Securedtips

The SOC Analyst

Front line responders

Solomon Achugwoh's photo
Solomon Achugwoh
·

3 min read

The SOC Analyst

Photo by Patrick Amoy on Unsplash

Cyber security is made of several role, one of which is the security operation center analyst (SOC). It's also referred to as cyber security analyst. The SOC analyst are first responders to any incident or any event pertaining cyber security. A SOC analyst is to work closely with cyber security engineers. They are the security advisers of any organization because they are watching out for any event that throws a red flag. As a SOC analyst you would have a reporting tool, technology or dashboard you use in monitoring your organization events, employee or clients. This role serves as an entry level role into cyber security.

The role of a SOC analyst:

A SOC analyst could also handle the mail box of an organization or suspicious event been reported by other users. Once a suspicious email is sent to an organization it's forwarded to the SOC analyst for immediate action or recommendations. As a SOC analyst you will be dealing with many false positive emails, opening and classifying different incidents. Most of the time it's looking through bunch of data, user alert, event logs and incident tickets. Monitor and detect threat that comes into a company. Perform extensive research to threat that are common to your sector or related to your organization.

It's a role that requires the personel to perform repetitive task on a data, so it goes to say that a SOC analyst must be patient and level headed. A SOC analyst is to look through an event to find anomalies and talking to teams (blue, purple, red) to solve the problem. To start out in this role it doesn't require more than 3years of experience. Some companies require people already with a degree certificate in infotech related field or someone who has a certificate from a incident response bootcamp.

Skills required for this role:

Network analysis, malware prevention, malware analysis and incident response.

Tools used

There are many tools to use as a SOC analyst and most of them are open source and very effective. IDS intrution detection system: it monitor traffic on network and detect anomalies. Vulnerability scanner: maltego SIEM tools : support incident management, response and compliance side, collecting and analysing different event for SOC. Cybersec News: to keep you updated through use of rss feed like feedly Snort, mozdef, wazuh, splunk, ossim, elk stack and Sagan.

Certification for a SOC analyst

Check out our previous post where we talked about entry level certification and importance of certification in information security. securedtips.hashnode.dev/foundation-certifi..

GIAC Certified Incident Handler GCIH, Certified Incident Handling Engineer, EC Certified Incident Handling (E|CIH).

For entry level into cyber security the SOC role is really a great way to scale up your career in the industry. The role helps you learn the security posture of the organization and helps you know the trendy and latest cyber attacks happening in the world. This SOC analyst role could lead you on the offensive side or the preventive side against external and internal threat. The SOC role eases you into what ever future role you want to take in cyber security.

#cybersecurityCypresstechnologyCareerinternships