Ready to Start Your Career?
June 29, 2018
Micro Handbook for SOC Analyst Career Path
June 29, 2018
June 29, 2018
In this micro handbook, we’ll cover the key elements of building a solid SOC Analyst career path.In a broad sense, security analysts help keep computing safe and work to protect computer users from loss, harm and other sorts of damage. They’re security assurance experts who constantly examine an organization's systems, networks, applications, infrastructure and digital communications to look for security exposures or vulnerabilities and, where necessary, perform remediation or mitigation.To become a SOC Analyst, brick-and-mortar IT experience is critical — knowledge of the real-world give-and-take that happens every day across corporate networks is essential for any person this route. But, experience alone isn’t enough; while companies typically want 1-3 years of field experience, they also want credentials and coursework demonstrating a consistent interest and aptitude for security analysis.What job responsibilities does a typical day for a SOC Analyst include? In a SOC, there are often no “typical days,” as there are many security-related functions being performed continuously to support a variety of needs, but your weekly and monthly job responsibilities may include (but aren’t limited to):
- IDS monitoring and analysis
- Network traffic and log analysis
- Insider threat and APT detection
- Malware analysis and forensics
- Understanding/ differentiation of intrusion attempts and false alarms
- Investigation tracking and threat resolution
- Compose security alert notifications
- Advise incident responders/ other teams on threats
- Security Information and Event Management (SIEM)
- TCP/IP, computer networking, routing and switching
- C, C++, C#, Java or PHP programming languages
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
- Windows, UNIX and Linux operating systems
- Network protocols and packet analysis tools
- Anti-virus and anti-malware
- Security+ (beginner)
- CEH (intermediate)
- CASP (intermediate)
- GIAC (intermediate)
- CISSP (advanced)
- Provide threat analysis and security logs for security devices
- Analyze and respond to hardware and software weaknesses and vulnerabilities
- Investigate, document, and report security problems and emerging security trends
- Coordinate with other analysts and departments regarding the system and network security when needed
- Maintain data and monitor security access
- Perform risk analyses, vulnerability testing, and security assessments
- Perform security audits (internal and external)
- Anticipate threats, incidents, and alerts to help prevent the likelihood of them occurring
- Manage network intrusion detection systems
- Analyze all security breaches to determine the root causes
- Make recommendations of countermeasures and install approved tools
- Coordinate security plans with relevant vendors
- Create, implement, and maintain security protocols and controls, including the protection of digital files and data against unauthorized access
- How can you detect SQL injection?
- What is the most common SQL injection tool?
- Name at least 3 different vulnerability scanners and patterns to identify them.
- What’s the difference between XSS and XSRF?
- What's XSS and why is it bad?
- How would you rank its severity?
- What is a TCP handshake; describe how SSL works, Whats difference between TCP/UDP?
- Describe how Heartbleed works or describe the POODLE attack.
- Can you write a Snort signature?
- Can you configure iptables?
- How many of the OWASP top 10 are you familiar with? Can you name them?
- What's the difference between an IDS and an IPS? Give examples of each.
- What is the OSI model and how might it be used in your position in this role?
- Why do you feel you’re qualified for this position?
- What is the most important/valuable thing you have learned from working here?
- What is unique about working at this company that you have not experienced elsewhere?
- What is the most fulfilling/exciting/technically complex project that you've worked on here so far?
- What are the strengths and weaknesses of the current team? What is being done to improve upon the weaknesses?
- How do you see this position evolving in the next three years?
- Who is your ideal candidate and how can I make myself more like them?
- 24/7 Preparation — Attackers don’t take the day off, and they know most companies are more vulnerable on evenings and weekends. Network incidents are your domain — anytime, anywhere.
- Drive to understand — It’s not enough to enjoy the concept of improved cybersecurity; effective SOC analysts are driven to discover how networks are being compromised, what can be done to improve defenses and why hackers are leveraging specific attack patterns.
- Willingness to learn — Security isn’t a static marketplace, meaning that regular re-training, upgrading, and re-certification will be required for best job performance. With hackers rapidly adapting to new security techniques, it’s critical for SOC analysts to stay ahead of the curve.
Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry