Ciao,

I was stuck for what forum and where it was best placed. I figure why not ask you, odds are someone here has experience of being in a security anaylst, specifically in a SOC.

I have an opportunity to take a position as a senior Security Analyst. I could really do with an insightful view?

Graci

It depends ... I've done a lot of host security analysis on configuration of unix/linux hosts (with automated reporting in the mostly vain hope the relevant people will fix the problems).

But there is also log analysis (which I've done some of).

And network traffic analysis.
And examination of computers after suspected wrongdoing to collect evidence.
And pen testing.

So it really depends on how the employer sees the vacancy.

And lots of people when they say "security" don't mean security - they mean compliance (passing audits and/or meeting trivial standards).

Ahh yes, This is definitely not the audit/compliance gig. I'd rather be jobless - maybe...

It is very much focused on what you described:
So whats it like? Did it keep you interested? and learning new things? What were you favorite/least favorite aspects?

Thanks

pretty dull - I made a web display of recent centrally-collected syslog so you could tell who logged in where and when and from where. The idea is if you thought one host was compromised you'd have an idea which other hosts to look at next.

never done this except for odd debugging (you might look at snort etc)

This tends to fall into using encase etc for catching staff viewing porn on windows boxes (not my area) and using TCT to study actions taken on Unix hosts to know what the bad guy was up to (find what exploit tool he installed). Hopefully these are infrequent actions.


Then there's looking for bugs in s/w - definitely fun. You get to report stuff to the vendors and see if they are willing to fix it. The worst behaviour I found was BMC unwilling to even receive a bug report until I could show I had a support contract.