Tier 1 SOC Analyst Job Interivew Prep. Need tips.

ksmith1983

Hello everyone.

i'm in the process of being considered for a Tier 1 Soc Analyst position.

and very soon i will be interviewed

i have a security + certification and a GCIH certification. i just earned both of them.

i also have a secret clearance too.

i'm trying to get whatever advice i can for people here on actions i can do to prepare for the job interview.

my guess is that i will get a technical screening on the phone first.

i looked at some old threads here about Soc Analyst Tier 1:

http://www.techexams.net/forums/jobs-degrees/129550-soc-analyst-tier-1-interview.html

http://www.techexams.net/forums/jobs-degrees/130810-soc-security-analyst-tier-1-job-offer.html

any additional advice would be appreciated.

thanks

Find more posts tagged with

Comments

RogueEnigma

I would do the following.
- Know the OSI model like the back of your hand. Not just the layers, but what each layer does.
- Expect trick questions like "What layer of the OSI model does Ping fall on?"
- Be able to name at least three current cyber security events currently in the news
- Be able to name at least 5 sources of cyber news (ThreatWiire, SC Magazine, Krebs, etc)
- Be able to go explain what you would do if you saw an attack at 3 in the morning and you were the only one in the SOC
- Make them aware that cyber is a passion, not just a job role
- Know the basics of Linux commands, and know something about shells
- Be honest. ie, if they ask you how to reverse engineer malware (or something advanced)and you don't have the experience, tell them you haven't done that before. Don't bullshit.
- Get familiar with a the basics of a few SIEMS (ArcSight, Sourcefire, Qradar, etc) Splunk is hot right now. Youtube is your friend.
- Be able to explain PCAP (know some Wireshark filters)
- Your GCIH will come in very handy, so utilize it in the conversation. "We did labs with <fill in the blank>"

- Be confident

JDMurray

And to add:

Know how basic endpoint security works (e.g., computers, peripherals, IoT, etc.).
Know how basic midpoint security works (e.g., firewall/WAF, proxy/reverse proxy, IDS/IPS, etc.).
Know about Cloud security vs Data Center security. (tip: AWS Assoc cert puts you above your competition).
Emphasize any experience you have in programming, writing reports/documentation, or IT host/network admin.
Understand all of the ways a large enterprise can be cyber-attacked.
Be able to talk about current InfoSec events like it's sports-talk--especially when related to APT.
Don't apologize for not knowing the answer to a question; just do your best to answer it.
Remember to breathe.

scaredoftests

ASK a lot of questions as well. Show your interest. Be early.

ksmith1983

Thanks guys! much appreciated.

Thank u so much. this has been very helpful