The SOC manager should develop a workflow model and implement SOPs for incident-handling that guide the analysts through the triage and response procedures.
Security analyst tiered responsibilities may include:

Tier 1

• Continuously monitors the alert queue
• Triages security alerts
• Monitors the health of the security sensors and endpoints
• Collects data and context necessary to initiate Tier 2 work

Tier 2

• Performs deep-dive incident analysis by correlating data from various sources
• Determines if a critical system or data set has been impacted
• Advises on remediation
• Provides support for new analytic methods that are used in threat detection

Tier 3

• Possesses in-depth technical knowledge on the network, endpoint, threat intelligence, forensics, malware reverse engineering, and the functioning of specific applications or underlying IT infrastructure
• Acts as an incident hunter, not waiting for escalated incidents
• Closely involved in developing, tuning, and implementing threat detection analytics