Become a SOC Analyst - Level 2

Overview
What Are Some SOC Analyst Roles and Responsibilities?
In general, the role of the SOC analyst is to plan, monitor, and implement security measures to protect an organization’s computer systems, networks, and data. To do this, SOC analysts must stay up-to-date on the most current intelligence, including hackers’ practices and tactics, to anticipate and prevent security threats and breaches.In addition to the above, as an SOC analyst, you will likely be required to:
What Are Some SOC Analyst Job Requirements?
Each organization that is hiring an SOC analyst will have its own degree and work experience requirements for candidates. However, it’s most common for organizations to require that SOC analyst candidates have a bachelor’s degree in computer science or another relevant field, as well as at least one year of IT work experience.Some of the other common requirements for SOC analyst positions are:
Some of the common technical knowledge requirements include:
What is a Typical SOC Analyst Job Description?
As a security operations center analyst your primary duty is to ensure that the organization’s digital assets are secure and protected from unauthorized access. That means that you are responsible for protecting both online and on-premise infrastructures, monitoring metrics and data to identify suspicious activity, and identifying and mitigating risks before there is a breach. In the event that a breach does occur, an SOC analyst will be on the front line, working to counter the attack.Additionally, SOC analysts must generate reporting for managers and IT administrators to evaluate the effectiveness of current security protocols. Then you will be responsible for making any necessary modifications to establish a more secure network. You may be required to create training programs and curriculum to educate the organization’s employees and network users on proper security policies and procedures.
Candidates for the SOC analyst position must have analytical skills, communication skills, and the desire to stay up-to-date on the latest technology. It’s also important that you are prepared to sift through huge amounts of information to identify threats or other security issues, and to be flexible and available at any time – because threats and attacks can happen at any time, day or night.
A Day in the Life of an SOC Analyst
As an SOC analyst, you will likely find that no two days are alike in a security operations center – hackers and other adversaries don’t follow a specific schedule, and how much time you have to spend on an individual incident can depend on many factors. You may be able to circumvent an attack quickly in some cases, while others much more time and attention.While you will be required to ascertain the weaknesses of hardware, software, and network infrastructure and establish ways to protect it daily, the nature of information security means that each day may bring different situations, tasks, and challenges. When there is a threat or an attack, your team will likely work nonstop to expose the attack, shut down access to your systems, resolve the issue, work to prevent the same type of attack from happening in the future, and document and communicate appropriate information to management or clients.
SOC analysts may have to be willing to work at odd hours, outside of the normal workday, to perform the necessary incident response to protect the digital assets of the organization. You can rest assured that as an SOC analyst, you will not experience boredom or repetition in your daily duties.
How Long Will It Take To Be Job Ready?

NMAP

MITRE ATT&CK Defender™ (MAD) ATT&CK® Fundamentals Badge Training

Advanced Cyber Threat Intelligence

Incident Response and Advanced Forensics

Computer Hacking and Forensics

Perform a Network Vulnerability Assessment Using Nmap
The Network Vulnerability Assessment Using Nmap Advanced IT pro Challenge from Learn on Demand challenges students to perform a variety of network vulnerability scans in Ubuntu against hosts and machines. This requires the installation of Nmap, Apache2 packages, and configuring the Linux Uncomplicated Firewall(ufw) to block ICMP ping requests.

Identify Non-Secure Network Traffic
In this IT Pro Challenge virtual lab, you will get hands-on experience using Wireshark to sniff network traffic and detect non-secure protocols being used in the environment. You will investigate evidence of secured versus non-secure traffic. The skills you will learn in this lab are essential for network security analysts and penetration testers.

Monitoring Network Traffic for Potential IOA/IOC
In this lab we will replicate potentially malicious scans from the Internet against a corporate asset. Scans from the Internet are very common. An analyst should know how to identify this activity by artifacts that are present in the IDS as well as entries in the web logs.

Performing Incident Response in a Windows Environment
Take on the role of the lead incident responder on a sysadmin team, and use incident response methodologies to: determine what happened, identify any malicious files found on the system, take the appropriate steps to resolve any discovered issues, and investigate critical system modifications to determine if a virus was installed on the machine.

Finding Malicious Indicators Lab
In this lab, you will get an opportunity to examine a system that was and is still actively compromised by an attacker. You have likely read articles in the news or heard from your professors about some of the various high-profile attacks where large companies had systems compromised. It is important to be able to look at a system and know how to examine it in order to determine if the system has been compromised. There are utilities that are built into the operating system as well as third-party utilities that can be utilized to help you determine if a system is compromised. Some of the common tasks that be performed to check for a system compromise include examining network connections, file time stamps, viewing the registry, and dumping and examining the RAM of the system. This lab will help you learn about the possible indications of a compromised system.

Investigating a Network Compromise Lab
A network compromise is when your system is attacked and an attacker has a foothold over the operating system and has performed various actions such as installing back doors, modifying the file system, and created log file entries. It is critical for you to be able to know what the indicators of a network compromise are and know how to respond to one.

Identify Rootkit and DLL Injection Activity
Students will use Olly Debugger and Process Hacker to debug a suspect program and determine if any of the observed behavior is malicious or not. This lab shows one possible way malicious software hooks into legitimate programs and will provide an "under the hood" perspective on how programs work in the Windows environment.