Outstanding CSO: SOC Analyst
Working as an analyst in a security operations center is the first information security job for many and can be a stepping stone to a career.
contributing author,FALL |
- SOC Analyst job description
- SOC Analyst Career Plan
- SOC Analyst Skills
- SOC Analyst Training and Certification
- SOC analyst interview questions
- SOC Analyst Jobs and SOC Analyst Salary
What is a SOC Analyst?
Asocial analystis a cybersecurity professional who works in teams to monitor and combat threats to an organization's IT infrastructure and assess security systems and measures for vulnerabilities and possible improvements. HeSOCmeans in the job titlesecurity operations center;That's the name of the team made up of multiple analysts and other security professionals, often working together in a single physical location. A SOC can be an internal team serving a single company or aoutsourced serviceProvide security to one or more external clients.
social analystIt is a title used by infosec newbies and more experienced professionals alike. The job can be a great stepping stone to a career in cybersecurity, but it's also demanding and somewhat repetitive work that can lead to burnout. Let's take a closer look at what the job entails and what skills you'll need to be successful.
SOC Analyst job description
Perhaps the best way to understand what a SOC analyst does is to ask one! SOC analyst Molly Webber recently gave an interview to the Center for Internet Security in which shedescribes his day:
I help state, local, tribal, and territory (SLTT) governments monitor their networks for malicious activity. The job requires great attention to detail and a general awareness of all things cyber. we look upIDS (Intrusion Detection System)Alerts, suspicious emails, network logs, and any other resource that provides information about an entity's network activity. Analysts are expected to be able to read, understand and report on cyber trends. Basic knowledge of areas such as networking, malware analysis, incident response and cyber etiquette is essential.
ANDPrelude Institute introduces SOC analystsas a "security guard and advisor", which is a good way to capture its dual role: keeping an eye on ongoing attacks and trying to find ways to bolster defenses to prevent or mitigate future attacks. To do this, they must install security tools, investigate suspicious activity that these tools detect, support audit and compliance initiatives, and participate in the development of security strategies.
However, the task that can dominate the work, especially at the entry level, is dealing with alerts issued by users and various security programs, which in practice can mean navigating a large number of false positives. Kelly Jackson Higgins, write atdark reading,describes the workas "one of the least glamorous and most boring jobs in information security: sitting in front of a computer screen all day, manually clicking through thousands of raw alerts coming from firewalls, IDS/IPS,SIEMand endpoint protection tools and ignore or escalate them" while dealing with the "constant and persistent fear of mistakenly dismissing this alert associated with an actual attack", and likely won't stay at that Tier 1 forever.
SOC Analyst Career Plan
The first step in this career is taken even before hiring as a SOC analyst. The requirements aren't all that different from many other entry-level security jobs that have "analyst" in the title. The most important thing to remember is that Jonathan Gonzalez, a senior member of AT&T's technical staff atthis interview, “There is no such thing as an entry-level job in cybersecurity.” Most people work in networking or a similar IT discipline for at least a year or two before moving into a security job.
However, it is not uncommon for a Tier 1 SOC Analyst role to be your first stop in your cybersecurity career. While each employer places slightly different roles on each specific job title, there are generally three tiers of SOC analyst jobs. EG-Ratsblog has adetailed breakdownof the differences between these levels, but to summarize:
- Level 1 SOC analysts aretriage specialistsMonitor, manage and configure security tools, review incidents to assess their urgency, and escalate incidents as needed.
- Level 2 SOC analysts areemergency services,Remediate Level 1 escalated severe attacks, assess the scope of the attack and systems affected, and collect data for further analysis.
- Level 3 SOC analysts arethreat hunter,proactively work to look for vulnerabilities and stealthy attackers, executepenetration testsand review vulnerability assessments. Some Level 3 analysts are more focused on digging deeper into datasets to understand what happens during and after attacks.
And those levels aren't the only jobs within a SOC. There are also the SOC engineers responsible for building and maintaining the systems used by the analysts, and at the top are the SOC administrators who oversee the overall operation. Each of these roles is a potential place for SOC analysts to train.
Also, once you've honed your skills at a SOC, there are more career opportunities open to you. FORPost to the Microsoft Security BlogHe elaborates on these topics, explaining that an analyst's post-SOC career can end up in "incident response, program management, security product development, or leadership."
SOC Analyst Skills
There EG-Mousedescribes the superior skills of a SOC analystneeds as follows:
- network defense
- ethical hacking
- Incident Response
- Computer Forensics
- reverse engineering
But what are the specific technical skills required? The EC-Council breakdown of the different levels of analysts mentioned above provides some insight: SOC analysts need to understand common security tools such as intrusion detection systems and SIEM software. You must have system administration skills on Windows, Mac and Linux/Unix platforms. Higher level analysts also need to know how to use them.Penetration Testing Tools.
Much of a SOC analyst's job revolves around combing through system logs to track attacks and determine when and how systems were compromised. Since manually scrolling through the logs is slow and will quickly drive an analyst crazy, SOC analysts need skills to automate this type of task and extract useful data from the logs. Level 1 analysts need to know how to write scripts that can find key patterns in large text files such as system logs, while higher level analysts need to understand how data visualization tools can provide insights. So some programming knowledge is a must.
SOC Analyst Training and Certification
We've found that IT experience is what you need most to land a SOC Analyst job. But there are certifications that can point your knowledge base to potential employers, and plenty of online continuing education and training resources you can use to learn for them. In the IDG Insider's Guide to Top Security Certifications, Neal Weinberg recommendsCisco Certified CyberOps Partner, a certificate "for people working as SOC analysts in large companies and organizations"; It says it "provides a practical, relevant, and professional-ready certification curriculum that closely aligns with the specific real-world tasks required as an associate-level SOC professional." (The certification used to be called “Cisco CCNA Cyber Ops.”) You can get certification trainingaus dem Cisco Learning Network.
The EC Council has its own certificate in this area:Certified SOC Analyst (CSA)- and alsooffers an iClass to help you prepare. A variety of other training camps and third-party training programs are also available, includingtraining campjInfoSecTren.
But SOC-specific certificates aren't the only way to prove yourself: after all, SOC analysts primarily need to demonstrate standard security competencies, and there are plenty of certificates to help you with that. In a Reddit thread whereSOC professionals evaluated which certificates are most useful,CompTIA+ Securitywas one of the most cited, as well as the EC CouncilCertified Ethical Hacker.
SOC analyst interview questions
You can find endless lists of interview questions online for cybersecurity jobs, most of which cover the basic areas you need to master to impress an interviewer. OArticles about Cybraryhas a decent explanation of what to expect in a given SOC analyst interview and, even better, some background informationgoodYou'll get specific questions and how to answer them instead of just repeating content. Our favorite tip: “Competent analysts don't use buzzwords. They demonstrate a deep understanding of each step, mechanism and object, as well as the authentication framework.”
There are also two great Reddit threads (HerejHere) where several SOC hiring managers chime in to talk about what they ask in an interview and what the answers say about the job seeker.
SOC Analyst Jobs and SOC Analyst Salary
Has all of this sparked your interest in working as a SOC analyst? Jobs are available and salaries are decent, although they reflect the fact that SOC analysts are usually in an entry-level position. It can be difficult to analyze SOC analyst salaries using aggregate data for security analysts overall, but as of March 2020 Glassdoorestimated the average base salary to be around $71,000 per year, ranging from $50,000 to $97,000. Good luck preparing for this job and all the best in fighting cyber enemies on the front lines!
- network security
Copyright © 2020 IDG Communications, Inc.
7 hot (and 2 cold) cybersecurity trends
Outstanding CSO: SOC Analyst
SOC Analyst job description, salary and certification
The 5 Most Important Skills a SOC Analyst Needs
How can SOC analysts hunt more efficiently? for not hunting
What is a SOC analyst? Job description, salary and certification? ›
Most job announcements list desirable requirements, including a college degree or a combination of job experience and security and network certifications, including CySA+, CISSP, CISM, CISA, CEH and CCNA.What certifications do I need to be a SOC analyst? ›
Most job announcements list desirable requirements, including a college degree or a combination of job experience and security and network certifications, including CySA+, CISSP, CISM, CISA, CEH and CCNA.What is a SOC security analyst job description? ›
A SOC Analyst is a professional who deals with a company's cyber security and security operations. They are the first to respond to and take action against cyber-attacks. They identify, analyze and resolve the issues related to security.What does SOC analyst salary mean? ›
While ZipRecruiter is seeing annual salaries as high as $152,500 and as low as $26,000, the majority of Soc Analyst salaries currently range between $76,500 (25th percentile) to $121,000 (75th percentile) with top earners (90th percentile) making $146,000 annually across the United States.What is a Level 1 SOC analyst job description? ›
Tier 1 SOC analysts serve as the first responders during security events and when analysis of cyberattacks is required. They review incident alerts, run vulnerability tests, and escalate severe incidents to senior analysts in Tier 2.Do you need a certification to be a SOC analyst? ›
SOC analysts should get a certification like the CompTIA Cybersecurity Analyst (CySA+) or the GIAC Security Essentials Certification.How long does it take to get SOC certified? ›
The actual SOC 2 audit typically takes between five weeks and three months. This depends on factors like the scope of your audit and the number of controls involved.How do you become a Level 1 SOC analyst? ›
Education Qualification to Be a SOC Analyst
To start your career in this domain, you should have a bachelor's degree in the field of computer science or other similar sectors. Further, you must also go through proper training from a well-reputed institute, gain certification, and become a Certified SOC Analyst (CSA).
While learning how to work within the SOC and properly detect an attack or breach are valuable skills for those looking to start or advance their cybersecurity career, these analysts work long hours, are under constant stress and are prone to burnout.What is a Level 3 security analyst job description? ›
Information Security Analyst III completes tasks designed to ensure security of the organization's systems and information assets. Protects against unauthorized access, modification, or destruction and develops IT security policies and standards.
What is the highest SOC analyst salary? ›
SOC Analyst salary in India ranges between ₹ 3.0 Lakhs to ₹ 8.0 Lakhs with an average annual salary of ₹ 4.8 Lakhs.What does a SOC analyst do daily? ›
SOC analysts typically face an onslaught of security alerts every day. This can be security information and event management (SIEM) tools flagging alerts due to anomalies, correlation rules, or just regular alert configurations. The SOC analyst looks into each incident and ascertains the cause.Is SOC analyst a stressful job? ›
Alert overload, combined with the fact that SOC analysts often work in shift schedules that impact their biorhythm, makes SOC analysts' job quite stressful. But burnout is not the only problem.What is SOC analyst tier 1 salary in usa? ›
How much does an Entry Level Soc Analyst make? As of May 10, 2023, the average annual pay for an Entry Level Soc Analyst in the United States is $70,470 a year.What is SOC analyst Level 1 2 3? ›
Having a diverse security team beyond the four analyst tiers (Tier 1: Triage Specialist; Tier 2: Incident Responder; Tier 3: Threat Hunter; Tier 4: SOC Manager) can provide broader and deeper coverage. Those roles include titles such as vulnerability managers, threat intelligence, malware, and forensic analysts.What are SOC job responsibilities? ›
SOC teams are responsible for identifying, deploying, configuring, and managing their security infrastructure. Addressing Support Tickets: Many SOC teams are part of the IT department. This means that SOC analysts may be called upon to address support tickets from an organizations' employees.What qualifies you to be a SOC? ›
To become a security operations center analyst, you typically need a bachelor's degree in computer science or a related field and work experience.How do I become a SOC analyst from scratch? ›
A successful SOC analyst should have a basic knowledge of computer science. Some of these topics: Networking, operating systems, programming fundamentals, cybersecurity, etc. To acquire these skills, you can study Computer Science at a university and get a graduation certificate.How many SOC certifications are there? ›
SOC 1, SOC 2, and SOC 3 certifications all require a service organization to display controls regulating their interaction with clients and client data. SOC 1 reports on the service organization's controls related to its clients' financial reporting.How much is SOC 2 certification? ›
The SOC 2 compliance cost for Type 2 reports typically ranges between $7000 – $50000. Again, the costs depend on your organization's size, complexity (of systems & controls), audit readiness, TSCs chosen and the type of auditor. That said, the costs do add up when you include readiness assessments and other overheads.
How hard is it to get a cyber security certificate? ›
Although degrees in cyber security are typically not as tough as those in research- or lab-intensive fields like science and engineering, they are generally more challenging than non-research degrees like those in the humanities or business.Who provides the SOC certification? ›
SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place. The security principle refers to protection of system resources against unauthorized access.How much does a Level 3 SOC analyst make? ›
The national average salary for a Security Analyst III is ₹6,74,990 in India. Filter by location to see Security Analyst III salaries in your area.How much does a SOC analyst get paid near me? ›
The average SOC Analyst salary in Los Angeles, CA is $109,794 as of , but the salary range typically falls between $93,516 and $131,516. Salary ranges can vary widely depending on many important factors, including education, certifications, additional skills, the number of years you have spent in your profession.How many hours a week do SOC analysts work? ›
Ability to work more than 40 hours per week as needed (occasional night and weekend work required) and/or 12-hour shifts in a single day. Mid-level analyst requires 3+ years of experience working in…Is SOC a good career? ›
The position of a SOC analyst is a beginner position designed for recruits in the field of information security. While this position is not one of prestige in the field, it still holds significance in the overall field of cybersecurity with some fairly significant responsibilities.How do you train a SOC analyst? ›
- Train Analysts Against Real Threats on the Actual Infrastructure They Use. ...
- Perform Unannounced Attack Scenarios for Training Purposes. ...
- Get Analysts Engaged in Their Training. ...
- Tailor Training Exercises to What Actually Threatens Your Business.
Whereas a cybersecurity analyst may be the only cybersecurity professional at an organization, SOC analysts are generally part of a large security operations team. The SOC analyst role is the last line of defense against cybercriminals. Without them, hackers and other cyber criminals may never be found.What is the difference between Tier 1 and Tier 2 security analyst? ›
Tier 2 SOC analysts are more experienced than Tier 1. They can do everything a Tier 1 analyst can if needed, but their main job is to dive deeper into issues Tier 1 analysts refer to them. While a Tier 2 professional investigates an issue, they'll gather more data from various sources for further investigation.Is there a SOC certification? ›
SOC 2 certification is issued by outside auditors. They assess the extent to which a vendor complies with one or more of the five trust principles based on the systems and processes in place. The security principle refers to protection of system resources against unauthorized access.
Is SOC 2 Type 2 a certification? ›
SOC 2 Type II reports are the most comprehensive certification within the Systems and Organization Controls protocol. Organizations looking to engage with a managed service provider will find SOC 2 Type II is the most useful certification when considering a partner's security credentials.