Security Operations Center (SOC) Roles and Responsibilities

By
Govarthan Mani
-
0

SOC LEAD

  1. Security incidents and occurrences are tracked, analysed, and reported.
  2. Manage, tune, and optimise SIEM tool.
  3. Provide security controls such as IDS/IPS, endpoint security, vulnerability management, and data loss prevention recommendations to the client’s security team.
  4. With the support of the SOC manager, create new operational rules, processes, and procedures.
  5. Managing shifts / team in the 24X7.
  6. As an initial point of contact for the SOC team, assist them.
  7. Assist with handing out work assignments to the team members.
  8. Handling escalated security incidents.
  9. Guide and mentor L1 and L2.
  10. Find strategies to improve security procedures on a regular basis.

INCIDENT HANDLER

  1. Using SIEM tools for advanced analysis.
  2. Incident investigation and response skill.
  3. Log parsing and analysis skill.
  4. Knowledge of networking fundamentals.
  5. Knowledge of current threat landscape.
  6. Malware operation and indicators skill.
  7. Know about penetration techniques.
  8. Assist in defining and driving strategic initiatives.
  9. Working with Level 2 Analysts, create and develop SOC processes and procedures.
  10. Support the development of operational and executive reports.

THREAT HUNTER

  1. In the area of Threat collection, providing mentorship and support to peers.
  2. Capable of identifying need & driving solutions
  3. Providing guidance, in an autonomous mannet.
  4. Contribute to the identification (hunting) and profiling of threat actors and TTPs.
  5. To detect current threats, create and run custom analysis models using security event data.
  6. Integration of current security infrastructure and indicators is being implemented.
  7. Proactively identify threats for our global clients to complement the standard SOC.
  8. Investigate host, network and log-based security events.
  9. Assist in development of Threat Hunting service
  10. Communicate with clients and report on any prospective findings, both technically and commercially.

SECURITY ANALYST

  1. Perform investigations in response to security alerts.
  2. Gather evidence and put together a picture of the case.
  3. Determine how security incident occurred.
  4. Building capabilities that close information gaps.
  5. Defend customer security threats.
  6. Make plans for adversary eviction and incident response.
  7. Evaluate security risks.
  8. Create technical documentation.
  9. Using defence tool to conduct analysis.
  10. Collaborate with teams that are customer-focused.

SOC ANALYST

  1. Investigate and resolve technical problems.
  2. Prepare reports and dashboards.
  3. Monitor and response alerts.
  4. The incident response team responds to escalations.
  5. Provide technical and functional support to L1 team.
  6. Responsible for incident investigation.
  7. Provide threat and vulnerability analysis.
  8. Investigate, document, and report an information security issue.
  9. Log-correlation and anomaly detection.
  10. Understanding networking protocols.

SOC MANAGER

  1. Lead and manage SOC.
  2. Responsible for security event monitoring.
  3. Establish operational foundations.
  4. Perform threat management.
  5. Coordinate with stake holders.
  6. Creation of reports, dashboards.
  7. Manage and process improvement programme.
  8. Provide Security advisor.
  9. Assist analysts in following to established protocols and supervising employees.
  10. Keep your knowledge of cyber security up to date.

SIEM ENGINEER

  1. Procedures creation and execution are the responsibility of this position.
  2. Maintaining staff development and security systems in both internal and external situations.
  3. Will collaborate closely with senior engineers and threat analysts.
  4. Assist customers with Managed Security solutions as a principal responder.
  5. Works as a member of the SOC.
  6. Client-specific SIEM management solutions are the responsibility of this position.
  7. Assists with the escalation of significant and complex customer issues, as well as product configuration and testing.
  8. Assists with the development and documentation of work processes, as well as the training of other team members.
  9. Custom automation playbooks are possible to develop.
  10. The ability to analyze a network architecture diagram and create use cases.

Previous articleIOC vs IOA: Indicators of Threat Intelligence
Next articleSplunk Commands – Exploring of Join Commands and its Arguments
Govarthan Mani
Govarthan Mani
http://www.socinvestigation.com
Cyber Security Incident Response Team

LEAVE A REPLY

Please enter your comment!
Please enter your name here