Security Analysts are responsible for providing technical support in the monitoring, reporting, and response activities related to security events, threat detection systems, tools, and security services.
Security Analysts are typically assigned the following responsibilities:
- Monitor the SIEM for suspicious events and anomalous activity;
- Triage security events for criticality according to best practices and playbooks;
- Validate suspicious events and incidents using open-source and proprietary intelligence sources;
- Document and manage incident cases;
- Notify involved stakeholders of security incidents;
- Provide investigatory support and additional information as needed;
- Provide descriptive analysis when responding to alerts in the security environment;
- Tuning SIEM alerts to improve detection engineering;
- Keep up-to-date with information security news, techniques, and trends;
- Monitor log collection activities;
- Report all operational issues or problems; and,
- Report any changes in the security environments to the SOC Manager or CISO.
Sources: [eBook] Bridging the Cybersecurity Skills Gap
↑