What is a SOC analyst?
SOC analysts work as members of a managed security services team. There are typically three tiers of SOC analysts, and job-specific duties may vary based on the organization you work for:
- SOC level 1 (tier 1) analysts typically monitor security tools, such as endpoint detection and response (EDR) and security information and event management (SIEM) tools, to identify potential anomalous activity on networks and systems. If anomalous activity is detected, they then escalate it to level 2 analysts.
- SOC level 2 (tier 2) analysts investigate anomalous behavior. In some instances, they may perform incident response (IR) duties and initial malware analysis. You might build IR playbooks and perform scripting to automate routine tasks. You might also see level 2 skills being requested for incident responder job postings. Your tier 2 SOC analyst might also set up the access for jump boxes and do light forensic investigation work.
- SOC level 3 (tier 3) analysts...