What is a SOC analyst? Job description, salary, and certification

What is a SOC analyst?

A SOC analyst is a cybersecurity professional who works as part of a team to monitor and fight threats to an organization’s IT infrastructure, and to assess security systems and measures for weaknesses and possible improvements. The SOC in the job title stands for security operations center; this is the name for the team, which consists of multiple analysts and other security pros, and often works together in a single physical location. A SOC may be an internal team serving a single enterprise or an outsourced service providing security for one or more external clients.

SOC analyst is a job title held by infosec newbies and more experienced pros alike. The job can be a great stepping stone into a cybersecurity career, but it’s also a demanding and somewhat repetitive job that can cause burnout. Let’s take a close look at what the job entails and the skills you need to succeed.

SOC analyst job description

Perhaps the best way to understand what a SOC analyst does is to ask one! SOC analyst Molly Webber recently gave an interview to the Center for Internet Security in which she describes her day:

I assist state, local, tribal, and territorial (SLTT) governments in monitoring their networks for malicious activity. The job requires great attention to detail and a general awareness for all things cyber. We look at IDS (Intrusion Detection System) alerts, suspicious emails, network logs, and any other resource that provide insight into an entity’s network activity. Analysts are expected to be able to read, understand, and notify on cyber trends. It’s critical that we have basic knowledge in areas like networking, malware analysis, incident response, and cyber etiquette.

The Prelude Institute describes SOC analysts as “watchdogs and security advisors,” which is a good way to capture their dual roles: they both keep an eye out for attacks in progress and try to figure out ways to beef up defenses to prevent or mitigate future attacks. To that end, they need to install security tools, investigate the suspicious activities those tools detect, support audit and compliance initiatives, and participate in developing security strategies.

That said, the task that can dominate the job, particularly at the entry level, is dealing with alerts thrown up by users and various security software, which in practice can mean wading through a lot of false positives. Kelly Jackson Higgins, writing in Dark Reading, describes the job as “one of the least glamorous and most tedious information security gigs: sitting all day in front of a computer screen, manually clicking through the thousands of raw alerts generated by firewalls, IDS/IPS, SIEM, and endpoint protection tools, and either ignoring or escalating them,” while enduring the “constant, gnawing fear of mistakenly dismissing that one alert tied to an actual attack.” That sounds like a grind, but there’s good news: she’s describing the life of a Tier 1 SOC Analyst, and you probably won’t stay at that level forever.

SOC analyst career path

The first step on this career path comes before you even get a job as a SOC analyst. The prerequisites aren’t that different from any of the many other beginning security jobs that have “analyst” in the title. The key thing to remember is that, as Jonathan Gonzalez, Lead Member of Technical Staff at AT&T says in this interview, “There’s no such thing as an entry-level job in cybersecurity.” Most people work for at least a year or two in networking or some similar IT discipline before moving over to a security job.

Source link