Assist organizations in monitoring of cyber security events and identify if there is malicious activity on the organization network amongst thousands of alerts being received every second. The profile starts at L1 which is level 1 and the person should understand the interface of SIEM (Security Information and event management) tool and how to use it, how to read an alert, understand the ticketing tool, assign a ticket , follow up for conclusion or closure and lots of coordination & communication. Then there are L2, L3 and further levels which require designing the SOC architecture, improving the quality of logs being received, improving the coverage of logs, creating rules for alerting based on the logs being received, understanding SIEM architecture, writing parsers to understand the logs, integrate devices in to SIEM, fine tuning the rules to reduce false positives, assist in investigations if needed etc.
Further Details
The profession requires a good understanding of networking, OSI model, protocols, port numbers, basic cyber security attacks such as OWASP top 10 and a conceptual understanding of them, understanding of at least one SIEM tool to the extent of being able to use it, understanding of a ticketing tool, good email writing skills (for coordination), good coordination / communication skills. Above knowledge is good for a person to get hired for an L1 SOC job. For further levels understanding of logging level of devices, how to integrate devices, how to write parsers, SIEM architecture, fine tuning of rules etc. is required and can be developed by a fresher as well.
What technical skills are required
Technical bent of mind and good knowledge of networking and just a basic understanding of SIEM tools are a good starting point.
Good coordination skills, communication skills are an advantage.
Education background - BTech / BSc / BCA / any other degree with computer subject or knowledge