Ready to Start Your Career?
August 9, 2017
SOC Analyst: Interview Preparation
August 9, 2017
A few weeks ago, I was talking with a Cybrarian who had an upcoming interview for a SOC Analyst position and wanted some advice on how to best prepare. Aside from the general ‘interview success’ tips I knew offhand, I couldn’t provide much advice tailored to that role. So, I decided to do some research (as I always do) and put my findings into a blog, serving as a resource for anyone pursuing a SOC Analyst career.As a refresher for those unfamiliar, a SOC Analyst works in the Security Operations Center “providing situational awareness through the detection, containment, and remediation of IT threats.” These professionals need a wide range of skills and knowledge including SIEM, SQL, programming languages, network protocols, and anti-malware, among others.It is their responsibility to analyze and respond to undisclosed hardware and software vulnerabilities as well as investigate, document, and report on security issues and emerging trends.For those interested in being hired as a SOC Analyst, you may already meet the skill requirement, but nonetheless need to articulate your experience and problem-solving skills, which can be difficult to do. Not to worry, that’s where this post comes in!
What type of questions should I expect?Sample Linux-related questions:
- Do you have experience with Linux? Describe the extent of that experience.
- What are the steps to securing a Linux server?
- How do you change your DNS settings in Linux?
- Where do you get your security news?
- What is your analytical background?
- Who do you admire in the industry and why?
- Explain phishing and how it can be prevented.
- List the steps to data loss prevention.
- Explain how TCP works in detail. How is it different from UDP?
- Which Incident Response methodology do you prescribe to? Explain it and why you use it.
- We’re looking to implement a new security event manager. Describe your approach.
- How would you validate false positives and false negatives?
How should I prepare?Preparation is critical before any interview, but with the depth of topics covered in a security analyst screening require plenty of research and review is necessary. Not only should you research the company, key people in the organization and have a solid understanding of your would-be role specific to that organization, but you should also take the time to understand the OS, applications, and security tools they use.Joe Moles of Red Canary says, “Open-source intelligence (OSINT) and its use is an important skill, so put it to use before you even submit your resume. Research the company and understand what they do, how they do it, what is important to them, who the people are. The amount of information that can be found about a person or organization on the Internet anymore is astronomical. Even those dedicated tinfoil hat wearers have some presence on the Internet or in the InfoSec community.”In addition to company-specific knowledge, be ready to discuss industry-specific news, such as your thoughts on the latest breach or law. Demonstrate that you stay updated on the latest happenings and technology. Know the key players, the impact points, and your thoughts on prevention/ methods.Even if you consider yourself an expert who could detail TCP or phishing in their sleep, practice reciting your explanations aloud. Ask yourself, is there a better, simpler way this could be described? But, in doing so, do not try to sell yourself on what you don’t know. Memorizing information of which you have no genuine understanding of will not help you on the job.
- Soft skills matter, even for a technical role. Make sure your personality shines through
- Don’t just answer questions intelligently, ask them intelligently as well
- Dress the part. Even if your day-to-day work attire will be casual, show you care about the position by keeping it professional
- Align your skills to the job description using examples of work you’ve done or knowledge you have
- Acknowledge skills/ training gaps when applicable and provide that you desire to or are working to address them.