upto 50% Off Upgrade your Skills with our Special Offers! JOIN NOW X

What is ‘SOC’?

Does your organization need a SOC team? While that point is highly debated and some organizations find it an absolute necessity and pay attention to forming one right away – there are still many others who only learn by a bad experience.

But exactly what is ‘SOC’ and who are the different security personnel in it? Let us explore more in this blog post.

SOC:

A ‘Security Operations center’ or the SOC team consists of several InfoSec professionals who primarily have to monitor everyday activities in the security realm and react appropriately when a security incident takes place.  After all in spite of all countermeasures and strategies, security incidents do shake up an organization and bring it to its knees every once in a while.

The primary job for those in the SOC team involves constantly monitoring the system for threats and vulnerabilities in a 24/7 environment and responding to security incidents right away.

Primary duties within a SOC:

While most of the day in a SOC team member’s life may be hum-drum, when a security incident is detected, a SOC team member’s job role might suddenly get energized just in a matter of minutes!!

These are some of the primary duties within a SOC:

  1. Monitor raw data on login and logoff events, networks, servers, databases, endpoints and applications.
  2. Setup alerts to monitor the various events
  3. Review alerts and keep a keen eye for any malicious activities
  4. If there any malicious activities detected, a triage of the sequence of activities should be performed
  5. Incident responders should appropriately be notified and the threats should be resolved
  6. A SOC team member is also involved in ‘malware analysis’ and forensics.

The different roles in a SOC:

So, who are the different security personnel who form the core SOC team? What are their roles and responsibilities? Let us see more:

The SOC team consists of the following roles:-

1.Security Analyst

The primary responsibility of the ‘Security analyst’ in a SOC team will be to review alerts and setup tickets for any malicious activities. They are the first people to respond to an incident. They also make sure that appropriate training is given to all staff members so that all SOC members have adequate knowledge to handle all the security incidents. In addition they also run vulnerability scans and review vulnerability assessment reports.

2 Security Engineer

A ‘Security engineer’ in a SOC team configures the tools and solutions that are used to monitor the various activities. In addition, they also draw the procedures, requirements and protocols.

3 SOC Manager

In addition to having all the skills of a security analyst and security engineer in a SOC team, the SOC manager also needs good managerial skills to manage the SOC team efficiently. He/She reports to the CISO.  He/She needs good communication skills and should be able to present the effective SOC results to CISO.

4 CISO (Chief Information security officer)

The CISO is the ultimate head of the SOC team. He/She reviews policies, procedures, strategies for the cybersecurity team. He/She also communicates other security strategies and outcomes to the upper management.

Skills needed to be a part of the SOC team:

  1. Knowledge of different operating systems such Unix, DOS, Windows, Linux
  2. Knowledge of firewalls and their configuration
  3. Knowledge of IDS/IPS tools
  4. Knowledge of networking concepts like TCP/IP, routing, switching
  5. Knowledge of core programming languages such as C, C++, Java, PHP
  6. Certifications such as CISSP, CEH, Security+

We have seen the different details of the SOC team.

Enroll in our ‘CyberSec First Responder Training’ course from CertNexus and our ‘Certified SOC analyst’ training from EC-Council today!

AUTHOR
Jayanthi Manikandan ( )
Cyber Security Analyst
Jayanthi Manikandan has a Master’s degree in Information systems with a specialization in Information Assurance from Walsh college, Detroit, MI. She is passionate about Information security and has been writing about it for the past 6 years. She is currently ‘Security researcher at InfoSec train.
TOP