Professional Documents
Culture Documents
SOC Lead
SOC Lead
Aeries Technology3.6
164 Reviews
7 - 12 years
10-20 Lacs P.A.
Hyderabad/Secunderabad, Bangalore/Bengaluru, Mumbai (All Areas)
Send me jobs like this
Posted: 24 days agoJob Applicants: 286
SOC Lead
Aeries Technology3.6
164 Reviews
Send me jobs like this
Job match score
Early Applicant
Keyskills
Location
Work Experience
Job description
Job Responsibilities:
Manage and lead SOC operations, security incidents, investigations, threat detection
& preventions
Implement and operationalise CSIRT, SOAR, SIEM, DLP, Network monitoring,
Forensic tools and etc.
Well versed with well-known security frameworks such as ISO 27001:2013 / NIST
CSF / PCI DSS / ISO 22301 / STRIDE / MITRE / SSAE16 etc.
Ensure key information security risks and issues are identified, addressed and
resolved in a timely manner.
Acquire artifacts from a client or server during an investigation using different tools
Assess efficacy of security controls, document and report control failures and gaps to
stakeholders. Provide remediation guidance and prepare management reports to track
remediation activities.
Develop relevant metrics, analyse data, identify trends and help drive improvements
to the control environment
Recommend security monitoring or device tuning to reduce false positive detections
Build and run various phishing, vishing, smishing campaigns
Must have experience working on following technologies: End point detection and
response, PowerShell, anti-virus, email security, Linux, DLP, deception tools, cloud
platform security
Implement SOC Automation and mature operations excellence Roles and
Responsibilities
Skills:
Qualification:
Company Info
Address:3rd Floor, Sahas, Twin Towers Lane, Prabhadevi MUMBAI - 400025 Maharashtra,
India
Zeshan Naz
Published
Views
8,015
Read Time
14 Mins
In this article
1. What is SOC?
2. What is a SOC Analyst?
3. What Does a SOC Analyst Do?
4. SOC Analyst Job Description
5. Roles & Responsibilities of SOC Analyst
6. SOC Analyst Skills and Qualifications
7. Top SOC Analyst Tools
8. SOC Analyst Career Path
9. Conclusion
10. Frequently Asked Questions (FAQs)
In this article
1. What is SOC?
2. What is a SOC Analyst?
3. What Does a SOC Analyst Do?
4. SOC Analyst Job Description
5. Roles & Responsibilities of SOC Analyst
6. SOC Analyst Skills and Qualifications
7. Top SOC Analyst Tools
8. SOC Analyst Career Path
9. Conclusion
10. Frequently Asked Questions (FAQs)
View All
SOC Analysts are a part of the modern-day security operation center teams that are an
inseparable part of every organization nowadays. As a member of the Security Operations
Center (SOC) team, an SOC analyst monitors, analyzes and responds to security issues. They
investigate attacks with other team members once they have been detected. The main purpose
of building a SOC unit with a SOC Analyst as its head is to build situational awareness in a
company and train employees for any security threat.
SOC Analyst job description includes implementing and incorporating multiple tools and
technologies. These tools and technologies help companies to find potential security threats,
analyze them, and inform the management about the same so that they can take effective
measures to resolve them. If you want to become a SOC Analyst and explore the field of
work, then you can register yourself for the best CISSP course, which will help you to
understand all the basics that a SOC Analyst performs.
What is SOC?
SOC stands for Security Operations Center, and it is a centralized unit for security operations
in a company. Every company builds a SOC team, and the main aim of this team is to
monitor, analyze and protect the company and its assets from any kind of security threats
such as cyber-attacks, data threats, viruses, malware, etc.
A SOC Analyst and the SOC team of a company protect the sensitive data and information of
a company that is stored in a computer device so that hackers do not get their hands on it and
uses this information for malicious activities and purposes. It may include important
company Data integrity of the systems or the company's confidential information.
The SOC team of a company is responsible for strategizing and implementing various
methods for maintaining an organization's cyber security, as it is the main point of contact for
preventing and avoiding cyber-attacks.
They also inform the management about the cyber threats so that the stakeholders can take
necessary measures to ensure the security of the sensitive information and data of the
company from hackers and malicious activities.
SOC Analyst description can simply be provided to you as someone who reviews incident
notifications, after which they perform multiple vulnerability assessments so that they can
derive conclusions and report them to senior management. So, it is clear that if you want to
become a SOC Analyst, then you will have to take care of the security operations and data
safety of the company you are working in.
SOC analysts have access to the company's important technologies to ensure important data
security and build a safe environment throughout the organization. Certain relevant security
tools are provided to them, and they are trained to handle and use them effectively. The most
common security tools include firewalls, threat and vulnerability management tools, data
security tools, intrusion detection and prevention technology, Data Analytics platforms, etc.
SOC Analysts also have access to forensic tools, which helps to ensure response
investigations to certain security incidents. SOC Analyst duties are important and can prove
efficient for the company and the analysts and help find those security threats that traditional
tools could not.
SOC analysts look within the IT systems and networks to find security threads with the help
of modern tools and technologies. They receive alerts from the SIEM that contain possible
security threats and compromises with protecting a company's data security. Analysts focus
on those alerts, analyze the extent of threats, and resolve them.
SOC professionals cannot stop threats from entering their security network completely, but
they can prevent them from spreading across all networks. The compromised network is
eliminated, and a new system is installed to restore the security system properly. The
correlation and validation of the alerts are an integral part of the security system that the SOC
Analysts perform.
Reduce Downtime and Ensure Business Continuity
Companies are very keen to ensure that their operations run with very less or no downtime.
Previously, professionals used to shut down the infected server to clean up the virus. Still,
today, companies cannot afford to shut down a server completely as it may harm business
operations and critical infrastructures.
If any breach of security happens, SOC Analysts are responsible for informing about the
same to the upper management so that they can take necessary actions. The redundancy of the
error is reduced, and in a way, security risks are mitigated before they cause any greater
damage.
The Roles and responsibilities of SOC Analysts include providing security services to the
organization in a centralized manner. They provide valuable insights to the upper
management of the company and help the stakeholders to take major steps so that they can
meet their goals. Multiple departments come together to assist SOC Analysts so that they can
take up the charge of maintaining the security of data and information throughout the
organization.
Responsibility for anything related to the company's security is on the shoulders of SOC
Analysts. If any security breach happens, they are the first ones to deal with it. A clear line of
authority and communication should be maintained throughout the organization to avoid
discrepancies in security operations.
Another important role of SOC Analyst is to perform audit activities to meet compliance
requirements for other corporate, government, public offices, etc. Essential compliance
consists of access to patch levels, threat information, identity, and data access control.
Previously, SOC analysts used to create documentation and templates for performing audit
activities which were prone to errors and consumed a lot of time. Modern security leverage
tools, for instance, SIEM aggregates data related to security from across the company so that
it becomes easy for analysts to generate reports related to audits and compliance.
A SOC Analyst has to perform these roles and responsibilities so that they can prove to be an
asset to the company. Acquire the necessary certifications for Cyber Security to ace the
corporate world.
1. Network Defenders: Defending the networks from possible security threats is one of the
major duties of a SOC Analyst. It will help you monitor, analyze, and eliminate security
threats from your network. The networks are prone to get infected as it is easy for hackers to
attack them because they are connected to the internet. You should have the required skills
to protect your company's Networks from hackers' attacks.
2. Ethical Hacking: SOC professionals with knowledge of ethical hacking are always preferred in
any company. They must find out the probable threats and protect the security networks of
the company. You should also have a basic understanding of perpetrations, networks, web
applications, and testing to test systems to identify vulnerabilities.
3. Response to Incidents: As a SOC Analyst, you must know how to eliminate the malicious
activities that are taking place in your security systems and how to deal with incidents
involving security breaches. You may suggest changes in the companies' security systems so
they can stay protected from future threats.
4. Computer Forensics: To prevent your computer security system from any sort of Cybercrime,
as a SOC professional, you must become familiar with computer forensics. This will help you
collect, analyze and report security data to the company's upper management.
5. Reverse Engineering: With relevant skills in reverse engineering, you will also get the hang of
the given software program, derive conclusions from it, and help you patch a bug.
Required Qualification
To pursue a career as a SOC Analyst, it will be beneficial for you if you have a bachelor's
degree in the field of computer science or some other STEM-related subject. But even if you
do not belong to a science background, you can still become a SOC Analyst if you do certain
certification courses that are relevant to the particular discipline. Many analysts get into this
job by doing certain cybersecurity courses or registering for various boot camps. These
courses will help you understand how to identify and analyze data and its threats.
1. Delta: This tool helps SOC Analysts to detect the possible issues and threats in a software-
defined network and can stop hackers from accessing your networks. It can analyze both
known and unknown network issues.
2. Honeynet: It helps SOC professionals to understand some of the common attacking patterns
used by hackers. It then designs strategies to protect the security systems and safeguard the
assets.
3. Lynis: It is a common tool used for UNIX systems. It helps experts to monitor and perform
utilities on the UNIX platform to identify their configurations and vulnerabilities.
4. Ettercap: It is one of the best tools for testing man-in-the-middle attacks. It helps to
understand the response to cyber-attacks.
5. Malte go: This tool offers a huge transformation library that helps deal with potential
security threats. It is generally used for data mining and link analysis.
6. Infection Monkey: This tool keeps track of the events that can happen if any hacker tries to
gain unauthorized access to your security system.
7. Snort: This tool installs an intrusion detection and prevention system that helps analysts
perform real-time cyber-attack analysis.
8. Vega: It is a web security scanner and a testing platform that runs a check on the different
web applications and other similar problems in scripting.
9. OpenVAS: It is a scanner whose purpose is to identify the company assets and anomalies
that may make the network open to vulnerabilities and cyber-attacks.
10. Nagios: This tool allows the SOC Analysts to completely monitor the security networks,
connected servers, and infrastructure.
Here is the salary range which you can earn based on your level of experience:
As a Fresher: At the entry-level, you can expect to earn an average annual salary of $81,787.
This salary range will continue till you gain at least 3 years of experience.
With Minimum Experience: SOC Analysts in the mid-level earn an average salary of $90,537
per year.
Senior Level: With years of experience working as a SOC Analyst, after 10 to 14 years of work
experience, you can expect to earn an annual salary of $1,19,749 every year.
Industry Growth
A SOC Analyst has an exciting career with many opportunities to excel and progress. It is a
rewarding career option with plenty of job titles and opportunities. you only have to have the
right side of skills and knowledge to reach the peak of your career along with relevant
experience. As the business industry is completely focused on becoming technologically
dependent, they are having more and more SOC Analysts so that they can protect the security
of their computer systems and sensitive data. Thus, it is a great career choice in recent times,
and it will only flourish in the coming years.
Cisco Certified CyberOps Associate: It will enlighten you with the real-world tasks that are
performed in the SOC environment.
EC-Council Certified SOC Analyst (CSA): It is a short course that is beneficial for SOC Analysts
at the entry-level.
EC-Council Certified Ethical Hacker: It teaches to identify tools used by hackers, emerging
attack vectors, and practical experience in malware identification, analysis, etc.
CompTIA Security+: It gives proper training to the candidates for performing the entire
security life cycle in modern IT environments.
Conclusion
Now you know what SOC Analyst means, their career opportunities, job descriptions, and
roles and responsibilities of a SOC Analyst. If you want to choose this flourishing discipline
as your career, then enroll yourself for KnowledgeHut best CISSP course that will help you
to gain in-depth knowledge and insights about what you will have to do as a SOC Analyst
and how you can protect sensitive data and information of your company.
Zeshan Naz
Blog Author
Zeshan Naz holds 6 years of work experience in Content Marketing. EdTech is her field of
expertise and she looks forward to helping more professionals get ahead in their careers.
Zeshan is an avid reader and in her leisure time, loves traveling around and exploring places.
Responsibilities
1. JOB PURPOSE
1. PRINCIPAL ACCOUNTABILITIES
(List the responsibilities/duties associated with the job and the major activities associated
with each responsibility. For each responsibility/duty listed, give the factors on which an
individual’s performance is judged).
Lead and manage all high priority & Critical Security Incidents including end to end
incident mgmt.
Support/help and guide the L1/L2 in managing complex issues/incidents
Lead and engage in Study/POC of Tools and technologies aligning to the security
roadmap
Will be an expert in 1 or 2 key security technologies/tools globally and be part of the
global SOC L3/Experts – Example Areas: Threat Hunting, Forensic Analysis, IPS,
EDR, DLP, etc.
Contribution to the risk detection management approach, consistent with the SG
MITRE Matrix approach and other industry standard relevant approaches
Analysis support for complex investigations and improve reaction procedures/run
book definitions/ enhancements
Support for analyses on cybersecurity technical plans, analysis approach and incident
management
Identify different security tools and technologies to make security operations more
effective.
Identification of security gaps, mitigation strategy, implementation & tracking till
closure
Work with various regional SOC and CERT teams on the security aspects an
incidents where required
Recognized as consultant for cyber domains with internal teams and business
Assist functional head in building technical capabilities, strategic cyber roadmaps and
team competencies based on priorities and policies of Group and GSC
Work as technical expert for the domain(s) and execute cyber programs of medium to
complex nature and support in delivery
Help functional manager in identifying technical loopholes in processes and
interdependencies
Develop holistic solutions and manage transversal cyber programs
Act as a consultant on key cyber topics
Stakeholder management and relationship building with technical counterparts
Profile required
1. SKILLS AND KNOWLEDGE
(State the minimum acceptable proficiency for this job which best indicates the education
and/or experience requirements of this job and not the incumbent).
Advanced knowledge of cybersecurity concepts: must have an in-depth understanding
of cybersecurity concepts, such as threat intelligence, incident response, vulnerability
assessment, and risk management.
Advanced knowledge of networking: must be proficient in using security technologies
and tools, such as SIEM, IDS/IPS, EDR, and vulnerability scanners, should have a
strong understanding of TCP/IP, DNS, HTTP, SMTP, and other networking
protocols, and be able to analyze network traffic to identify security threats.
Expertise in security technologies: Should have experience working with security
technologies such as firewalls, intrusion detection/prevention systems, SIEMs
(Security Information and Event Management), and endpoint detection and response
(EDR) tools. Knowledge of SIEM products (e.g. Splunk and RSA NetWitness)
Proficiency in threat hunting: Should have advanced skills in threat hunting and be
able to identify, investigate, and resolve advanced persistent threats (APTs). Must be
skilled in threat hunting techniques and be able to proactively search for new and
emerging threats that may not be detected by traditional security tools.
Familiarity with cloud security: Should have knowledge of cloud security
technologies, including cloud access security brokers (CASBs), cloud workload
protection platforms (CWPPs), and cloud security posture management (CSPM) tools.
Strong analytical and problem-solving skills: Must be able to analyze large volumes
of data and identify patterns and anomalies that may indicate a security threat. They
should also be able to develop and implement solutions to mitigate risks and prevent
future incidents.
Advanced incident response skills: Should have advanced skills in incident response,
including triage, investigation, containment, eradication, and recovery. They should
be able to perform memory analysis, malware analysis, and forensic investigations.
Knowledge of compliance regulations: Should be familiar with compliance
regulations such as PCI DSS, HIPAA, and GDPR, and be able to ensure their
organization is meeting these requirements.
Scripting and automation skills: Should have experience with scripting languages
such as Python and PowerShell, and be able to automate repetitive tasks to increase
efficiency.
Collaboration and communication: Should be able to work collaboratively with other
security team members, as well as other departments within the organization. Must
have strong communication skills to interact effectively with stakeholders, including
senior management, technical staff, and external partners. They should be able to
articulate concepts in a clear and concise manner to both technical and non-technical
audiences.
Knowledge on security framework (MITRE ATT&CK, NIST)
Experience in managing and responding to internal & external SOC audits
Knowledge of the global architecture of a network, and the security of its components
(routers, switches, ...)
Knowledge of attack procedures and malicious code (exploits, attack vectors,
phishing, ...)
Bachelor's degree in Computer Science, Information Systems, or related field.
Masters’ degree in relevant domain is a plus.
12+ years of experience working with security teams in lead roles in SOC etc.
Relevant security certifications, such as CISSP (Certified Information Systems
Security Professional), CISM (Certified Information Security Manager), and/or GCIH
(GIAC Certified Incident Handler), GSOC (GIAC Security Operations Certified),
GSOM (GIAC Security operations manager certification)
o Functional Expertise - Keeps up to date with emerging technology, business,
and market trends
o Technical Skills - Demonstrates strong technical skills required for the role,
pays attention to detail, takes initiative to broaden his/her knowledge and
demonstrates appropriate analytical skills
o Drive and Motivation - Successfully handles multiple tasks, takes initiative
to improve his/her own performance, works intensely towards extremely
challenging goals and persists in the face of obstacles or setbacks
o Client and Business Focus - Effectively handles difficult requests, builds
trusting, long-term relationships with clients, helps the client to identify/define
needs and manages client/business expectations
o Teamwork – Gives evidence of being a strong team player, collaborates with
others within and across teams, encourages other team members to participate
and contribute and acknowledges others' contributions. Ability to work
effectively both independently and in a team environment.
o Communication Skills - Excellent written and verbal communication skills.
Communicates what is relevant and important in a clear and concise
manner and shares information/new ideas with others
o Judgement and Problem solving - Thinks ahead, anticipates questions, plans
for contingencies, finds alternative solutions, and identifies clear objectives.
Sees the big picture and effectively analyses complex issues. Strong analytical
and problem-solving skills.
o Creativity/Innovation - Looks for new ways to improve current processes
and develop creative solutions that are grounded and have practical value
Influencing Outcomes - Presents sound, persuasive rationale for ideas or opinions. Takes a
position on issues and influences others' opinions and presents persuasive recommendations