Dividing SOC duties
A well-developed SOC will be made up of multiple roles in order to divide up responsibilities and ensure that each individual can focus on their specific tasks. Depending on the size of the team, there could be many roles and many layers of management, leadership, and expertise, or it could be a smaller team in which two or three individuals carry out all the roles between them.
At a high level, the operation of an SOC will require experts that know how to install and maintain the technology solutions required to run the SOC (that is, SOC engineers), and another set of experts that are able to use the solutions to hunt for threats and respond to security incidents (that is, SOC analysts). These two roles work together to provide constant feedback on what works well, and where improvements are required.
Let's review the primary differences between the two main roles, to understand the type of operational tasks they might need to carry out.