Tier 1 SOC Analyst Job Interivew Prep. Need tips.

ksmith1983ksmith1983 Registered Users Posts: 4 ■■□□□□□□□□
Hello everyone.


i'm in the process of being considered for a Tier 1 Soc Analyst position.


and very soon i will be interviewed


i have a security + certification and a GCIH certification. i just earned both of them.


i also have a secret clearance too.


i'm trying to get whatever advice i can for people here on actions i can do to prepare for the job interview.


my guess is that i will get a technical screening on the phone first.


i looked at some old threads here about Soc Analyst Tier 1:


http://www.techexams.net/forums/jobs-degrees/129550-soc-analyst-tier-1-interview.html


http://www.techexams.net/forums/jobs-degrees/130810-soc-security-analyst-tier-1-job-offer.html


any additional advice would be appreciated.


thanks

Comments

  • RogueEnigmaRogueEnigma Member Posts: 15 ■■■□□□□□□□
    I would do the following.
    - Know the OSI model like the back of your hand. Not just the layers, but what each layer does.
    - Expect trick questions like "What layer of the OSI model does Ping fall on?"
    - Be able to name at least three current cyber security events currently in the news
    - Be able to name at least 5 sources of cyber news (ThreatWiire, SC Magazine, Krebs, etc)
    - Be able to go explain what you would do if you saw an attack at 3 in the morning and you were the only one in the SOC
    - Make them aware that cyber is a passion, not just a job role
    - Know the basics of Linux commands, and know something about shells
    - Be honest. ie, if they ask you how to reverse engineer malware (or something advanced)and you don't have the experience, tell them you haven't done that before. Don't bullshit.
    - Get familiar with a the basics of a few SIEMS (ArcSight, Sourcefire, Qradar, etc) Splunk is hot right now. Youtube is your friend.
    - Be able to explain PCAP (know some Wireshark filters)
    - Your GCIH will come in very handy, so utilize it in the conversation. "We did labs with <fill in the blank>"

    - Be confident
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    And to add:
    • Know how basic endpoint security works (e.g., computers, peripherals, IoT, etc.).
    • Know how basic midpoint security works (e.g., firewall/WAF, proxy/reverse proxy, IDS/IPS, etc.).
    • Know about Cloud security vs Data Center security. (tip: AWS Assoc cert puts you above your competition).
    • Emphasize any experience you have in programming, writing reports/documentation, or IT host/network admin.
    • Understand all of the ways a large enterprise can be cyber-attacked.
    • Be able to talk about current InfoSec events like it's sports-talk--especially when related to APT.
    • Don't apologize for not knowing the answer to a question; just do your best to answer it.
    • Remember to breathe.
  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    ASK a lot of questions as well. Show your interest. Be early.
    Never let your fear decide your fate....
  • ksmith1983ksmith1983 Registered Users Posts: 4 ■■□□□□□□□□
    Thanks guys! much appreciated.

    Thank u so much. this has been very helpful
Sign In or Register to comment.