Perso=
na Name |
Description |
SOC Analyst |
- Profile: Beginner, Junior-level analyst
- Tools Used: SIEM tools/dashboards, Security endpoint UIs, Email/Ticketi=
ng/Workflow Systems
- Responsibilities: Monitor security SIEM tools, search/investigate breac=
hes, malware, review alerts and determine to escalate as tickets or filter =
out, follow security playbooks, investigate script kiddie attacks.
|
SOC Investigator |
- Profile: More advanced SME in cybersecurity, Experienced security analy=
st, understands more advanced features of security tools, thorough understa=
nding of networking and platform architecture (routers, switches, firewalls=
, security), Ability to dig through and understand various logs (Network, f=
irewall, proxy, app, etc..)
- Tools Used: SIEM/Security tools, Scripting languages, SQL, command line=
- Responsibilities: Investigate more complicated/escalated alerts, invest=
igate breaches, Takes the necessary steps to remove/quarantine the malware,=
breach or infected system, hunter for malware attacks, investigate more co=
mplicated attacks like ADT (Advanced Persistent Threats)
|
SOC Manager &=
nbsp; |
- Profile: Experience managing teams, security practitioner that has move=
d into management.
- Tools Used: Workflow Systems (e.g: Remedy, JIRA), Ticket/Alerting Syste=
ms
- Responsibilities: Assigns Metron Cases to Analysts. Verifies =E2=80=9Cc=
ompleted=E2=80=9D metron cases.
|
Forensic Investigat=
or |
- Profile: E-discovery experience with security background.
- Tools Used: SIEM and e-discovery tools
- Responsibilities: Collect evidence on breach/attack incident, prepare l=
awyer=E2=80=99s response to breach,
|
Secur=
ity Platform Operations Engineer |
- Profile: Computer Science, developer, and/or Dev/Ops Background. Experi=
ence with Big Data technologies and supported distributed applications/syst=
ems
- Tools Used: Security Tools (SIEM, endpoint solutions, UEBA solutions), =
provisioning, management and monitoring tooling, various programming langua=
ges, Big Data and distributing computing platforms.
- Responsibilities: Helps vet different security tools before bringing th=
em into the enterprise. Establishes best practices and reference architectu=
re with respect to provisioning, management and use of the security tools/ =
configures the system with respect to deployment/monitoring/etc. Maintains =
the probes to collect data, enrichment services, loading enrichment data, m=
anaging threat feeds, etc..Provides care and feeding of one or more point s=
ecurity solutions. Does capacity planning, system maintenance and upgrades.=
|
Security=
Data Scientist |
- Profile: Computer Science / Math Background, security domain experience=
, dig through as much data as available and looks for patterns and build mo=
dels
- Tools Used: Python (scikit learn, Python Notebook), R, Rstudio, SAS, Ju=
pyter, Spark (SparkML)
- Responsibilities: Work with security data performing data munging, visu=
alization, plotting, exploration, feature engineering and generation, train=
s, evaluates and scores models
|