Request a demo
Request a demo
false
May 25, 2021

Key Roles to Consider When Staffing Your Security Operations Center

As the threat landscape grows, so does the demand for security operations center (SOC) talent. While every role in the SOC has a vital function, four remain critically important: 

  1. SOC manager
  2. Alert analyst
  3. Incident responder
  4. Subject matter expert

To successfully fulfill these roles—all of which require a strong mix of technical and cognitive skills—security and risk leaders must conduct an effective skills gap analysis, take stock of their organizational culture, and ensure their people and processes are aligned with the desired output of their SOC. They will then have a well-defined structure in place to recruit, vet, and onboard candidates. 

Let’s take a look at the roles and how and why each is essential to running an effective SOC.  

SOC manager

This role is critically important as the SOC manager is responsible for leading the security operations team, including technical oversight and guidance and various people management duties such as staffing, training, scheduling and coaching. 

The ideal candidate will be a leader who can skillfully prioritize, effectively communicate and, during times of crisis, perform at a high level while acting as a stabilizing force for the SOC team and the organization. SOC managers should also have the skills needed to oversee the SOC’s performance metric framework (e.g., trend analysis, tasking on intelligence) and play an active role in developing and implementing crisis communication plans. 

Alert analyst

Alert analysts are responsible for the ongoing monitoring of the SOC’s alert queue, investigating suspicious activities within the organization’s IT systems and networks, and in many organizations, threat hunting. 

As these analysts are on the “front line” they are also responsible for fielding incoming calls, collecting data, triaging threat alerts, and ensuring the health and homeostasis of security sensors. Without the foundational support alert analysts provide, SOCs run the risk of failing during critical situations, which is when they need to run at peak performance with minimal or no downtime.

Incident responders 

The job of these responders is to perform deep analyses of incidents, review relevant logs, and conduct post-initial evaluations. Incident responders are vital to SOCs because they confirm and validate the threat scope before action is taken—a core capability of the SOC that ensures risk and security leaders implement remediation tactics only for those threats or risks deemed legitimate. 

Subject matter experts

Security professionals that take on this role must have expertise in network protocols and operating systems, as well as a deep knowledge of threat detection/evaluation tools and the most effective utilization of the tools' output. 

Don’t lose sight of the “team” factor

Once the right people are in the right roles, security and risk leaders must focus on how to best create a harmonious team—one that is high performing and working toward the same goals and objectives. This calls for:

  • A clear and well articulated vision, objective, and mission for the SOC
  • Detailed training that covers, not just the on-shift responsibilities, but also handover procedures to ensure issues don’t slip through the proverbial cracks, especially during periods of vulnerability. 
  • Logistical planning and capabilities needed for round-the-clock staffing, including contingent resourcing 
  • Clear communication and reporting protocols understood by all

Learn about other best practices that can be used to plan and build effective SOCs: [ebook / 6 Key Considerations Before Setting Up a Security Operations Center]

 

U3GM Blog Post Comments

What Could You Do with Dataminr?
Request a demo

Related Posts

Dataminr Celebrates Our Veterans: Honor and Serve Those Who Served
4 minute read
| November 10, 2021

Dataminr Celebrates Our Veterans: Honor and Serve Those Who Served

After serving in the U.S. Navy for almost a decade and now working in the private sector, to me Veterans Day is truly a special day of reflection and remembrance. This... Read More
US Hurricane Preparedness: 5 Steps for an Effective Response
5 minute read
| February 7, 2022

US Hurricane Preparedness: 5 Steps for an Effective Response

For many coastal residents of the U.S., 2021 brought a destructive hurricane season. Communities from Rhode Island to Florida and Louisiana endured power outages, halted... Read More
Crisis Response in Real Time: Prepare for the Unpredictable
3 minute read
| October 14, 2021

Crisis Response in Real Time: Prepare for the Unpredictable

Effective, holistic crisis response and management has become critical to the long-term survival of today’s businesses. It’s indicative of the world in which we now live. ... Read More