Anyone work in a SOC?

ArabianKnightArabianKnight Member Posts: 278 ■■■□□□□□□□
I am trying to get a better idea of the functions of the different tier levels in a typical Security Operations Center from tier 1-3 or higher if there are any higher tiers. What would be a typical day of a tier 1? Much downtime or are you constantly starring at logs?

Really trying to get a good picture and see if this is something I want to pursue, or more of a network security engineer type position.

Comments

  • ArabianKnightArabianKnight Member Posts: 278 ■■■□□□□□□□
  • dmoore44dmoore44 Member Posts: 646
    Yes - I do. I work at Tier 2, which means I perform advanced event analysis and perform incident handling responsibilities. Essentially, a lot of my day revolves around looking at events in a SIEM and attempting to divine if something bad is happening. I also perform a lot of IDS/IPS/event log source tuning (either at the actual log source, or as part of the aggregation/correlation rules).
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • ArabianKnightArabianKnight Member Posts: 278 ■■■□□□□□□□
    dmoore44 wrote: »
    Yes - I do. I work at Tier 2, which means I perform advanced event analysis and perform incident handling responsibilities. Essentially, a lot of my day revolves around looking at events in a SIEM and attempting to divine if something bad is happening. I also perform a lot of IDS/IPS/event log source tuning (either at the actual log source, or as part of the aggregation/correlation rules).

    Cool....what do your Tier one personnel do? I have been getting calls for entry level SOC positions and am trying to get some insight into daily activities beyond the generic job description.
  • E Double UE Double U Member Posts: 2,233 ■■■■■■■■■■
    I was tier I in a SOC and I monitored events (mostly false positive). I also performed change requests - proxy (Blue Coat) and firewall (Cisco, Check Point).
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
Sign In or Register to comment.