SOC Analyst, Attack Analyst, Cyber Threat Analyst
SOC Analyst Role
The role of an SOC analyst is to be part of a team that is at the heart of keeping a company or business safe and secure through its Security Operations Centre (SOC).
SOC Analyst Description / Responsibilities
There are normally three levels of responsibility that are part of an SOC Analyst role – Tier 1, Tier 2, and Tier 3. Each will have a different level of responsibility in terms of identifying potential threats and escalating them to more experienced and senior managers.
Most jobs that are advertised tend to be for Tier 1 analysts, who then progress to Tier 2 and 3 once they acquire more experience.
The job of an SOC Analyst is to be at the forefront of monitoring potential threats to the network, identifying how serious they are, triaging them and escalating them where appropriate.
Whilst a Tier 1 analyst is the most junior position, it is also in many ways the most important because they are at the forefront of analysing and identifying threats and determining how serious they are.
An SOC Analyst will be expected to help manage any incidents that do occur as part of a incident response team, and to help analyse the immediate threat and any potential fallout from it. They will also be expected to analyse any threat once it is over to help determine how it happened and what can be done to prevent similar attacks in the future.
The analyst will be expected to have knowledge of and be able to implement what is known as Security Information and Event management technology (SIEM).
There are a number of SIEM tools which the analyst will need to have knowledge of either when they stop the job or learn as part of an ongoing process – the most common ones are
Perhaps the most important part of the job of an SOC Analyst is to be able to quickly digest significant amounts of information that they have access to, to be able to understand nature of that information and how viable or real any potential threat is.
Aside from the technical ability and skill they need, they will seriously need to have good communication skills with other members of the team, and with senior management to make sure that their work is fully understood, and any action that is needed is taken and implemented speedily.
Qualifications / Experience
An SOC analyst will need to have a significant level of experience in the various areas of expertise that they will be expected to work in. This can either be as a another Tier 1 Analyst or experience gained in different roles within a company.
Many companies will require 2 to 3 years worth of experience in these areas before taking on a Tier 1 analyst.
A bachelors degree is normally stipulated, and although not strictly necessary, any degree in technology related subjects such as Computer Science, Information Systems etc, will be seen as valuable.
Certifications are probably the most important part of the list of qualifications that will be required for the job.
Companies differ as to specifically which ones they want but there are a number of certifications available and the more a candidate has, the more likely they are to be employed. Below is a list of the most common ones that companies will want to see in a candidates in a candidates resume:
- CCNA Cyber Ops
An SOC analyst will also be expected to be familiar with and be able to comply with a wide set of security standards, the most common ones being:
- Fed RAMP
In addition, an SOC analyst will be expected to have knowledge of and be able to implement cloud technology, especially Amazon Web Services, Microsoft Azure, and Google Cloud Platform.
SOC Analyst Salary / Benefits
An SOC Analyst role is not seen as an entry-level position, any potential candidates are expected to have the necessary skills and experience to fit straight into the job, and the salary and benefits should reflect this.
According to online job websites, salaries for a Tier 1 SOC Analyst are estimated as being between $60,000 and 90,000 per year for a full-time position.
Some jobs in the financial services industry pay more than other industries, in part because the threat of cybercrime is deemed more serious in these areas than others.
Any SOC analyst position should come with significant benefits, by way of healthcare, pension, flexible working etc.
Any potential employee will be expected to work unsocial hours, especially in the event of a cyber attack, and both salary and benefits should reflect this.
It is also important that the business or company offers and encourages training in all areas of cyber security, both in person, online and through networking events.
Most companies will be specific about where the job is located, any residency requirements, and whether or not there is a hybrid option.
If a hybrid or remote option is not mentioned it is worth the candidate querying this if they want to, as many companies can be a lot more flexible than they might initially appear to be.
Vetting isn’t always mentioned in job adverts, but is an increasingly important element for companies hiring any employees.
From a candidates point of view it is much better to be up front at the beginning of the process about any criminal convictions they may have, whether or not they appear relevant to the specifics of the job.
Most businesses take a fairly practical approach to the nature of criminal convictions, what they are, when they happened and how relevant they are to the current job position.
Many government and security related organizations are likely to take a much stricter approach to the vetting process and it may be worth having an informal chat with the hiring organization before engaging in the job application process.