What does a SOC analyst actually do?

CANCOM Slovakia: Hello Rajeev, you have been with CANCOM for over five years. Could you start by telling us what you did before and how you came to CANCOM?

Rajeev: I come from India, where I completed my bachelor’s degree in computer science in 2012. After gaining practical experience as an Information Security Analyst in two different companies, I decided to come to Germany for a master’s degree in 2017. After that, my story at CANCOM began: a recruiter contacted me. After two interviews, I started as a 1st level analyst in the CANCOM team in May 2018. This was a great opportunity for me to continue my career in the security. In addition, the Security Operation Center (SOC) was being set up at CANCOM at the time. This was an absolute plus, as I was able to experience the process right from the start.

CANCOM Slovakia: You started as a 1st level analyst and developed into a 2nd level analyst. Could you give us an insight into your exact tasks and explain the difference between the two positions?

Rajeev: I worked as a 1st level analyst for almost 1 1/2 years, my responsibilities included monitoring security alerts 24/7, conducting initial analysis according to predefined procedures when needed, and escalating more complex incidents to higher level analysts. Additionally, I worked closely with customers and internal teams to identify, analyze, respond to security incidents, and mitigate potential security risks, aiming to improve the overall security posture and protect company systems and data from cyber threats.

In my current capacity as a 2nd level analyst, I assume a leadership role in incident response, providing guidance and support to 1st level analysts while managing more intricate and severe security incidents. I conduct thorough investigations of alarms escalated by 1st level analysts, perform detailed threat analyses, and develop strategies to effectively contain and resolve security issues. Furthermore, I am tasked with integrating threat data into daily operations to enhance the overall security posture of both customers and the company. Additionally, I oversee the patching, maintenance, and upgrading of all managed SIEM systems, ensuring they are configured and optimized for advanced threat detection.

CANCOM Slovakia: How did you come to become a 2nd level analyst? What did you have to do and how did CANCOM support you?

Rajeev: During my tenure as a 1st level analyst at CANCOM, I dedicated myself to advancing my skills in preparation for transitioning to a 2nd level analyst role. Alongside gaining practical experience, I pursued significant certifications and engaged in internal training programs focusing on areas like threat intelligence and incident response. Additionally, I assumed leadership responsibilities in coordinating incident responses and guiding my 1st level colleagues.

I received full support from CANCOM throughout this journey. Particularly, my manager played a pivotal role by offering direct opportunities for my professional growth and providing invaluable mentorship. He actively encouraged my involvement in training and certification initiatives. Consequently, when a position for a 2nd Level Analyst arose, I was promptly promoted to the role of 2nd Level Senior Security Analyst (SOC).

CANCOM Slovakia: The SOC has to ensure 24/7 monitoring. What are your working hours like and those of your colleagues?

Rajeev: Continuous monitoring in a SOC environment is essential for promptly detecting and responding to security incidents. Our team operates on varying schedules to maintain uninterrupted coverage: 1st level security analysts work rotating shifts, including days, evenings, nights, weekends, and holidays. Meanwhile, 2nd and 3rd level analysts typically maintain regular Monday to Friday, 8 am to 5 pm schedules. To ensure constant availability, there is always a designated individual from the 2nd or 3rd level, or the SOC Manager on call to address emergencies.

CANCOM Slovakia: What do you find particularly exciting about your tasks in the SOC?

Rajeev: The dynamic nature of cybersecurity is what I find most exhilarating about my work. It involves constantly navigating new and evolving threats, adapting to emerging attack vectors, and actively contributing to the development and refinement of security processes. Staying updated on the latest threat intelligence is crucial for enhancing the company’s security posture, and achieving successful defense and mitigation of potential security incidents is particularly rewarding.

Additionally, I find it exciting to be part of the decision-making process regarding the procurement of products in the SOC domain. Extensive research precedes our product selection, and I appreciate the abundance of security tools utilized within the CANCOM SOC team compared to most other SOC departments, which typically rely on only one or two tools. This environment provides me with a comprehensive understanding of various tools and valuable learning opportunities.

CANCOM Slovakia: Thank you for the exciting insights into your day-to-day work.

If you are interested in a position in the SOC team at CANCOM, just take a look at the current vacancies in this area.