Does your organization need a SOC team? While that point is highly debated and some organizations find it an absolute necessity and pay attention to forming one right away – there are still many others who only learn by a bad experience.
But exactly what is ‘SOC’ and who are the different security personnel in it? Let us explore more in this blog post.
A ‘Security Operations center’ or the SOC team consists of several InfoSec professionals who primarily have to monitor everyday activities in the security realm and react appropriately when a security incident takes place. After all in spite of all countermeasures and strategies, security incidents do shake up an organization and bring it to its knees every once in a while.
The primary job for those in the SOC team involves constantly monitoring the system for threats and vulnerabilities in a 24/7 environment and responding to security incidents right away.
Primary duties within a SOC:
While most of the day in a SOC team member’s life may be hum-drum, when a security incident is detected, a SOC team member’s job role might suddenly get energized just in a matter of minutes!!
These are some of the primary duties within a SOC:
The different roles in a SOC:
So, who are the different security personnel who form the core SOC team? What are their roles and responsibilities? Let us see more:
The SOC team consists of the following roles:-
The primary responsibility of the ‘Security analyst’ in a SOC team will be to review alerts and setup tickets for any malicious activities. They are the first people to respond to an incident. They also make sure that appropriate training is given to all staff members so that all SOC members have adequate knowledge to handle all the security incidents. In addition they also run vulnerability scans and review vulnerability assessment reports.
2 Security Engineer
A ‘Security engineer’ in a SOC team configures the tools and solutions that are used to monitor the various activities. In addition, they also draw the procedures, requirements and protocols.
3 SOC Manager
In addition to having all the skills of a security analyst and security engineer in a SOC team, the SOC manager also needs good managerial skills to manage the SOC team efficiently. He/She reports to the CISO. He/She needs good communication skills and should be able to present the effective SOC results to CISO.
4 CISO (Chief Information security officer)
The CISO is the ultimate head of the SOC team. He/She reviews policies, procedures, strategies for the cybersecurity team. He/She also communicates other security strategies and outcomes to the upper management.
Skills needed to be a part of the SOC team:
We have seen the different details of the SOC team.