We covered the role of Junior security operations center analyst, the responsibilities and the required skills and certifications. We also covered the answers of TryHackMe Jr Security Analyst Intro room.
Web Hacking & Pentesting Study Notes
Blue Team Cyber Security & SOC Analyst Study Notes
Responsibilities for a Junior Security Analyst or Tier 1 SOC Analyst
The responsibilities for a Junior Security Analyst or Tier 1 SOC Analyst include:
- Monitor and investigate the alerts (most of the time, it’s a 24×7 SOC operations environment)
- Configure and manage the security tools
- Develop and implement basic IDS (Intrusion Detection System) signatures
- Participate in SOC working groups, meetings
- Create tickets and escalate the security incidents to the Tier 2 and Team Lead if needed.
Required qualifications for a Junior Security Analyst or Tier 1 SOC Analyst
- 0-2 years of experience with Security Operations
- Basic understanding of Networking ( OSI model (Open Systems Interconnection Model) or TCP/IP model (Transmission Control Protocol/Internet Protocol Model)), Operating Systems (Windows, Linux), Web applications. To further learn about OSI and TCP/IP models, please refer to the Introductory Networking Room.
- Scripting/programming skills are a plus
Desired certification:
What is SOC?
The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats in the cyber realm 24/7 or around the clock. Per McAfee’s definition of a SOC, “Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organisation’s overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks”. The number of people working in the SOC can vary depending on the organisation’s size.
To be in the frontline is not always easy and can be very challenging as you will be working with various log sources from different tools that we will walk you through in this path. You will get a chance to monitor the network traffic, including IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) alerts, suspicious emails, extract the forensics data to analyze and detect the potential attacks, use open-source intelligence to help you make the appropriate decisions on the alerts.
Day in the life of SOC Analyst
One of the most exciting and rewarding things is when you are finished working on an incident and have managed to remediate the threat. Incident Response might take hours, days, or weeks; it all depends on the scale of the attack: did the attacker manage to exfiltrate the data? How much data does the attacker manage to exfiltrate? Did the attacker attempt to pivot into other hosts? There are many questions to ask and a lot of detection, containment, and remediation to do. We will walk you through some fundamental knowledge that every Junior (Associate) Security Analyst needs to know to become a successful Network Defender.
The first thing almost every Junior (Associate) Security Analyst does on their shift is to look at the tickets to see if any alerts got generated.
Room Answers | TryHackMe Jr Security Analyst Intro
What will be your role as a Junior Security Analyst?
Triage Specialist
What was the malicious IP address in the alerts?
221.181.185.159
To whom did you escalate the event associated with the malicious IP address?
Will Griffin
After blocking the malicious IP address on the firewall, what message did the malicious actor leave for you?
THM{UNTIL-WE-MEET-AGAIN}
Check out the video below for detailed explanation.
Video Walkthrough | TryHackMe Jr Security Analyst Intro
