Security Operations Center (SOC) ROLES

Security Operations Center (SOC) ROLES

The SOC manager should develop a workflow model and implement SOPs for incident-handling that guide the analysts through the triage and response procedures.
Security analyst tiered responsibilities may include:

Tier 1

  • Continuously monitors the alert queue
  • Triages security alerts
  • Monitors the health of the security sensors and endpoints
  • Collects data and context necessary to initiate Tier 2 work

Tier 2

  • Performs deep-dive incident analysis by correlating data from various sources
  • Determines if a critical system or data set has been impacted
  • Advises on remediation
  • Provides support for new analytic methods that are used in threat detection

Tier 3

  • Possesses in-depth technical knowledge on the network, endpoint, threat intelligence, forensics, malware reverse engineering, and the functioning of specific applications or underlying IT infrastructure
  • Acts as an incident hunter, not waiting for escalated incidents
  • Closely involved in developing, tuning, and implementing threat detection analytics
Comments are closed.