someone with hither tier to do more complex task.
You will also need to work together with the other departments inside the company such as sales, human resources and many other to make sure that the system they use are secure. Furthermore, you will also be task to correct various issue on work computer used by a member of those departments.
SOC Department Career Path
When you first enter the field as SOC Analyst, you will be assigned into one of the four tiers that the department have. You will be assigned on the lower tier if you are on entry level then you can work your way up to higher tier as your experienced are more advanced. Here are the tiers that available in SOC department:
First Tier Support Security
This is the first tier or the entry level one. Here you will work to support the other security analyst on the higher tier. You will also be tasked to view daily alert and SIEM alerts. Then you need to review them to see which one is more urgent and relevant.
You will also do triage to make sure that a real security breach is happening. Then you will also configure and oversee various monitoring tools used to secure the company’s network.
Second Tier Support Security
This is the second tier where you will work to address security breaches that happen right now. Then you will also work to evaluate any incident that were identified by the analyst on previous tier.
You will then use threat intelligence for example IOCs and updating the rules to find out the systems that affected by the attack and tier extent. Then you will analyze all of the configuration and process that are run by the affected system.
You also need to do intelligence analyst deeper to find out who did the attack, the attack type, as well as the system and data impacted by the attack. Then you will work to make and implement the right strategy needed to contain and recover the system.
Third Tier Security Analyst
Once you have more experience then you will be able to advanced to this tier. Here you will be task to deal with a more critical incidents that are more dangerous for the system. You will perform penetration test and vulnerability assessment to assess the company’s system resilience as well as isolating weak area that need more attention.
Then you will review the threat intelligence, security data and security alerts. You will also need to identify the treats that entered the system to find vulnerabilities and gaps in the security system.
Incident response manager
This is the last tier where you work as someone who manage the whole department. You will manage the action which need to be prioritize when incident happen to analyze, contain and isolate them. You will also be task to communicate about the severity of the incident to external and internal stakeholders.
Job Responsibilities and Duties
Since SOC Analyst is an important part of the company’s cybersecurity there are a few responsibilities that you will perform on this job such as:
- Monitoring cybersecurity access then make report on possible cyberattacks
- Monitoring the company’s application, network, and security system
- Analyzing risk as well as security operation in order to find vulnerability that may hold huge impact on the company’s cybersecurity
- Finding out when a breach happened and analyze it to know the root that causing the breach
- Working for a solution to prevent the same breach from happening in the future
- Making report on cybersecurity finding for the expert so they can change the company’s cybersecurity policies that will strengthen the network
- Performing deep investigation on cybersecurity incident and making report for law enforcement if necessary
- Suggesting cybersecurity strategies to improve the company’s security
- Implement new system and performing update on the network security system to prevent cyberattack
- Performing audits to the network security to find vulnerabilities that can be use as exploit to attack the system and reviewing the data found
If you want to be SOC Analyst, there are a few processes that you need to go through first. The process involve practice and learn all of the skills needed besides the basic requirements. Here are some of the qualification that you need:
To work on this job, you actually do not need to have specific bachelor degree. However, having bachelor degree on field related to STEM such as computer science may be beneficial.
Usually, those that want to work in this career will take courses on cybersecurity. That way they will have the right knowledge on data analyzing and ability to spot attack pattern which can help to identify breach.
It is important for you to get training and certification from reputed institute that will teach you the right skill and knowledge. Some of the certification that you need are:
- CSA certification
This is a good certification for those that want to work as threat hunting or incident responder within their SOC team. The certification will give you the right knowledge and experience on those roles.
- CompTIA Security + certification
This certification is the entry level requirement if you want to enter the cybersecurity field. It will teach you about the cloud computing risk, cryptography, access control security and many other. It is the best certification that you need if you want to enter the field.
- Ethical Hacker certification
This certification will teach you about the tools, and attack vectors used by penetration tester and hacker. They will also give you the right experience on malware analysis that you can really use.
- CompTIA CySA + certification
This certification will teach you about application and network security. It will give you knowledge on firewall and proxies configuration, penetration testing and vulnerability assessment. It is a good certification if you want to enter the management or security field.
- CCA certification
This certification will teach you all about all of the tasks that done by real SOC in realistic environment.
- CEH certification
- CISSP certification
- GIAC certification
- CASP certification
If you want to work in this career you need to know about cybersecurity. As SOC team comes in different tier then you might want to enter the field right away on the entry level tier. After working a few years, you will be able to get the right skillset and toolset needed to advanced your career to higher tier.
If necessary, you can try to get an internship which will help you experience how to work directly as SOC analyst. That way, you will know the process and tools used on the field. There are a lot of companies that offer internship opportunity for this job so you need to take advantage of that right away.
To work as SOC Analyst you need to have the right skillset on both technical and soft skills. Those skills will be able to help you have better performance while doing your responsibilities and duties. Some of those skills are:
- Ability to detect instruction on the company’s network. It can be anything from direct cyberattack to malware that used to breach the network.
- Ability to mitigate and track cyberattack inside the company’s system
- Understanding about activities risk and ability to make decision of whether something is worth the risk or if something can become safer
- Ability to do ethical hacking in the company’s network without breaking regulation by doing vulnerability scanning and penetration testing.
- Ability to solve various problems and issue that are faced by the team.
- Ability to work with huge number of data and to organized it so it can be used efficiently
- Critical thinking ability on every action that you take on your role as it will affect the department.
- Have strong fundamentals on how the computer work
- Have knowledge on computer networking and programming languages
- Understand data management, cryptography, encryption, and hashing.
Working as SOC analyst means you need to start from the lowest tier or even work your skills first before entering the field. When schedule is something that you find difficult to work with while you study then you can try to do volunteer job as a way to enter the field.
Description: SOC Analyst is someone who works with fellow SOCs team member to analyze, respond and monitor various security issue, learn more here
Tags: SOC analyst, SOC analyst job, SOC analyst qualification, SOC analyst responsibilities, SOC analyst skills