A Security Operations Centre (SOC) works 24x7 to secure an Enterprise’s digital assets. They’re both the front line and the strategic command centre. The department’s SOC teams rely on key individuals working day and night to maintain IT system integrity.
A SOC team has many roles & responsibilities that they are expected to manage across several functions. Typically, their positions cover two broad areas of responsibility:
- Maintaining security monitoring and analysing your security on an ongoing basis. They’ll detect, investigate and respond to security incidents using a combination of people, processes and technology.
- Proactively investigate suspicious activities and ensure that potential security incidents are correctly defended, identified, analysed, and escalated to secure your infrastructure.
What Are the SOC Team Roles?
Although companies may name titles differently, businesses will require similar responsibilities regarding cyber security.
So, if you’re tasked with building an SOC or looking for an outsourced SOC team, we’ve created a best-practice structure for the common roles and their associated tasks and duties to guide you toward SOC team success.
SOC Manager:
The SOC Manager bridges the SOC team and the rest of the business. Working with the SOC Lead, they formulate policy for the entire team, escalate processes, and review incidents.
They’re a vital part of the auditing process. SOC Managers develop crisis communication plans for the CISO and other stakeholders. In addition to these hard deliverables, the SOC Manager should champion the team and demonstrate its value to the wider organisation.
SOC Lead:
The SOC Lead is a role that demands a big-picture view. This person is the General in the Bunker, coordinating response to threats through effective management of other team members. They run the SOC hands-on on a day-to-day basis.
Aside from leading the charge with their sleeves rolled up, their responsibilities extend to documenting processes and recording incidents.
Security Analyst:
This “eyes on glass role” is the front line. Your Security Analyst will actively monitor the system for suspicious activity and threats. They decide on the severity of the danger, passing more complex attacks up the chain of command. They will deal with the less complex attacks themselves.
Senior Security Analyst:
This SOC role steps in to combat higher levels of threat. Senior Security Analysts identify affected systems, review intelligence reports and identify the nature of the attack. They formulate plans to repair damaged assets, keep other assets safe, and work to remove the threat.
SIEM Engineer:
Security Information and Event Management (SIEM) Engineers fine-tune the SIEM tools to identify and repel threats. They also work closely with other team members, especially if the system is attacked.
Threat Hunter:
Threat Hunters are the detectives in the team. They’ll use SIEM tools to review your log files (in real-time), finding clues as to the nature of the attack and how to repel it.
Incident Handler:
Working with all aspects of the SIEM team, they focus on containing and repelling attacks and repairing affected systems.
Threat Intel Researcher:
A key aspect of detecting the nature of the threat is identifying its origin and form. The threat intelligence researcher does this, passing intelligence to the SIEM Engineer, who feeds it into the system.
Forensics Specialist:
The Forensic Specialist conducts thorough investigations into the nature of the attack. The intelligence gathered is often shared with authorities and used to prevent future attacks.
Red Team Specialists:
Red Team Specialists actively attack the system to identify vulnerabilities, using ethical hacking techniques to highlight areas of weakness through various Penetration Testing areas so other teammates can fix them.
The red team acts as an independent group that challenges the organisation to improve its effectiveness by assuming an adversarial role.
SOC roles and your business
Depending on your resources and individual business requirements, the size and structure of your SOC team will vary, possibly with several roles combined into one job.
Many companies find that fully outsourcing their SOC or supporting their internal team with additional external resources is beneficial to avoid the challenges of building a full SOC team.
Why Outsource Some or All of Your SOC Team?
- Cost-Efficient: Outsourcing your work will save you training and recruitment expenses.
- Saves Time: Time effectiveness can be maintained as outsourced companies work around-the-clock and have the expertise to get the work done
- Faster & Expert Quality: Outsourced companies tend to be experts in their field. They can get the work done efficiently and at a high standard, and be reliable.
- Priorities: Outsourcing allows you to focus on more important activities, such as ensuring your cyber security improvement programmes are up to date and running efficiently.
Looking for a UK SOC team?
An ’ always-on’ team with the expertise to help you hit the ground running, rapidly scale and secure your cyber security operations - without the overhead of building, training and managing a specialist team.