A Security Operations Center (SOC) analyst is an organized and highly skilled individual whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents with the aid of both technology and well-defined processes and procedures.
The analyst’s main priority is to identify any activity in a customer’s environment that appears to have malicious intent. The analyst’s ability to recognize activity by a threat vector is key to preventing impactful incidents such as data theft.
Roles and Responsibilities of SOC analyst:
- SOC Analyst would monitor network security events received from customer’s monitored servers, and then take appropriate action based on customer’s security policy.
- SOC analyst is responsible for reviewing alerts escalated by Level 1 analysts.
- SOC analyst works with customers to configure host IDS/IPS policies (Cisco CSA agent)
- Responsible for troubleshooting agent software issues.
- SOC analysts also perform analysis of log files. Includes forensic analysis of system resource access.
- Responsible for tuning HIDS policies for individual hosts. Perform ongoing management and backup monitoring of HIDS server.
- SOC analyst is responsible for carrying out all activities regarding SOC policies and SOC procedures
This work involves monitoring client Intrusion Detection Systems (IDSs) and Security Analyst Manager devices looking for suspicious or anomalous activities.
SOC analyst work is performed on a 24X7 basis ,and SOC analysts may be assigned to either of three shifts and may include weekends and holidays shifts.
Work involves performing basic correlation and investigation on detected events, escalating events to appropriate teams within the Security Operations Center (SOC), providing phone support for issues handled by the SOC Analyst either by providing immediate assistance, or by paging a member of the Senior SOC Analyst from an appropriate team to field the call, and assisting other SOC teams by providing information from monitored IDS devices.
Life in the SOC as an analyst is never dull. A day of handling incidents, customer requests and verifying the health of our customers SIEM’s is full of turns and twists. Every day is different but in the end, a Security Operations Center Analyst’s duty is to identify threats, understand them, respond appropriately and work for the client to help prevent security incidents from transforming into a catastrophic impact to a customer’s environment.
Education Requirements to become SOC Analyst:
There is no firm and fast degree requirement for Security Analysts. Nevertheless, most employers are going to be looking for a bachelor’s degree in Computer Science, Cyber Security or a related field.
Having said that, there are a lot of current analysts who have gone through weird and wonderful routes. If you don’t have a technical degree, you may be able to impress hiring agencies with experience, training and certifications.
Salary of SOC Analyst:
According to Payscale, the median salary for a Security Analyst is $65,261 per year (2014 figures). Overall, you can expect to take home a total pay of $44,285 – $95,851. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Certifications For Security Analysts: