What is a SOC analyst?

‍

The world of data security is always evolving. As bad actors learn new skills and advance the way they attempt to breach security systems, the controls and protocols an organization needs to keep them out advances as well. This requires that organizations stay up to date on the latest trends, best practices, and innovations in security, which is why the role of a SOC analyst is so important.  

‍

A SOC analyst is an information security professional who evaluates security practices and monitors a business’ infrastructure for threats. They keep up with the latest security trends and techniques to ensure the organization’s systems and data are well protected.

‍

It’s important to note the distinction between SOC analysts and SOC compliance. For SOC compliance, SOC stands for service organization controls and entails getting a SOC 1, SOC 2, or SOC 3 report. For SOC analysts, the SOC stands for security operations center, and they’re an individual that oversees security processes. So even though the letters in these acronyms are the same and both deal with information security, they are different. Though a SOC analyst may be involved in SOC compliance, their responsibilities are much broader.

‍

What does a SOC analyst do?

A SOC analyst is responsible for coordinating a business’ information security to ensure it’s effective. The organizational structure will affect a SOC analyst’s duties, but these often include:

‍

• Monitoring for threats in the organization’s IT infrastructure.
• Assessing the organization’s information security posture and recommending ways to improve it.
• Addressing security threats as they arise to keep data safe and find ways to prevent similar attacks in the future.
• Developing and updating disaster recovery and incident response plans.
• Performing internal security assessments.
• Advising leadership on new security policies.

‍

A SOC analyst is primarily responsible for information security and for delegating and managing security tasks. There may be a team of SOC analysts that handle security in-house with a top SOC analyst leading the charge or there could just be one SOC analyst for smaller organizations.

‍

Tiers of SOC analysts

There are three tiers of SOC analysts. SOC analysts move up the tiers as they advance their skills and increase their responsibility.

‍

Tier 1 SOC Analyst

Tier 1 SOC analysts usually have less experience and fewer responsibilities and tend to be in the early stages of their career. Sometimes called triage SOC analysts, their primary focus is to monitor the security systems for risk, threats, and attacks. Tier 1 analysts often don’t respond to threats or propose changes to the organization’s security systems, instead they identify issues and escalate them to a Tier 2 analyst. 

‍

Tier 2 SOC Analyst

A Tier 2 SOC analyst will take action on the issues flagged by the Tier 1 analyst. A Tier 2 analyst has all the same skills as a Tier 1 analyst in addition to responding and investigating security threats to figure out how bad actors got through the organization’s defenses.

‍

Tier 3 SOC Analyst

A Tier 3 SOC analyst creates the security strategy for the organization and often acts as a leader for the security team. They are the architects of the organization’s security posture and are responsible for building a proactive security system. 

‍

Within larger organizations, there will be even more advanced roles than a Tier 3 Analyst — such as Information Security Managers, Directors, and CISOs — that oversee SOC operations for the business.

‍

SOC analyst salary

How much can you expect to earn as a SOC analyst? According to Indeed, the pay for US-based SOC analysts ranges from $58,000 to $135,000 per year, with the average salary being roughly $89,000 per year. Where you fall on this range will depend on where you live, the availability of SOC analysts in your area, company size, and which tier of SOC analyst you are. 

‍

SOC analyst job responsibilities

We’ve covered what SOC analysts do and the role they play within an organization, but now we’ll cover the specific job responsibilities of a SOC analyst.

‍

Preventing and handling security threats

Managing security threats and suspicious activity is the core duty of a SOC analyst. SOC analysts are responsible for taking both preventative and reactive actions. They keep tabs on the organization’s security practices, respond to threats and breaches, monitor systems for suspicious activity, then investigate and address these threats when they arise.

‍

Manage security tools

A strong information security posture involves several security tools and products. These include security incident and event monitoring tools (SIEM), firewalls, antivirus software, security compliance tools, and risk management platforms. A SOC analyst advises decision-makers about which security tools to use, helps implement them, and manages these tools on an ongoing basis.

‍

Reduce security-related downtime

It’s important to ensure incident response amid breaches or threats. A SOC analyst prevents and responds to these issues and ensures that business operations can continue amid a security incident.

‍

Support security audits and compliance tasks

Depending on the services your organization provides, you’ll likely need to comply with more than one compliance framework, such as ISO 270001, SOC 2, PCI DSS, and "FedRAMP. A SOC analyst will facilitate the compliance process by implementing the necessary security measures to meet the compliance requirements and providing any necessary documentation and access for the audit.

‍

Be the organization’s security expert

A SOC analyst will provide strategies and insights on the organization’s holistic security program. They will likely be included in conversations with executives and other stakeholders about methods for enhancing security.

‍

Important SOC analyst skills

A SOC analyst plays a powerful role in an organization’s information security, which is why it’s important for them to have the right skills. Here are some skills and qualifications a SOC analyst needs:

‍

• Networking: Have in-depth knowledge of networks and how to design them securely.
• Incident response: Know how to handle hacking attempts and minimize damage.
• Hacking: Keep up with the latest hacking techniques and reduce the risk of breaches from these new techniques.
• Computer forensics: Must know forensic techniques to investigate a security incident and prevent similar risks in the future.
• Risk management: Must be able to identify potential risks for the organization’s information security and find ways to minimize them.
• Reverse engineering: Be able to dismantle a piece of software to figure out how it works during the investigation process.

‍

SOC analyst requirements and certifications

There are a variety of certifications, degrees, and other qualifications you can get to become a skilled SOC analyst. Most often, SOC analysts have degrees in information security, such as computer engineering, information technology, or computer science. Many also have a Certified SOC Analyst (ECSA) license from the EC-Council.

‍

There are certifications that you can get to enhance your skills and knowledge as a SOC analyst, such as:

‍

• CompTIA Security+
• CompTIA Cybersecurity Analyst+ (CySA+)
• Certified Ethical Hacker (CEH)
• Licensed Penetration Tester (LPT)
• Computer Hacking Forensic Investigator (CHFI)
• Cisco Certified CyberOps Associate

‍

Learn more about SOC compliance

Now that you understand the roles and responsibilities of a SOC analyst, learn how a SOC analyst can help businesses streamline their compliance process and demonstrate trust with a SOC 2 report.