Security Event Analyst - Anyone done it?

the_Grinch

Found a job posting for an event analyst and was wondering if anyone had worked in a SOC before? I was on a NOC for almost two years and I suspect it isn't too much different, but was just looking for some insight.

tpatt100

Usually from my experience it means being able to analyze a security event and provide feedback, document, offer a means of fixing/remediation.

It usually requires a more broad experience level due to all the types of security incidents possible.

thegoodbye

I worked for a MSSP in a SOC as my first job out of college. It wasn't a bad job, but it was definitely monotonous. The job mostly entailed reviewing IDS/IPS/Firewall logs and sending email notifications to various clients while meeting their required SLAs. Also, most SOC's are a 24/7/365 operation, so you may be on 2nd or 3rd shift and you'll likely have to work some holidays.

the_Grinch

I have a fairly broad knowledge base as I haven't specialized in anything and I was on the 8 pm to 6 am shift for a long time (and loved it!). Thanks for the info guys!

paul78

Being a joat is likely going to be a big asset in a SOC. That's probably the big difference.

While I have never worked in a NOC or SOC, I work closely as a consumer of those types of services. Usually, with NOC engineers, my expectations are to get the details of some network related issue and how they plan to fix it. When I deal with the SOC, I generally expect the analyst to know a wide range of interwoven topics, from application-level exploit attempts, virus and malware, network protocol intrusions, etc., etc.. Nothing detailed but a good cursory understanding of the threat being reported and the impact analysis.