SOC Analyst: Interview Preparation

 A few weeks ago, I was talking with a Cybrarian who had an upcoming interview for a SOC Analyst position and wanted some advice on how to best prepare. Aside from the general ‘interview success’ tips I knew offhand, I couldn’t provide much advice tailored to that role. So, I decided to do some research (as I always do) and put my findings into a blog, serving as a resource for anyone pursuing a SOC Analyst career.As a refresher for those unfamiliar, a SOC Analyst works in the Security Operations Center “providing situational awareness through the detection, containment, and remediation of IT threats.” These professionals need a wide range of skills and knowledge including SIEM, SQL, programming languages, network protocols, and anti-malware, among others.It is their responsibility to analyze and respond to undisclosed hardware and software vulnerabilities as well as investigate, document, and report on security issues and emerging trends.For those interested in being hired as a SOC Analyst, you may already meet the skill requirement, but nonetheless need to articulate your experience and problem-solving skills, which can be difficult to do. Not to worry, that’s where this post comes in!

What type of questions should I expect?

Sample Linux-related questions:

1. Do you have experience with Linux? Describe the extent of that experience.
2. What are the steps to securing a Linux server?
3. How do you change your DNS settings in Linux?

Questions for getting a general sense of your background:

1. Where do you get your security news?
2. What is your analytical background?
3. Who do you admire in the industry and why?

Questions for understanding your depth of knowledge on critical topics:

1. Explain phishing and how it can be prevented.
2. List the steps to data loss prevention.
3. Explain how TCP works in detail. How is it different from UDP?

According to David O’Berry, worldwide technical strategist for McAfee, “Competent analysts don’t use buzzwords. They demonstrate an in-depth understanding of each step, each mechanism and object as well as the authentication framework.”Highlight your analytical prowess by walking them step-by-step through your thinking process.Questions for further exploring your depth of experience as a SOC Analyst:

1. Which Incident Response methodology do you prescribe to? Explain it and why you use it.
2. We’re looking to implement a new security event manager. Describe your approach.
3. How would you validate false positives and false negatives?

Keep in mind that every interview is different, so while you may not be asked these exact questions, the structure is meant to indicate those you may encounter. What you must do as a potential candidate, is paint a clear picture of your analytical thinking, problem-solving and technical skills.

How should I prepare?

Preparation is critical before any interview, but with the depth of topics covered in a security analyst screening require plenty of research and review is necessary. Not only should you research the company, key people in the organization and have a solid understanding of your would-be role specific to that organization, but you should also take the time to understand the OS, applications, and security tools they use.Joe Moles of Red Canary says, “Open-source intelligence (OSINT) and its use is an important skill, so put it to use before you even submit your resume. Research the company and understand what they do, how they do it, what is important to them, who the people are. The amount of information that can be found about a person or organization on the Internet anymore is astronomical. Even those dedicated tinfoil hat wearers have some presence on the Internet or in the InfoSec community.”In addition to company-specific knowledge, be ready to discuss industry-specific news, such as your thoughts on the latest breach or law. Demonstrate that you stay updated on the latest happenings and technology. Know the key players, the impact points, and your thoughts on prevention/ methods.Even if you consider yourself an expert who could detail TCP or phishing in their sleep, practice reciting your explanations aloud. Ask yourself, is there a better, simpler way this could be described? But, in doing so, do not try to sell yourself on what you don’t know. Memorizing information of which you have no genuine understanding of will not help you on the job.

Additional Tips

1. Soft skills matter, even for a technical role. Make sure your personality shines through
2. Don’t just answer questions intelligently, ask them intelligently as well
3. Dress the part. Even if your day-to-day work attire will be casual, show you care about the position by keeping it professional
4. Align your skills to the job description using examples of work you’ve done or knowledge you have
5. Acknowledge skills/ training gaps when applicable and provide that you desire to or are working to address them.

You don’t need a reminder that the job market is a competitive environment, which is why at Cybrary, we have tools in place to help you learn critical skills and earn desired industry certifications. Some may recall from my previous SOC Analyst post that the GIAC Security Essentials Certification, was requested in the majority of job descriptions I came across in my research. GIAC focuses on 50 objectives and certifies on a broad range of security skills.Olivia Lynch (@Cybrary_Olivia) is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.