SOC Analyst Types Explained: Tier 1, 2 & 3

Businesses today rely on technology more than ever before. We use tech — particularly digital tech — to buy and sell products, store customer information, distribute internal memos, and much more. As a result, data security has become an industry in high demand. Many young professionals are entering this growing industry, hoping to eventually become SOC analysts.

A SOC analyst (Security Operations Center analyst) provides the human touch to a company’s digital security network. These professionals are tasked with identifying cyber threats and vulnerabilities in the network, and they often write code and design software to prevent hackers from exploiting those vulnerabilities.

SOC analysts are necessary for organizations to protect their sensitive data. In fact, data security is so important that often companies will hire multiple analysts to fill different roles under the SOC analyst umbrella. Analysts typically fall into one of three tiers — and here’s what you need to know about each one.

What Does a SOC Analyst Do?

Similar to first responders showing up to the scene of a natural disaster, SOC analysts are the first responders when a security network falls victim to a data breach or other cyber attack. Each analyst tier has a specific focus during security incidents, which allows them to find a solution as quickly and effectively as possible.

But what do SOC analysts do during a security incident? The answer depends on the tier in which they work.

Tier 1

Tier 1 analysts focus primarily on basic security measures, like monitoring event logs for suspicious activity. Most tier 1 analysts are new to the field, and these professionals gain their hands-on experience working in this position.

Admittedly, working in tier 1 isn’t always the most exciting job in the world. However, it is a very important role both for the analyst’s employer and for the analyst’s career. When tier 1 SOC analysts monitor event logs, they are making sure that no bad actors have exploited vulnerabilities in the network — and if something does happen, they’re able to spot the problem right away.

If a tier 1 analyst does spot suspicious activity in the event logs, he or she will gather as much information as possible about the activity. This can include the time of the event, the IP used to breach the system, the vulnerability the hacker was able to exploit, and more. Then, he or she will escalate the incident to the more experienced analysts at tier 2.

Tier 2

Tier 2 analysts typically have a few years of experience in the data security field, and they use this experience to tackle more sophisticated work for their organization. Most of a tier 2 analyst’s job involves incident investigation after a data security breach.

When a tier 1 analyst notices suspicious activity, he or she gathers preliminary information to pass on to the tier 2 team. Then, these professionals take time to “assess the damage;” they’ll investigate the incident and determine to what extent the hacker was about to penetrate the system.

If there is notable damage to the system (like stolen data or rewritten code), tier 2 analysts are in charge of remediating the issue. This might mean rewriting code to restore the security network, or even designing new code to close gaps in the system.

Tier 3

Tier 1 analysts recognize security incidents, and tier 2 fixes the issues when they arise. So… what does tier 3 do? These professionals actually have the most important job of all: learning about new security threats to stay one step ahead of any would-be hackers.

Tier 3 analysts are often the most experienced professionals in a SOC analysis team. Instead of monitoring the current data logs, they focus more on studying data security trends and learning about new exploits that hackers might use to breach the company’s security network.

Additionally, tier 3 analysts might spend some time designing code to counter these new security threats. They also spend some of their time examining telemetry data, giving the tier 1 analysts’ work an expert glance in case they’ve missed any suspicious activity. In this way, tier 3 analysts are the final protectors against data hackers, viruses, and more.

How to Become a SOC Analyst

If you want to become a SOC analyst, you’ll first need to earn a bachelor’s degree in computer science, engineering, or a related field. Most professionals also secure internships during their time in college, which offer hands-on experience in the IT world while they are learning the basics in the classroom.

Once you’ve earned your degree, you will have to continue your education journey through various certifications. Data security is a very broad field, so professionals should find a specialty and get certified to better understand that subject.

You can get certifications in penetration testing, ethical hacking, and many other fields under the SOC analyst umbrella. Visit Legends of Tech’s Cyber Security School today to get started on your certification journey!

Leave a Reply

%d bloggers like this: