Ready to Start Your Career?

By: ginasilvertree
June 29, 2018
Micro Handbook for SOC Analyst Career Path

By: ginasilvertree
June 29, 2018

- IDS monitoring and analysis
- Network traffic and log analysis
- Insider threat and APT detection
- Malware analysis and forensics
- Understanding/ differentiation of intrusion attempts and false alarms
- Investigation tracking and threat resolution
- Compose security alert notifications
- Advise incident responders/ other teams on threats
- Security Information and Event Management (SIEM)
- SQL
- TCP/IP, computer networking, routing and switching
- C, C++, C#, Java or PHP programming languages
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Windows, UNIX and Linux operating systems
- Network protocols and packet analysis tools
- Anti-virus and anti-malware
- Security+ (beginner)
- CEH (intermediate)
- CASP (intermediate)
- GIAC (intermediate)
- CISSP (advanced)
- Provide threat analysis and security logs for security devices
- Analyze and respond to hardware and software weaknesses and vulnerabilities
- Investigate, document, and report security problems and emerging security trends
- Coordinate with other analysts and departments regarding the system and network security when needed
- Maintain data and monitor security access
- Perform risk analyses, vulnerability testing, and security assessments
- Perform security audits (internal and external)
- Anticipate threats, incidents, and alerts to help prevent the likelihood of them occurring
- Manage network intrusion detection systems
- Analyze all security breaches to determine the root causes
- Make recommendations of countermeasures and install approved tools
- Coordinate security plans with relevant vendors
- Create, implement, and maintain security protocols and controls, including the protection of digital files and data against unauthorized access
- How can you detect SQL injection?
- What is the most common SQL injection tool?
- Name at least 3 different vulnerability scanners and patterns to identify them.
- What’s the difference between XSS and XSRF?
- What's XSS and why is it bad?
- How would you rank its severity?
- What is a TCP handshake; describe how SSL works, Whats difference between TCP/UDP?
- Describe how Heartbleed works or describe the POODLE attack.
- Can you write a Snort signature?
- Can you configure iptables?
- How many of the OWASP top 10 are you familiar with? Can you name them?
- What's the difference between an IDS and an IPS? Give examples of each.
- What is the OSI model and how might it be used in your position in this role?
- Why do you feel you’re qualified for this position?
- What is the most important/valuable thing you have learned from working here?
- What is unique about working at this company that you have not experienced elsewhere?
- What is the most fulfilling/exciting/technically complex project that you've worked on here so far?
- What are the strengths and weaknesses of the current team? What is being done to improve upon the weaknesses?
- How do you see this position evolving in the next three years?
- Who is your ideal candidate and how can I make myself more like them?
- 24/7 Preparation — Attackers don’t take the day off, and they know most companies are more vulnerable on evenings and weekends. Network incidents are your domain — anytime, anywhere.
- Drive to understand — It’s not enough to enjoy the concept of improved cybersecurity; effective SOC analysts are driven to discover how networks are being compromised, what can be done to improve defenses and why hackers are leveraging specific attack patterns.
- Willingness to learn — Security isn’t a static marketplace, meaning that regular re-training, upgrading, and re-certification will be required for best job performance. With hackers rapidly adapting to new security techniques, it’s critical for SOC analysts to stay ahead of the curve.
- https://www.cybrary.it/2018/06/unpacking-interview-soc-analyst/
- https://www.cybrary.it/2018/05/educationexperience-balancing-act-advancing-soc-career/
- https://www.cybrary.it/2018/04/soc-analyst-career-track/
- https://www.cybrary.it/2017/08/soc-analyst-interview-preparation/
- https://www.cybrary.it/2017/08/soc-analyst-career-path-overview/
- https://www.cybrary.it/2018/05/educationexperience-balancing-act-advancing-soc-career/
- https://www.businessnewsdaily.com/6280-become-a-security-analyst.html
- https://www.reddit.com/r/AskNetsec/comments/3p2m3i/soc_analyst_interview_questions/
- https://www.csoonline.com/article/2610475/security/how-to-land-a-job-in-it-security.html?page=2