Security Operations Center (SOC) ROLES
The SOC manager should develop a workflow model and implement SOPs for incident-handling that guide the analysts through the triage and response procedures.
Security analyst tiered responsibilities may include:
Tier 1
- Continuously monitors the alert queue
- Triages security alerts
- Monitors the health of the security sensors and endpoints
- Collects data and context necessary to initiate Tier 2 work
Tier 2
- Performs deep-dive incident analysis by correlating data from various sources
- Determines if a critical system or data set has been impacted
- Advises on remediation
- Provides support for new analytic methods that are used in threat detection
Tier 3
- Possesses in-depth technical knowledge on the network, endpoint, threat intelligence, forensics, malware reverse engineering, and the functioning of specific applications or underlying IT infrastructure
- Acts as an incident hunter, not waiting for escalated incidents
- Closely involved in developing, tuning, and implementing threat detection analytics