What is a SOC analyst? Job description, salary and certification (2023)

• SOC Analyst job description
• SOC Analyst Career Plan
• SOC Analyst Skills
• SOC Analyst Training and Certification
• SOC analyst interview questions
• SOC Analyst Jobs and SOC Analyst Salary

show more

What is a SOC Analyst?

Asocial analystis a cybersecurity professional who works in teams to monitor and combat threats to an organization's IT infrastructure and assess security systems and measures for vulnerabilities and possible improvements. HeSOCmeans in the job titlesecurity operations center;That's the name of the team made up of multiple analysts and other security professionals, often working together in a single physical location. A SOC can be an internal team serving a single company or aoutsourced serviceProvide security to one or more external clients.

social analystIt is a title used by infosec newbies and more experienced professionals alike. The job can be a great stepping stone to a career in cybersecurity, but it's also demanding and somewhat repetitive work that can lead to burnout. Let's take a closer look at what the job entails and what skills you'll need to be successful.

SOC Analyst job description

Perhaps the best way to understand what a SOC analyst does is to ask one! SOC analyst Molly Webber recently gave an interview to the Center for Internet Security in which shedescribes his day:

I help state, local, tribal, and territory (SLTT) governments monitor their networks for malicious activity. The job requires great attention to detail and a general awareness of all things cyber. we look upIDS (Intrusion Detection System)Alerts, suspicious emails, network logs, and any other resource that provides information about an entity's network activity. Analysts are expected to be able to read, understand and report on cyber trends. Basic knowledge of areas such as networking, malware analysis, incident response and cyber etiquette is essential.

ANDPrelude Institute introduces SOC analystsas a "security guard and advisor", which is a good way to capture its dual role: keeping an eye on ongoing attacks and trying to find ways to bolster defenses to prevent or mitigate future attacks. To do this, they must install security tools, investigate suspicious activity that these tools detect, support audit and compliance initiatives, and participate in the development of security strategies.

However, the task that can dominate the work, especially at the entry level, is dealing with alerts issued by users and various security programs, which in practice can mean navigating a large number of false positives. Kelly Jackson Higgins, write atdark reading,describes the workas "one of the least glamorous and most boring jobs in information security: sitting in front of a computer screen all day, manually clicking through thousands of raw alerts coming from firewalls, IDS/IPS,SIEMand endpoint protection tools and ignore or escalate them" while dealing with the "constant and persistent fear of mistakenly dismissing this alert associated with an actual attack", and likely won't stay at that Tier 1 forever.

SOC Analyst Career Plan

The first step in this career is taken even before hiring as a SOC analyst. The requirements aren't all that different from many other entry-level security jobs that have "analyst" in the title. The most important thing to remember is that Jonathan Gonzalez, a senior member of AT&T's technical staff atthis interview, “There is no such thing as an entry-level job in cybersecurity.” Most people work in networking or a similar IT discipline for at least a year or two before moving into a security job.

However, it is not uncommon for a Tier 1 SOC Analyst role to be your first stop in your cybersecurity career. While each employer places slightly different roles on each specific job title, there are generally three tiers of SOC analyst jobs. EG-Ratsblog has adetailed breakdownof the differences between these levels, but to summarize:

• Level 1 SOC analysts aretriage specialistsMonitor, manage and configure security tools, review incidents to assess their urgency, and escalate incidents as needed.
• Level 2 SOC analysts areemergency services,Remediate Level 1 escalated severe attacks, assess the scope of the attack and systems affected, and collect data for further analysis.
• Level 3 SOC analysts arethreat hunter,proactively work to look for vulnerabilities and stealthy attackers, executepenetration testsand review vulnerability assessments. Some Level 3 analysts are more focused on digging deeper into datasets to understand what happens during and after attacks.

And those levels aren't the only jobs within a SOC. There are also the SOC engineers responsible for building and maintaining the systems used by the analysts, and at the top are the SOC administrators who oversee the overall operation. Each of these roles is a potential place for SOC analysts to train.

Also, once you've honed your skills at a SOC, there are more career opportunities open to you. FORPost to the Microsoft Security BlogHe elaborates on these topics, explaining that an analyst's post-SOC career can end up in "incident response, program management, security product development, or leadership."

SOC Analyst Skills

There EG-Mousedescribes the superior skills of a SOC analystneeds as follows:

• network defense
• ethical hacking
• Incident Response
• Computer Forensics
• reverse engineering

But what are the specific technical skills required? The EC-Council breakdown of the different levels of analysts mentioned above provides some insight: SOC analysts need to understand common security tools such as intrusion detection systems and SIEM software. You must have system administration skills on Windows, Mac and Linux/Unix platforms. Higher level analysts also need to know how to use them.Penetration Testing Tools.

Much of a SOC analyst's job revolves around combing through system logs to track attacks and determine when and how systems were compromised. Since manually scrolling through the logs is slow and will quickly drive an analyst crazy, SOC analysts need skills to automate this type of task and extract useful data from the logs. Level 1 analysts need to know how to write scripts that can find key patterns in large text files such as system logs, while higher level analysts need to understand how data visualization tools can provide insights. So some programming knowledge is a must.

SOC Analyst Training and Certification

We've found that IT experience is what you need most to land a SOC Analyst job. But there are certifications that can point your knowledge base to potential employers, and plenty of online continuing education and training resources you can use to learn for them. In the IDG Insider's Guide to Top Security Certifications, Neal Weinberg recommendsCisco Certified CyberOps Partner, a certificate "for people working as SOC analysts in large companies and organizations"; It says it "provides a practical, relevant, and professional-ready certification curriculum that closely aligns with the specific real-world tasks required as an associate-level SOC professional." (The certification used to be called “Cisco CCNA Cyber ​​​​Ops.”) You can get certification trainingaus dem Cisco Learning Network.

The EC Council has its own certificate in this area:Certified SOC Analyst (CSA)- and alsooffers an iClass to help you prepare. A variety of other training camps and third-party training programs are also available, includingtraining campjInfoSecTren.

But SOC-specific certificates aren't the only way to prove yourself: after all, SOC analysts primarily need to demonstrate standard security competencies, and there are plenty of certificates to help you with that. In a Reddit thread whereSOC professionals evaluated which certificates are most useful,CompTIA+ Securitywas one of the most cited, as well as the EC CouncilCertified Ethical Hacker.

SOC analyst interview questions

You can find endless lists of interview questions online for cybersecurity jobs, most of which cover the basic areas you need to master to impress an interviewer. OArticles about Cybraryhas a decent explanation of what to expect in a given SOC analyst interview and, even better, some background informationgoodYou'll get specific questions and how to answer them instead of just repeating content. Our favorite tip: “Competent analysts don't use buzzwords. They demonstrate a deep understanding of each step, mechanism and object, as well as the authentication framework.”

There are also two great Reddit threads (HerejHere) where several SOC hiring managers chime in to talk about what they ask in an interview and what the answers say about the job seeker.

SOC Analyst Jobs and SOC Analyst Salary

Has all of this sparked your interest in working as a SOC analyst? Jobs are available and salaries are decent, although they reflect the fact that SOC analysts are usually in an entry-level position. It can be difficult to analyze SOC analyst salaries using aggregate data for security analysts overall, but as of March 2020 Glassdoorestimated the average base salary to be around $71,000 per year, ranging from $50,000 to $97,000. Good luck preparing for this job and all the best in fighting cyber enemies on the front lines!

Related:

• Career
• Security
• network security

7 hot (and 2 cold) cybersecurity trends