What is a SOC Analyst?

A security operations center (SOC) analyst is a cybersecurity staff member who is responsible for monitoring and fighting threats to an organization’s IT infrastructure. He or she is in charge of assessing security systems, identifying and patching vulnerabilities, and improving cyber resilience.

Some organizations choose to build their internal SOCs, but those that lack experts and know-how rely on outsourcers.

Becoming an SOC analyst can be an excellent career choice for those who want to jumpstart their career in cybersecurity. 

Other interesting terms…

• What is a Chief Security Officer (CSO)?
• What is an IT Security Analyst?

Read More about an “SOC Analyst”

Acting as the first line of defense against cyber threats, SOC analysts develop and implement security strategies for organizations. If you want to become part of a critical security team, read on to find out what course to take and skills to develop.

What Is an SOC?

An SOC is an organizational function whose primary goal is to secure an organization’s cyber resources. It comprises people, technologies, and processes working together to detect, respond to, and prevent cyber incidents.

To properly work, an SOC has to have visibility into the organization’s networks, data centers, devices, and other parts of its IT infrastructure. All activities are logged, and suspicious ones are analyzed within the SOC.

An SOC can be an internal department within an organization. The function can also be outsourced, meaning an organization pays a provider for its SOC services.

What Does an SOC Analyst Do?

The primary responsibilities of an SOC analyst include:

• Monitoring security access and reporting potential malicious activities to a superior
• Performing security and risk analyses to pinpoint vulnerabilities and assessing their potential impact on the organization
• Investigating breaches and identifying their root causes
• Preparing reports to help security leaders evaluate the effectiveness of security policies
• Recommending improvements to security standards
• Updating security systems to make sure the organization is sufficiently protected from cyber threats
• Performing security audits
• Collaborating with third-party vendors

What Qualifications and Skills Should an SOC Analyst Have?

Education

An SOC analyst should have at least a bachelor’s degree in computer science or any related field. Successful SOC analysts often undergo training and secure credentials from reputable organizations to become a Certified SOC Analyst (CSA). That is considered the first step to becoming an SOC team member.

Skills

The CSA program can help an SOC analyst acquire the necessary skills to become a Tier I and subsequently a Tier II analyst. Here’s how the two differ:

• Tier I SOC analyst: Often considered as a triage specialist with system administration skills in Linux, Windows, and macOS. A Tier I SOC analyst is also well-versed in Ruby on Rails, Python, PHP, C, C#, Java, and Perl. He or she helps team members review all incident alerts and determine their urgency. A Tier I SOC analyst also elevates priority concerns to their Tier II counterparts.

• Tier II SOC analyst: Also called an “incident responder.” A Tier II SOC analyst reviews tickets sent by his or her Tier I counterparts. He or she gathers new threat intelligence to determine the scope of an attempt or ongoing attack.

What Open-Source Tools Do SOC Analysts Often Use?

Since SOC analysts need to develop holistic security protection protocols, they need to use all available resources. Some of the open-source tools they can use are:

1. Delta: A project of the Open Networking Foundation, Delta helps detect potential problems within a software-defined network (SDN) and how these can be exploited. The tool can probe not only known but also unknown network vulnerabilities.

2. Ettercap: This is useful for testing man-in-the-middle (MitM) attacks. It explores how an environment responds to such an attack.

3. HoneyNet: This helps SOC analysts study commonly used attack patterns to come up with strategies to deceive perpetrators, thus helping safeguard network-connected assets in the future.

4. Infection Monkey: This is a complete tool that reveals events that can occur within a network once an attacker gains access.

5. Lynis: This reveals all utilities and applications in Unix-based systems, including their configurations and vulnerabilities.

6. Maltego: Primarily used for data mining and link analyses, Maltego provides a library of transformations for investigating threats.

7. Nagios: This helps monitor an entire network, including infrastructure, traffic, and all connected servers.

8. OpenVAS: This is a scanner that assesses and identifies assets that have vulnerabilities that can leave a network open to a security attack.

9. Snort: This is an intrusion detection and prevention system (IDS/IPS) that does real-time analyses to identify anomalies and attacks.

10. Vega: A web security scanner and testing platform, Vega helps test web applications to determine cross-site scripting (XSS), Structured Query Language (SQL) injection, and other vulnerabilities. 

How Much Does an SOC Analyst Earn on Average?

According to salary reports in Glassdoor, the average salary of a U.S.-based SOC analyst is US$98,864 a year. Improving one’s skills, and climbing up the ladder can significantly impact his or her salary.

What Does the Career Path of an SOC Analyst Look Like?

An SOC analyst can start as a Level or Tier I analyst tasked with analyzing and categorizing security alerts and user activities. Analysts at this level deal more with triage.

They can then become a Level or Tier II security analyst, requiring them to manage and remediate more complicated security incidents. This level is tasked with incident response and can also participate in system restoration.

Threat hunters are considered the Tier III SOC analysts. At this level, the analyst’s goal is to detect vulnerabilities in the organization’s systems and workflows so they can be patched before threat actors can exploit them.

An SOC analyst can move on to become a security engineer or architect. These analysts develop organizational processes and standard procedures that would be cascaded across all members of the SOC. Security engineers manage, implement, and monitor security solutions.

Finally, an SOC analyst can become an SOC manager. By then, he or she would oversee the whole SOC operations, including significant security breach response, personnel management, and budget proposal and management.

Key Takeaways

• The job of an SOC analyst is to improve an organization’s cyber resilience by assessing security systems and identifying and patching vulnerabilities.
• An SOC analyst should have at least a bachelor’s degree in computer science or any related field.
• The first step to becoming an SOC team member is to undergo and pass the CSA training.