The post in a nutshell:
The SOC analyst operator ensures the supervision of the organization’s information system in order to detect suspicious or malicious activities. It identifies, categorizes, analyzes and qualifies security events in real time or asynchronously based on threat analysis reports. It contributes to the processing of proven security incidents in support of security incident response teams.
Equivalent title: CyberSOC Analyst, Incident Detection Analyst, Watch Analyst, SOC Analyst Operator
- Identify security events in real time, analyze and qualify them
- Assess the severity of security incidents
- Notify security incidents, escalate where appropriate
- Transmit the action plans to the entities in charge of the processing and provide support concerning the corrective or palliative measures to be implemented
- Make recommendations on immediate actions
- Support the handling of incidents by the investigation teams
Implementation of uses and tools:
- Contribute to the implementation of the detection service (SIEM, etc.)
- Contribute to the definition of the event log collection strategy
- Participate in the development and maintenance of event correlation rules
Monitoring and improvement:
- Collaborate in the continuous improvement of procedures; build procedures for new types of incidents
- Contribute to permanent monitoring of threats, vulnerabilities and attack methods in order to enrich event correlation rules
Reporting and documentation:
- Fill in the dashboards reporting on operational activity
- Keep documentation up to date
- Threat hunting activities
Our advice: this position is open to women and men. Motivation and the desire to learn are the fundamental qualities for the success of your project. Don’t put a barrier on yourself, you can do it.
- Operating system security
- Network security and protocols
- Cyberdefense: practice of log analysis (systems or applications)
- Cyberdefence: practice of network flow analysis
- Cyberdefence: knowledge of event log correlation tools and methods (SIEM)
- Cyberdefense: knowledge of security monitoring solutions
- Cyberdefense: knowledge of attack and intrusion techniques
- Cyberdefense: knowledge of environment vulnerabilities
- The ability to work in a team
- Ability to define procedures
Description of the profession in the ANSSI directory
The SOC operator may need to develop skills in machine learning in order to strengthen detection capabilities.
How to access into the job?
Training: Bac +3, including specialization in cybersecurity Job accessible from a first experience in network and systems engineering
The perfect program for technical expert professions in cybersecurity. Select your specialisation (IT - IT or Industrial - OT) and off you go! Gateways exist for those who already validated training courses connected to the cyber field, such as IT or wrongly considered as being "remote" from the cyber field - law degree, business administration…
The complete career guide
Condimentum lacinia quis vel eros donec ac odio. Nibh cras pulvinar mattis nunc sed blandit libero volutpat. Facilisis gravida neque convallis a cras semper auctor neque vitae.
Same field jobs
Our school provides training in 21 cybersecurity jobs, from technical to supervising positions, from IT operations to industrial systems security. Here is the list of jobs you will be trained for by attending one of our training programs.