www . AmericanSecurityToday . com April 2021 - Edition 54
the security stack .
• Part of their role is to train and certify on new tools adopted by the organization .
• Investigate suspected security incidents — identifying suspicious activity on the corporate network or affecting any IT system , typically received as SIEM alerts , classifying and investigating them .
• Responding to real security incidents — surprisingly , only a small fraction of the role of security teams is to actually “ fight the bad guys ”.
• This is because large efforts are spent on the above two roles — managing tools and combing through alerts .
The SOC team consists of several roles :
• Security analyst — reviews security alerts and investigates them .
• In case of a severe threat , the analyst will escalate to a higher-tier analyst with specialized expertise .
• Security engineer — maintains and updates security systems
• SOC manager — hiring security specialists , responsible for training , strategy , and directly managing severe
22