So you’re considering a career as a security operations center (SOC) analyst. You’re not alone — with more than 350,000 unfilled cybersecurity positions in the US and a predicted IT skills gap
of more than 3.5 million
open jobs by 2021, potential SOC analysts see the benefit of a job seeker’s marketplace that recognizes the value of security experience and offers better-than-average salaries to keep IT pros satisfied.The caveat? Companies aren’t willing to compromise their existing security posture for unqualified candidates, even in a skills-limited environment. The result? Prospective SOC analysts need to be ready for whatever comes their way during the recruitment process — let's unpack the SOC interview step-by-step.Laying the Groundwork
Before you get into the interview room and meet the hiring team face-to-face, make sure you’ve laid the groundwork for success. First, check your experience and qualifications. Since SOC analysts typically make upwards of $90,000 per year, companies are looking for security professionals with several years of infosec experience under their belt, along with certifications such as:
- Certified ethical hacker (CEH)
- CompTIA Security+
- GIAC certifications including GSEC, GHIC, and GCIA
- Certified reverse engineering analyst
Also, make sure your security knowledge is up to date. This knowledge goes beyond basic infosec qualifications and field experience — companies are looking for SOC analysts with a passion for security, so take the time to learn about current attack vectors (both cybercriminal and nation-state), security trends, emerging security technologies and how they play a role in shoring up network defense.Into the Interview
It’s interview time. Expect questions like:
- If you were an attacker, how would you compromise our network?
As part of a security operations team, it’s your job to both incoming monitor traffic for potential threats and digs through collected metrics to discover where corporate networks may be vulnerable. Interviewers will assume that you’ve taken a cursory look at the company’s website and network structure — and will ask how you would compromise existing security controls. Given the success rate of both phishing attacks and drive-by malware downloads, either choice is a solid starting point.
- What type of encryption should we use to secure our data?
Encrypt everything. Too many companies lose data and damage customer trust when they don’t bother to encrypt critical information. But what’s the best way? Be prepared to answer intelligently about both asymmetric (more secure but slower) and symmetric encryption and how they can be used in tandem to improve overall security. Knowledge of password hashing techniques and evolving encryption expectations — 256 or 512 bit wherever possible — is also beneficial.
- Explain the problem with SSL
As a follow-up to basic encryption questions, interviewers will likely ask about SSL. While secure sockets layer provides robust identity verification, you need to articulate that it does not provide hard data encryption. What's more, even in conjunction with TLS, it is still vulnerable to specific attack vectors, especially those that leverage its typical implementation and method of action.Heartbleed is the most obvious example, but the increasing amount of encrypted web traffic not subject to scrutiny because it’s “safe” also stems from overreliance on SSL. Ultimately, interviewers want candidates to articulate that no encryption method is foolproof when used in isolation.
- Tell me about a security project you’ve completed
This one is more open-ended, but often trips up candidates who give short answers about rolling out biometrics or ID and access tools.Here’s why: The tendency here is to give the bullet-point version of events — did X, completed Y, saw Z benefit. The problem? Interviewers need to know your process. If you implemented new ID controls, explain why
this was necessary — what was the pain point, and what solution did you create? How was it implemented? Were there any challenges with deployment? What was the outcome?The goal isn’t to lay out every technical detail but make it clear that you’re capable of identifying security issues, analyzing them to determine their impact and then creating targeted solutions which address underlying concerns.
As noted above, potential SOC analysts must be passionate about their work if they expect to land the job. This means you’ll get questions about your primary source for infosec news — what publications are you reading? Who do you follow on Twitter? What developments are you watching in the security space?If you are someone who naturally picks up this kind of knowledge “on the job” and do not specifically seek out security news sources, it is vital that you take the time to cultivate a few infosec interests. Tie them to your natural job strengths to help boost your interview performance.Landing the Job
The SOC analyst interview can be intimidating for potential candidates. But with the inside track on what you can expect — paired with a certification-based career builder
— you can own the room, and land the job