We covered the role of Junior security operations center analyst, the responsibilities and the required skills and certifications. We also covered the answers of TryHackMe Jr Security Analyst Intro room.

Certified Security Blue Team Level 1 Study Notes

Blue Team Cyber Security & SOC Analyst Study Notes

Responsibilities for a Junior Security Analyst or Tier 1 SOC Analyst

Monitoring Alerts:

  • Use logs from sources like firewalls, web servers, and endpoint devices.
  • Analyze logs through an SIEM tool (e.g., Splunk).
  • Categorize alerts into priority levels: Low, Medium, High, and Critical.

Investigation Process:

  • Investigate “critical” alerts first, answering What, When, and How the event occurred.
  • Escalate unresolved incidents to senior team members like Incident Responders or Threat Hunters.

Configuration and Security Tools:

  • Use tools to automate repetitive tasks.
  • Update databases and create signatures for IDS (Intrusion Detection Systems).

Collaboration:

  • Participate in “lessons learned” meetings after incidents.
  • Create and escalate tickets for unresolved issues.

Continuous Learning:

  • Follow cybersecurity news and updates.
  • Stay informed about APTs (Advanced Persistent Threats).

Required qualifications for a Junior Security Analyst or Tier 1 SOC Analyst

Experience:

  • Entry-level role with 0-2 years of experience in security operations or IT administration.
  • System administration experience is an advantage.

Skills:

  • Networking basics (OSI/TCP-IP models).
  • Operating systems: Linux, Windows, MacOS.
  • Programming/scripting: Python, Bash, Ruby.

Certifications (Optional but Beneficial):

  • CompTIA Security+ (beginner-friendly).
  • Cisco CCNA CyberOps (Cisco product-focused).
  • CompTIA Cybersecurity Analyst (general SOC environment).

Desired certification:

What is SOC?

The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats in the cyber realm 24/7 or around the clock. Per McAfee’s definition of a SOC,  “Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organisation’s overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks”. The number of people working in the SOC can vary depending on the organisation’s size. 

To be in the frontline is not always easy and can be very challenging as you will be working with various log sources from different tools that we will walk you through in this path. You will get a chance to monitor the network traffic, including IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) alerts, suspicious emails, extract the forensics data to analyze and detect the potential attacks, use open-source intelligence to help you make the appropriate decisions on the alerts.

Day in the life of SOC Analyst

One of the most exciting and rewarding things is when you are finished working on an incident and have managed to remediate the threat. Incident Response might take hours, days, or weeks; it all depends on the scale of the attack: did the attacker manage to exfiltrate the data? How much data does the attacker manage to exfiltrate? Did the attacker attempt to pivot into other hosts? There are many questions to ask and a lot of detection, containment, and remediation to do. We will walk you through some fundamental knowledge that every Junior (Associate) Security Analyst needs to know to become a successful Network Defender. 

The first thing almost every Junior (Associate) Security Analyst does on their shift is to look at the tickets to see if any alerts got generated.

SOC Team Roles

  1. Junior SOC Analyst (Tier 1):
    • Initial monitoring, ticket creation, and resolving low-complexity issues.
    • Gather Indicators of Compromise (IOCs) like IPs and domains to prevent future attacks.
  2. Incident Responder (Tier 2):
    • Handle escalated tickets and conduct deeper investigations.
    • Perform threat hunting and analysis of attackers’ tactics.
  3. Threat Hunter (Tier 3):
    • Perform advanced threat hunting and malware reverse engineering.
    • Focus on long-term attacker tracking and advanced analytics.

Final Takeaways

  • Tools: SIEM solutions and reputation scanners are key tools in the SOC environment.
  • Team Collaboration: Junior analysts work closely with more senior roles to resolve complex security issues.
  • Continuous Improvement: Stay informed about cybersecurity trends, and gain certifications to advance your career.

Room Answers | TryHackMe Jr Security Analyst Intro

What will be your role as a Junior Security Analyst?

Triage Specialist

What was the malicious IP address in the alerts?

221.181.185.159

To whom did you escalate the event associated with the malicious IP address?

Will Griffin

After blocking the malicious IP address on the firewall, what message did the malicious actor leave for you?

THM{UNTIL-WE-MEET-AGAIN}

Check out the video below for detailed explanation.

Video Walkthrough | TryHackMe Jr Security Analyst Intro

, ,
Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles