In this micro handbook, we’ll cover the key elements of building a solid SOC Analyst career path.In a broad sense, security analysts help keep computing safe and work to protect computer users from loss, harm and other sorts of damage. They’re security assurance experts who constantly examine an organization's systems, networks, applications, infrastructure and digital communications to look for security exposures or vulnerabilities and, where necessary, perform remediation or mitigation.To become a SOC Analyst, brick-and-mortar IT experience is critical — knowledge of the real-world give-and-take that happens every day across corporate networks is essential for any person this route. But, experience alone isn’t enough; while companies typically want 1-3 years of field experience, they also want credentials and coursework demonstrating a consistent interest and aptitude for security analysis.What job responsibilities does a typical day for a SOC Analyst include? In a SOC, there are often no “typical days,” as there are many security-related functions being performed continuously to support a variety of needs, but your weekly and monthly job responsibilities may include (but aren’t limited to):
IDS monitoring and analysis
Network traffic and log analysis
Insider threat and APT detection
Malware analysis and forensics
Understanding/ differentiation of intrusion attempts and false alarms
Investigation tracking and threat resolution
Compose security alert notifications
Advise incident responders/ other teams on threats
Learn how to become a SOC Analyst today >>In order to perform the many job responsibilities of a SOC Analyst, let’s start with the technical skills you’ll need to know:SOC Analysts positions (especially Tier 1 positions) require constant network monitoring, reports analysis and the ability to quickly respond (all day, every day) when IT issues emerge.You’ll need knowledge of web applications, systems administration, programming, debugging, and threat identification. It’s a mixed bag, but necessary for SOC Analysts to identify threats, handle threat reports, and take immediate action.Desired technical experience can include:
Security Information and Event Management (SIEM)
TCP/IP, computer networking, routing and switching
C, C++, C#, Java or PHP programming languages
IDS/IPS, penetration and vulnerability testing
Firewall and intrusion detection/prevention protocols
Windows, UNIX and Linux operating systems
Network protocols and packet analysis tools
Anti-virus and anti-malware
Next, let’s review certifications you’ll want to consider. The certifications (beginner-intermediate) listed below outline those that can be desired for a SOC Analyst, or those (intermediate-advanced) for those working their way towards a SOC manager position. These requirements are dependent on the specifics of a given organization and how that SOC Analyst fits in with the larger structure of the organization.
Now, onto “soft skills.” You need better-than-average problem-solving skills and resilience when things don’t go according to plan. But, this is just the beginning: with IT now serving as a critical part of business ROI instead of a cost center and security the first line of defense against reputation damage or monetary loss, infosec pros must be able to effectively communicate with the C-suite to secure funding and implement company-wide policies.Don’t overlook the idea of “new skills.” Malicious actors are perpetually seeking countless ways to compromise networks. And, given the sheer amount of open-source code used by organizations, even small vulnerabilities can evolve into large issues. Hence, SOC analysts must be committed to regular training and skills updating to keep them on pace with emerging attack methods.How about gaming experience? According to a recent study, 72 percent of IT security staff said that hiring experienced video gamers “could help close the cybersecurity skills gap, even if they don’t have previous infosec expertise.” Why? Because gamers typically come with qualities such as resilience in the face of failure, creative problem solving, and a drive to defeat potential adversaries.Learn how to become a SOC Analyst today >>If you’re ready to pursue a career as a SOC Analyst or work towards a SOC manager position, it’s time to build or beef up your resume. If you’ve performed some of the work listed below, you may wish to include some of these responsibilities on your resume:
Provide threat analysis and security logs for security devices
Analyze and respond to hardware and software weaknesses and vulnerabilities
Investigate, document, and report security problems and emerging security trends
Coordinate with other analysts and departments regarding the system and network security when needed
Maintain data and monitor security access
Perform risk analyses, vulnerability testing, and security assessments
Perform security audits (internal and external)
Anticipate threats, incidents, and alerts to help prevent the likelihood of them occurring
Manage network intrusion detection systems
Analyze all security breaches to determine the root causes
Make recommendations of countermeasures and install approved tools
Coordinate security plans with relevant vendors
Create, implement, and maintain security protocols and controls, including the protection of digital files and data against unauthorized access
A quick word on customizing your resume: Your resume should be customized for each job you're interviewing for. The desired skill sets the employer is looking for should be listed on the top of your resume. Most people tend to put their most recent or best skills first, and that's OK. But it's better to put the requested skills on top where the hiring manager can see them.Are you ready to start interviewing? After you’ve built your resume and applied for open positions that caught your eye, it’s time to think about a few SOC interview questions you might be asked.
How can you detect SQL injection?
What is the most common SQL injection tool?
Name at least 3 different vulnerability scanners and patterns to identify them.
What’s the difference between XSS and XSRF?
What's XSS and why is it bad?
How would you rank its severity?
What is a TCP handshake; describe how SSL works, Whats difference between TCP/UDP?
Describe how Heartbleed works or describe the POODLE attack.
Can you write a Snort signature?
Can you configure iptables?
How many of the OWASP top 10 are you familiar with? Can you name them?
What's the difference between an IDS and an IPS? Give examples of each.
What is the OSI model and how might it be used in your position in this role?
Why do you feel you’re qualified for this position?
Don’t forget to ask... Interviewing is a two-way street. Remember that, just as much as the company is interviewing you, you are interviewing the company to ensure there’s a good fit. Don’t be shy about asking questions. They’ll allow you to show interest and discern if the company culture and environment is right for you. Here a few questions to consider asking your interviewer(s) during your interviews:
What is the most important/valuable thing you have learned from working here?
What is unique about working at this company that you have not experienced elsewhere?
What is the most fulfilling/exciting/technically complex project that you've worked on here so far?
What are the strengths and weaknesses of the current team? What is being done to improve upon the weaknesses?
How do you see this position evolving in the next three years?
Who is your ideal candidate and how can I make myself more like them?
What to do after the interview: if you're interested in the job, make sure you tell the interviewer you really want it. Many candidates have earned offers when they seemed highly interested in the job, even if they had a little less experience or qualifications than others. Follow-up emails and letters can't hurt but don't stalk the interviewer. If they want you, they will call.Learn how to become a SOC Analyst today >>In summary, remember that for SOC candidates, the changing market requires critical skills including:
24/7 Preparation — Attackers don’t take the day off, and they know most companies are more vulnerable on evenings and weekends. Network incidents are your domain — anytime, anywhere.
Drive to understand — It’s not enough to enjoy the concept of improved cybersecurity; effective SOC analysts are driven to discover how networks are being compromised, what can be done to improve defenses and why hackers are leveraging specific attack patterns.
Willingness to learn — Security isn’t a static marketplace, meaning that regular re-training, upgrading, and re-certification will be required for best job performance. With hackers rapidly adapting to new security techniques, it’s critical for SOC analysts to stay ahead of the curve.