Home > Articles

  • Print
  • + Share This
This chapter is from the book

SOC Job Roles

The expected career path for any job role in a SOC will depend on how the organization assigns responsibilities and pay scale to a job role. Roles in networking, software development, system engineering, and security intelligence can lead to entry-level SOC-related work. Entry-level SOC job roles such as junior analyst, consultant, or tester can lead to job titles such as senior architect or security administrator as responsibilities and pay scales increase. Know that there isn’t a set standard for job roles or how roles feed into other roles, meaning the role of analyst at one organization could require the same experience as the role of architect at another organization. One organization might require specific certifications, degrees, or experience to meet the requirements of a job role, while the same job role at another organization will have different requirements. Consider industry and SOC job role, pay scales, and expected experience as you develop your strategy for recruiting for any job role in your SOC.

The job roles covered in the sections that follow make up common SOC-related career paths. These roles range from entry-level to senior-level job titles. The specifics of the work will depend on the type of service offered by the SOC. I will attempt to group similar job roles and explain skills based on what I have encountered in SOCs around the world. Use the recommended skills and certifications listed as reference points for what training and certifications you could pursue if you work in one of these job roles.

Security Analyst

The security analyst role evaluates various types of data and plans and implements security measures to protect computer systems, networks, and data. Reviewing data can mean evaluating live network traffic or a copy of evidence such as event logs generated by security and network tools. In regard to a security operations center, a SOC analyst can be responsible for reviewing security logs and responding to events based on the services offered by the SOC. The skills associated with a security analyst can include reading logs and event data from various types of tools, implementing changes to security tools, such as configuring firewall rules, responding to incidents based on suspected events, and developing playbooks for the organization to standardize its responses to different events.

Table 4-1 outlines the responsibilities, skills, and certifications associated with the security analyst role. The security analyst role is ideal for the incident management SOC service but can also be part of the vulnerability management and research and development (R&D) services. Similar job titles include security engineer, security administrator, security specialist, and security consultant.

TABLE 4-1 Security Analyst Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Evaluate security measures and controls for vulnerabilities

Penetration and vulnerability testing, information security knowledge

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

GPEN: GIAC Certified Penetration Teste

CISM: Certified Information Security Manager

Establish plans and protocols to protect digital files and information systems against unauthorized access, modification, or destruction

Host security tools (antivirus, anti-malware, VPN), data loss prevention technologies, encryption concepts, identity management, access control

ECSA: EC-Council Certified Security Analyst

Vendor NAC certification

Vendor Data Loss certification

Identity Management certification (e.g., Microsoft Active Directory)

Maintain data and monitor security access

TCP/IP, computer networking, routing and switching

GSEC: GIAC Security Essentials

GCIH: GIAC Certified Incident Handler

GCIA: GIAC Certified Intrusion Analyst

CISM: Certified Information Security Manager

Perform security assessments and recommend security controls

Firewall and intrusion detection/prevention protocols

CISSP: Certified Information Systems Security Professional

Vendor product certifications

Anticipate security alerts, incidents, and disasters and reduce their likelihood

Windows, UNIX, macOS, and Linux operating systems

Operating system certifications

Manage network and security systems

Network protocols and packet analysis tools. Windows, UNIX, macOS, and Linux operating systems

Vendor network certification (e.g., Cisco CCNA/CCNP/CCIE)

Operating system certifications

Analyze security breaches to determine their root cause and impacted parties

Digital forensics and threat hunting

EC Council Computer Hacking Forensic Investigator certification

Recommend and install tools and countermeasures

Understand industry frameworks, security tools, and security process

ISC2 CISSP

CompTIA CySA+

Provide training to employees in security awareness and procedures

Developing training programs

SANS Security Awareness Professional (SSAP)

Penetration Tester

The penetration tester role is focused on identifying vulnerabilities and testing those vulnerabilities in a similar manner to how an adversary would. Assessment officers and others that are responsible for identifying vulnerabilities tend to leverage automated tools and focus on identifying potential vulnerabilities but do not validate how realistic the vulnerability may or may not be. Penetration testers invest additional time validating that vulnerabilities exist using the same tools used by adversaries. Penetration testers attempt to exploit the vulnerability and then document the results. A penetration tester must be knowledgeable in how to identify vulnerabilities as well as common tactics used to exploit a vulnerability to achieve the same outcome a potential adversary could obtain. This skillset is commonly referred to as red team skills.

Table 4-2 outlines the responsibilities, skills, and certifications associated with the penetration tester role. A penetration tester is ideal for the vulnerability management SOC service but can also work in the compliance, risk management, and R&D services. Similar job titles include security analyst, security engineer, threat researcher, ethical hacker, red team member, and tester.

TABLE 4-2 Penetration Tester Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Perform penetration tests and assessments of web-based applications, networks, and computer systems

Exploitation, assessment, and audit skillsets; technical writing; legal and compliance understanding

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

GPEN: GIAC Certified Penetration Tester

Conduct physical security assessments of servers, systems, and networks

Vulnerability and physical security assessment capabilities

Lock picking

A+ and other hardware certifications

Design and create new tools and tests for penetration testing and assessments

Network servers, networking tools, security tools and products

OSCP and PEN-200 from offensive security

CEPT: Certified Expert Penetration Tester

Probe targets and pinpoint methods that attackers could use to exploit weaknesses and logic flaws

Computer hardware and software systems; vulnerability management and exploitation tactics

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Employ social engineering to uncover security holes

Web-based applications and behavior science

OSCP: Offensive Security Certified Professional

Incorporate business goals into security strategies and policy development

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.)

CISSP: Certified Information Systems Security Professional

CISM: Certified Information Security Manager

Research, document, and review security findings with management and IT teams

Vulnerability analysis and reverse engineering

CCFE: Certified Computer Forensics Examiner

Improve security services, including the continuous enhancement of existing methodology material and supporting assets

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.)

CISSP: Certified Information Systems Security Professional

Provide feedback, support, and verification as an organization fixes security issues.

Communication and writing

College degree

Assessment Officer

An assessment officer is responsible for identifying potential vulnerabilities or gaps in corporate policy, compliance requirements, or general security best practices as defined in popular frameworks. Unlike a penetration tester, an assessment officer works within specific scopes as defined by policies, compliance, or frameworks, meaning he or she must be aware of the latest requirements and continuously validate the organization is meeting those requirements. Any vulnerabilities out of scope of such requirements will be overlooked by the assessment officer because the focus of an assessment officer is auditing rather than general security validation. An assessment officer’s skills are focused on business and operations with a strong understanding of industry frameworks, compliance, and laws associated with cybersecurity as it relates to the organization.

Table 4-3 outlines the responsibilities, skills, and certifications associated with the assessment officer role. An assessment officer is ideal for the compliance and risk management services but can also work in the vulnerability management service or assist other services such as incident management and R&D. Similar job titles are compliance officer, policy officer, security officer, and infosec officer.

TABLE 4-3 Assessment Officer Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Incorporate business goals into security strategies and policy development

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.)

CISSP: Certified Information Systems Security Professional

CISM: Certified Information Security Manager

Conduct physical security assessments of servers, systems, and networks

Vulnerability and physical security assessment capabilities; lock picking

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Interview employees, obtain technical information, and assess audit results

Management and strong communication skills

College degree or special communication skills training

CISM: Certified Information Security Manager

Understand industry data security regulations

Understand HIPAA, PCI DSS, etc.

Specific industry data security certification and experience

Develop and execute tests based on regulations being audited

Critical-thinking skills

College degree and/or programming certification

Research, document, and review security findings with management and IT teams

Critical-thinking skills

College degree and/or programming certification

Understand organization policies and procedures

Critical-thinking skills and experience with SOC policies and procedures

College degree

Provide feedback, support, and verification as an organization fixes security issues

Critical-thinking, project management, and communication skills

College degree

Incident Responder

An incident responder is a cyber first-responder or a higher-tier resource responsible for responding to a security incident. This role involves providing rapid initial response to IT security threats, incidents, and cyberattacks on the organization. The role can also include some penetration and vulnerability testing, network management, intrusion detection, security audits, network forensics, and maintenance of IT security systems. The primary responsibility may be monitoring traffic for any unusual activity or unauthorized access attempts and initiating the appropriate response when a potential event is identified. The response can include patching systems, initiating segmentation, isolating systems, alerting all associated parties, and assisting with returning impacted systems back to an operational state. The incident responder can work through the entire lifecycle of the incident or handle one part of the incident while higher-tier responders or other teams take over responsibilities, depending on the severity of the incident and how the SOC runs the incident management practice.

Table 4-4 outlines the responsibilities, skills, and certifications associated with the incident responder role. An incident responder is ideal for the incident management service but can also work in the situational and security awareness service or vulnerability management service. Similar job titles include incident response engineer, computer network defense, IT network defense, incident analyst, intrusion detection specialist, and network intrusion analyst.

TABLE 4-4 Incident Responder Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Actively monitor systems and networks for intrusions

Windows, UNIX, macOS, and Linux operating systems

Operating system certifications

CompTIA CySA+

Identify security flaws and vulnerabilities

Computer hardware and software systems; vulnerability management and exploitation tactics

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Perform security audits, risk analysis, network forensics, and penetration testing

Exploitation, assessment and audit skillsets; technical writing; legal and compliance understanding; TCP/IP-based network communication

GCFE: GIAC Certified Forensic Examiner

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Perform desktop security assessments and update/patch potential vulnerabilities

Computer hardware and software systems; vulnerability assessments

GPEN: GIAC Certified Penetration Teste

CEH: Certified Ethical Hacker

Develop a procedural set of responses to security problems

Operating system installation, patching, and configuration

CISSP: Certified Information Systems Security Professional

CISM: Certified Information Security Manager

Establish protocols for communication within an organization and dealing with law enforcement during security incidents

Critical-thinking, project management, and communication skills

College degree

Create a program development plan that includes security gap assessments, policies, procedures, playbooks, training, and tabletop testing

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.); critical-thinking, project management, and communication skills

CISSP: Certified Information Systems Security Professional

College degree

Produce detailed incident reports and technical briefs for management, administrators, and end users

Critical-thinking, project management, and communication skills

College degree

Liaison with other cyberthreat analysis entities

Critical-thinking, project management, and communication skills

College degree

Handle case management duties of an incident and be involved with lessons-learned post-incident meetings

Case management experience and tools

CompTIA CySA+

CISM: Certified Information Security Manager

College degree

Systems Analyst

A systems analyst is responsible for monitoring and interpreting different forms of data. Data can include logs from security tools, alerts from networking equipment, or other event data. A systems analyst might also be responsible for analyzing various types of artifacts, including files and programs, the goal being to determine whether there is any potential risk to the organization and discover the purpose of the artifact (meaning why it was created). For example, a word document might have a rootkit included, so the purpose of the document is to trick a user into running it and installing the rootkit.

Systems analysts that work in the incident management service spend time monitoring SIEM/SOAR/XDR systems, looking for potential threats within hundreds of thousands of event data points. A system analyst either addresses events directly or passes them to a member from the incident management service group. Systems analysts that work in the analysis service have isolated labs dedicated to containing potentially threating artifacts and learning what artifacts do. Common duties for analysts involved with the analysis service include performing static analysis, such as scanning or disassembling artifacts, and performing dynamic analysis, such as running artifacts in a sandbox to learn their behavior.

Table 4-5 outlines the responsibilities, skills, and certifications associated with the systems analyst role. A systems analyst is ideal for the analysis service or incident management service but can also work in the digital forensics and risk management services. Similar job titles include operations analyst, business systems analyst, business intelligence analyst, and data analyst.

TABLE 4-5 Systems Analyst Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Actively monitor systems and networks for intrusions

Windows, UNIX, macOS, and Linux operating systems

CCE: Certified Computer Examiner

Identify security flaws and vulnerabilities

Computer hardware and software systems; vulnerability management and exploitation tactics

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Perform security audits, risk analysis, network forensics, and penetration testing

Computer hardware and software systems; vulnerability management and exploitation tactics

TCP/IP-based network communications

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Perform malware analysis and reverse engineering

Computer hardware and software systems

GCFA: GIAC Certified Forensic Analyst

Experience working with SIEM and SOAR orchestration and automation

DevOps and playbooks skills

Certification in DevOps

Reverse engineer/disassemble malware and other artifacts

Disassemblers, debuggers, and other static-analysis tools

GIAC Reverse Engineering Malware (GREM)

Develop sandboxes and analyze software behavior

Sandboxes and other dynamic analysis tools

GIAC Reverse Engineering Malware (GREM)

Analyze logs and other data sources

Security tool logs (firewall, IDS/IPS, etc.), SIEMs, and SOAR

CCNA Cyber Ops, CompTIA Cybersecurity Analyst (CySA+)

Liaison with other cyberthreat analysis entities

Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)

CREA: Certified Reverse Engineering Analyst

Understand assembly language and how computer systems operate (RAM, ROM, storage, etc.)

IDA Pro, Ghidra, RAM/ROM dumps

GIAC Reverse Engineering Malware (GREM)

Security Administrator

A security administrator is responsible for managing IT-related security and safety issues within a company. Tasks can include developing policies and procedures as well as overseeing that policies are followed by employees. Security administrators also oversee the implementation of solutions that prevent cyberthreats and protect data’s confidentiality, integrity, and availability. Tasks include administering security controls to reduce the risk associated with potential vulnerabilities.

Table 4-6 outlines the responsibilities, skills, and certifications associated with the security administrator role. Security administrators are ideal for compliance, risk management, and situational and security awareness services. Similar job titles include security manager, information security manager, network security administrator, systems security administrator, information systems security officer, and IT security administrator.

TABLE 4-6 Security Administrator Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Protect systems against unauthorized access, modification, and/or destruction

Windows, UNIX, and Linux operating systems; system security capabilities

CompTIA Security+ (popular base-level security certification)

Perform vulnerability and networking scanning

Computer hardware and software systems; vulnerability management and exploitation tactics

TCP/IP-based network communications

CCNA: Cisco Certified Network Associate

CEH: Certified Ethical Hacker

Monitor network traffic for unusual or malicious activity

Strong understanding of firewall technologies

ECSA: EC-Council Certified Security Analyst

CompTIA CySA+

Configure and support security tools such as firewalls, antivirus software, and patch management system

TCP/IP, computer networking, routing and switching

CISSP: Certified Information Systems Security Professional

Implement network security policies, application security, access control, and corporate data safeguards

Network protocols and packet analysis tools

CISM: Certified Information Security Manager

CISSP: Certified Information Systems Security Professional

Train employees in security awareness and procedures

Critical-thinking, project management, and communication skills

College degree

Perform security audits and make policy recommendations

Intermediate to expert IDS/IPS knowledge; vulnerability evaluation; security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.).

CISSP: Certified Information Systems Security Professional

College degree

Develop and update business continuity and disaster recovery protocols

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.); critical-thinking, project management, and communication skills

College degree

Security Engineer

This role is similar to a security analyst, with responsibilities of performing security monitoring, security and data/log analysis, and forensic analysis. The goal of this role is to detect security incidents and launch a response. A security engineer can also have responsibilities for identifying which security technologies are used by an organization, maintenance of existing security technologies, development and maintenance of security policy, and developing methods to improve policies.

Table 4-7 outlines the responsibilities, skills, and certifications associated with the security engineer role. A security engineer can work in the incident management, analysis, digital forensics, and R&D services, depending on the specific skills and experience the engineer has acquired. Similar job titles include security analyst, security administrator, security architect, security specialist, and security consultant.

TABLE 4-7 Security Engineer Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Configure and install firewalls and intrusion detection/prevention systems

IDS/IPS, penetration testing, and vulnerability testing

CISM: Certified Information Security Manager

CISSP: Certified Information Systems Security Professional

CEH: Certified Ethical Hacker

Perform vulnerability testing, risk analyses, and security assessments

Firewall and intrusion detection/prevention protocols

CCNP Security: Cisco Certified Network Professional Security

CEH: Certified Ethical Hacker

Develop or work with automation scripts to handle and track incidents

Secure coding practices, ethical hacking, and threat modeling

GSEC: Security Essentials

GCIH: GIAC Certified Incident Handler

GCIA: GIAC Certified Intrusion Analyst

Investigate intrusion incidents, conduct forensic investigations, and launch incident responses

Windows, UNIX, macOS, and Linux operating systems

CISSP: Certified Information Systems Security Professional

CompTIA CySA+

CCFE: Certified Computer Forensics Examiner

Collaborate with colleagues on authentication, authorization, and encryption solutions

Critical-thinking, project management, and communication skills; encryption technology concepts

Systems Security Professional

College degree

Evaluate new technologies and processes that enhance security capabilities

Critical-thinking, project management, and communication skills

College degree

Deliver technical reports and formal papers on test findings

Communication and technical writing skills

College degree

Supervise changes in software, hardware, facilities, telecommunications, and user needs

Critical-thinking, project management, and communication skills

College degree

Define, implement, and maintain corporate security policies

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.); critical-thinking, project management, and communication skills

CISSP: Certified Information

College degree

Analyze and advise on new security technologies and program conformance

Critical-thinking, project management, and communication skills

College degree

Recommend modifications in legal, technical, and regulatory areas that affect IT security

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.); critical-thinking, project management, and communication skills

CISSP: Certified Information

CISM: Certified Information Security Manager

Systems Security Professional

College degree

Security Trainer

A security trainer is responsible for implementing standardized training programs based on the organization’s policies and the current threat landscape. Security trainers develop and schedule training needs based on feedback from interviewing leadership and employees. Responsibilities include developing the training material, coordinating and monitoring enrollment, schedules, costs, and equipment, and delivering training metrics to leadership. Other duties include researching industry training concepts, training people to deliver training content, and updating content as needed.

Table 4-8 outlines the responsibilities, skills, and certifications associated with the security trainer role. A security trainer is ideal for the situational and security awareness service but can also work in the risk management and R&D service groups. Similar job titles include training instructor, information assurance analyst, training analyst, security service training manager, and security training and development manager.

TABLE 4-8 Security Trainer Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Develop a schedule to assess training needs

Experience with technologies and best practices for instructional manuals and teaching platforms

Certification from talent and training associations

Ensure strict adherence to company philosophy/mission statement/sales goals

Understanding policies, procedures, and industry guidelines, standards, and frameworks

CISSP: Certified Information Systems Security Professional

Deliver training to customers or other trainers

Excellent verbal and written communication skills

College degree

Manage security awareness program based on threat research

Strong project management skills with the ability to supervise multiple projects

College degree

Deliver technical reports and formal papers on test findings

Identity and access management principles

College degree

Test and review created materials

Critical-thinking, project management, and communication skills

College degree

Maintain a database of all training materials

Basic database and program management skills

College degree

Security Architect

A security architect oversees the implementation of network and computer security for an organization. This role is typically a senior-level employee responsible for creating security structures, defenses, and responses to security incidents. Additional responsibilities may include providing technical guidance, assessing costs and risks, and establishing security policies and procedures for the organization.

Table 4-9 outlines the responsibilities, skills, and certifications associated with the security architect role. The security architect is ideal for the risk management service but can be part of other services such as compliance, situational, and security awareness, and research and development. Similar job titles include information security architect, IT security architect, and senior security analyst.

TABLE 4-9 Security Architect Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Plan, research, and design robust security architectures for any IT project

Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack concepts

CISSP: Certified Information Systems Security Professional

Perform vulnerability testing, risk analyses, and security assessments

Computer hardware and software systems; vulnerability management and exploitation tactics

GPEN: GIAC Certified Penetration Tester

CEH: Certified Ethical Hacker

OSCP and PEN-200 from offensive security

CPT: Certified Penetration Tester

CEPT: Certified Expert Penetration Tester

Research security standards, security systems, and authentication protocols

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.); critical-thinking, project management, and communication skills

CISM: Certified Information Security Manager

CISSP: Certified Information Systems Security Professional

Develop requirements for LANs, WANs, VPNs, routers, firewalls, and related network devices

Security controls such as firewall, IDS/IPS, network access control, and network segmentation

CISM: Certified Information Security Manager

Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures

Security and encryption technologies

CISM: Certified Information Security Manager

EC-Council Certified Encryption Specialist (ECES)

Review and approve installation of firewall, VPN, routers, IDS/IPS scanning technologies, and servers

Security concepts related to DNS, routing, authentication, VPN, proxy services, and DDOS mitigation technologies

GSEC: GIAC Security Essentials

GCIH: GIAC Certified Incident Handler

GCIA: GIAC Certified Intrusion Analyst

Provide technical supervision for security team(s)

Critical-thinking and communication skills

College degree

Define, implement, and maintain corporate security policies and procedures

Network security architecture development and definition

CISSP: Certified Information Systems Security Professional

College degree

Oversee security awareness programs and educational efforts

Critical-thinking and communication skills

College degree

Update and upgrade security systems as needed

Windows, UNIX, macOS, and Linux operating systems

A+ Security

CISSP: Certified Information Systems Security Professional

Cryptographer/Cryptologist

A SOC that uses encryption to secure information or to build a system will assign these requirements to a cryptologist. A cryptologist researches and develops stronger encryption algorithms. A cryptologist may also be responsible for analyzing encrypted information from malicious software to determine the purpose and functions of the software.

Table 4-10 outlines the responsibilities, skills, and certifications associated with the cryptographer/cryptologist role. Cryptologists are ideal for digital forensics and analysis services but can work in other services based on the need for implementing, understanding, or identifying crypto.

TABLE 4-10 Cryptographer/Cryptologist Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Protect information from interception, copying, modification and/or deletion

Computer architecture, data structures, and algorithms

The cryptologist field is new and only has programs in universities and special learning programs. Certification programs include cryptology aspects, but dedicated certifications are not available at this point in time.

Evaluate, analyze, and target weaknesses in cryptographic security systems and algorithms

Linear/matrix algebra and/or discrete mathematics

EC-Council Certified Encryption Specialist (ECES)

Develop statistical and mathematical models to analyze data and solve security problems

Probability theory, information theory, complexity theory, and number theory

EC-Council Certified Encryption Specialist (ECES)

College degree in math and cryptologist certification

Investigate, research, and test new cryptology theories and applications

Principles of symmetric cryptography and asymmetric cryptography

EC-Council Certified Encryption Specialist (ECES)

College degree in math and cryptologist certification

Probe for weaknesses in communication lines

Principles of symmetric cryptography and asymmetric cryptography

EC-Council Certified Encryption Specialist (ECES)

College degree in math and cryptologist certification

Ensure financial data is securely encrypted and accessible only to authorized users

Network Access Control concepts

Data loss prevention technologies, encryption concepts, identity management, access control

Operating system certifications

Vendor security certifications

Authentication vendor certifications

Ensure message transmission data is not illegally accessed or altered in transit

Principles of symmetric cryptography and asymmetric cryptography

EC-Council Certified Encryption Specialist (ECES)

College degree in math and cryptologist certification

Decode cryptic messages and coding systems for military, political, and/or law enforcement agencies

Principles of symmetric cryptography and asymmetric cryptography

EC Council Computer Hacking Forensic Investigator Certification

College degree in math and cryptologist certification

Advise colleagues and research staff on cryptical/mathematical methods and applications

Principles of symmetric cryptography and asymmetric cryptography

College degree in math and cryptologist certification

Forensic Engineer

Many organizations will experience a breach, and they will need to understand how the breach occurred. Digital forensics is the art of collecting evidence regarding a security incident. Evidence can be used for legal actions, to remediate the vulnerability used to cause the breach, or as part of a lessons-learned exercise. Forensic engineers require specific skillsets focused on collecting data without creating changes to what they are collecting. These engineers may also have legal knowledge to assist with investigations that lead to legal actions.

Table 4-11 outlines the responsibilities, skills, and certifications associated with the forensics engineer role. This role is ideal for the digital forensics service but can also work in the analysis and incident management services. Similar job titles include forensic scientist, forensic consultant, and digital forensics engineer.

TABLE 4-11 Forensic Engineer Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Conduct data breach and security incident investigations

Network skills, including TCP/IP-based network communications

CCE: Certified Computer Examiner

Recover and examine data from computers and electronic storage devices

Windows, UNIX, and Linux operating systems

CEH: Certified Ethical Hacker

Dismantle and rebuild damaged systems to retrieve lost data

Windows, UNIX, macOS, and Linux operating systems; digital forensics concepts

EnCE: EnCase Certified Examiner

Identify systems/networks compromised by cyberattacks

Computer hardware and software systems

GCFE: GIAC Certified Forensic Examiner

Compile evidence for legal cases

Operating system installation, patching, and configuration

GCFA: GIAC Certified Forensic Analyst

Draft technical reports, write declarations, and prepare evidence for trial

Backup and archiving technologies; technical writing

GCIH: GIAC Certified Incident Handler

Give expert counsel to attorneys about electronic evidence in a case

Cryptography principles; legal experience; digital forensics experience; strong communication skills

CCFE: Certified Computer Forensics Examiner

Advise law enforcement on the credibility of acquired data

eDiscovery tools; strong communication skills

CPT: Certified Penetration Tester

Provide expert testimony at court proceedings

Forensic software applications (e.g. EnCase, FTK, Helix, Cellebrite, XRY, etc.)

CREA: Certified Reverse Engineering Analyst

Stay proficient in forensic, response, and reverse engineering

Data processing skills in electronic disclosure environments

CCFE: Certified Computer Forensics Examiner

College degree

Chief Information Security Officer

Also called a CISO, this role is part of high-level management and is positioned as the person responsible for the entire information security division of an organization. A CISO is responsible for all assurance activities related to the availability, integrity, and confidentiality of customer, business partner, employee, and business information in compliance with the organization’s information security policies. A CISO works with executive management to determine acceptable levels of risk for the organization.

Table 4-12 outlines the responsibilities, skills, and certifications associated with the CISO role. It is common for the CISO to be responsible for the risk management service but can also oversee all other SOC services.

TABLE 4-12 Chief Information Security Officer Responsibilities, Skills, and Certifications

Responsibilities

Skills

Certifications

Appoint and guide a team of IT security experts

Practices and methods of IT strategy, enterprise architecture, and security architecture

CISA: Certified Information Systems Auditor

Create strategic plan for the deployment of information security technologies and program enhancements

Security concepts; critical-thinking and communication skills

CISM: Certified Information Security Manager

Supervise development of corporate security policies, standards, and procedures

ISO 27002, ITIL, and COBIT frameworks

GSLC: GIAC Security Leadership

College degree

Integrate IT systems development with security policies and information protection strategies

PCI DSS, HIPAA, NIST, GLBA, and SOX compliance assessments

CCISO: Certified Chief Information Security Officer

Collaborate with key stakeholders to establish an IT security risk management program

Network security architecture development and definition

CGEIT: Certified in the Governance of Enterprise IT

Anticipate new security threats and stay up to date with evolving infrastructures

Knowledge of third-party auditing and cloud risk assessment methodologies

CISSP: Certified Information Systems Security Professional

Develop strategies to handle security incidents and coordinate investigative activities

Critical-thinking and communication skills

CISSP-ISSMP: CISSP Information Systems Security Management Professional

Act as a focal point for IT security investigations

Critical-thinking and communication skills

CISSP: Certified Information Systems Security Professional

College degree

Prioritize and allocate security resources correctly and efficiently

Critical-thinking and communication skills

College degree

Prepare financial forecasts for security operations and proper maintenance coverage for security assets

Critical-thinking and communication skills; contract experience

College degree

Work with senior management to ensure IT security protection policies are being implemented, reviewed, maintained, and governed effectively

Security frameworks (e.g., ISO 27001/27002, NIST cybersecurity framework, etc.); critical-thinking, project management, and communication skills

College degree

Every job role you recruit for will have an associated learning curve to onboard an employee into your SOC environment. Every SOC has its own unique networks, processes, and capabilities that can only be taught while in the job role. The next section looks at role tiers to better understand how job titles can change as employees gain experience and knowledge.

I opened this section with the caveat that a wide variety of different names are used for similar job roles. What you believe a security analyst does, for example, may be different from what others think that job role entails. To help standardize job role concepts, next I’ll cover a U.S. government guide regarding responsibilities associated with cybersecurity industry jobs.

  • + Share This
  • 🔖 Save To Your Account

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020