A Day in the Life of a SOC Cyber Security Analyst

Security Analysts are essential members of Rhyno’s Security Operations Centre (SOC), serving as a virtual extension of our client’s in-house teams. SOC Analysts oversee and monitor a variety of detection systems in order to discover, investigate, and respond to threats around the clock.

But what exactly does a SOC Cyber Security Analyst perform on a daily basis, what are the job’s perks and obstacles, and how can individuals enter into it as a career?

SOC Cyber Security Analyst | We chatted with SOC Cyber Security Analyst II, Yongliang Cai, to learn more.

Can you tell us about the path to your current position at Rhyno Cybersecurity?

I’ve always been fascinated with computers. I noticed myself viewing more and more cyber security videos when surfing YouTube. I went to college for IT Administration, and I’ve worked as an IT professional for many years.

During the epidemic, I applied to Rhyno Cybersecurity for some work experience, and they responded with an offer. Over a year ago, I began as a SOC Cyber Security Analyst Level I, and now my current position is SOC Cyber Security Analyst Level II.

What does your employment include on a daily basis? | SOC Cyber Security Analyst

My major responsibility is responding to security warnings, triaging, and prioritizing risks. As a SOC Analyst, I monitor the queue in RhynoGUARD – Rhyno Cybersecurity’s Managed Detection and Response (MDR) platform, where all our incidents are received and analyzed.

If an occurrence is determined to be malicious, we initiate investigations, notify the client and collaborate with them to respond and mitigate the danger.

Because Rhyno Cybersecurity’s services are customized and diverse, our service has many variations.

As a SOC Cyber Security Analyst, my day begins with a handover from the previous shift. Ensuring that the critical information is documented and ready to be delivered on our stand-up call with the whole SOC team.

Following that, it’s a matter of looking over the previous day’s alarm volumes, finding the pain areas, and determining what we can do to eliminate unnecessary or false positive alarms.

What else are you up to?

Every month, we set specific training targets based on client objectives and use platforms like Trend Micro Apex Central to achieving them. We also construct runbooks, which are walk-throughs for specific alert types. So that any SOC member who might encounter that alert in the future can understand them more quickly.

In addition to monitoring warnings and determining if they are harmful, my position entails supervising the work of our team’s Junior Analysts. This involves conducting ticket reviews, in which we select a ticket from an Analyst at random and provide input to verify that all necessary information is included. If information is missing, I go back to the Analyst to discuss what can be done to improve.

We use these reviews as an escalation point. So if a Junior Analyst doesn’t understand something or if a very high-priority issue needs to be discussed with a client, I am responsible for interacting with the Senior Analysts and agreeing on the next steps.

With which other Rhyno Cybersecurity teams do you collaborate?

We have excellent working relationships with the DevOps and the Engineering department. The engineers are concerned with availability – what is occurring with customers, what is down, and the internal platforms involved.

Threat intelligence and client-side visibility are critical for keeping us up to date on developing threats.

My job also entails collaborating with Senior Analysts, whether it be in Incident Response or Threat Hunting. When we detect a real attack, they conduct the necessary investigation. They can halt the assault by isolating the network, contacting the customer, and informing them of the situation. The Threat Hunting team creates detection rules that are triggered whenever an event occurs.

What are the most significant attributes or talents for your job? | SOC Cyber Security Analyst

You must be passionate about cyber security and committed enough to comprehend the granularities of what’s going on. You must also have the desire to determine which measures are necessary to solve specific challenges. Thinking outside the box is essential. However, you must also be able to analyze the difficulties logically because dealing with a cyber attack usually follows a specific procedure.

Having the skill and motivation to do research is also important for keeping up with developing dangers.

Additionally, having the interpersonal skills to work well with clients is critical in the SOC Cyber Security Analyst function.

What is the most satisfying component of your job?

As a SOC Analyst, I loved investigating various alarms to determine why and how something occurred. It was fantastic to know that we had discovered a danger early in the process, preventing them from launching a late-stage assault like ransomware.

The most satisfying component of my job as a SOC Cyber Security Analyst is reading through old issues and providing comments to Junior Analysts, allowing everyone to develop and keeping the SOC running smoothly.

What is the most challenging aspect of your job?

As a SOC Analyst, I found the most challenging component to be the fact that certain alerts are more complex than others due to their obscurity. In these cases, we had to go through numerous security systems and determine which logs were significant and which were not to better understand what was happening. Working your way through numerous systems to determine what is and isn’t significant can be difficult.

Because my new job is a lot more customer-related, the most challenging component is attempting to gain more information. If an Analyst has missed something or if there is something we haven’t seen before. We need to analyze it and collect as much information as possible so that we can determine the next steps.

How do you want your job to evolve in the future? | SOC Cyber Security Analyst

As a SOC Analyst, I aim to continue training, obtain certifications, and advance within the firm to become a Senior Analyst and assist with significant incidents. I’d also like to get into penetration testing and ethical hacking, perhaps taking certifications such as Certified Ethical Hacker or PenTest+.

What advice would you provide to someone considering a career in cyber security?

First, learn about computers and Information Technology. You need to know how computers work as well as networking. Also, utilize external resources such as Hack The Box and TryHackMe. I would also add that having the mindset of a penetration tester is beneficial. Thinking about how attackers behave teaches you what to look for and how to respond.

How has working at Rhyno Cybersecurity influenced your understanding of cyber security?

Rhyno Cybersecurity has provided me with several opportunities to obtain certifications and follow a structured training program. The organization has also offered the opportunity to participate in training and testing settings, which provide you with situations to solve.

Seeing active hazards in the field on a daily basis also helps us better grasp how things function.

What impact do you believe your role has on customers? | SOC Cyber Security Analyst

This isn’t merely a technical position. It’s not just about looking at data on a computer. What we do may prevent a firm from going out of business or from being unable to operate for weeks or months, resulting in revenue loss. It’s rewarding when clients return to say thank you – or when they have a question, and we can assist them. It’s satisfying to know you made a difference and made it easier for them to recognize what they need to accomplish.

If you are interested in a career in cyber security, contact Rhyno at https://resources.rhyno.io/careers/.