Security Operations Center (SOC) Team: Key Roles & Responsibilities
Sep Mon, 2018
The need for enhanced cyber security and managed detection response efforts at organizations has increased drastically in the last few years, as hackers and data breaches become more pertinent threats. The question organizations have had to answer is whether to build a security operations center (SOC) in-house or outsource to a managed security services provider (MSSP) like Secuvant. The option of employing an in-house team dedicated to the prevention and detection of cyber threats with the necessary security capabilities, is almost an impossible goal to achieve. The cost, time, and effort alone are obstacles organizations face when deciding to build a SOC team, with the goal of having greater control over their security. Outsourcing to an MSSP and co-managing cyber security can become a cost-effective solution in meeting an organization’s business goals and objectives, without the added effort and hassle of creating a SOC team in-house.
Nevertheless, a SOC team, whether in-house or outsourced to an MSSP, include at least five key roles that help maintain security monitoring tools and investigate suspicious activities.
What are the Key Roles in a SOC Team?
- CISO or vCISO: A Chief Information Security Officer (CISO) or virtual CISO are responsible for the strategy, goals, and objectives of an organization’s security operations. They play an important role in risk management and compliance, implementing policies and procedures that meet specific security requirements, and that enhance the organization’s security posture. Additionally, they are leaders of the SOC team delegating and prioritizing tasks that meet an organization’s objectives set out in their cyber security risk management program.
- SOC Manager: The SOC Manager is the person who manages the entire security operations team, reporting directly to the CISO. They are responsible for the successful completion of all tasks in project engagements, which includes technical work, staff supervision, financial activities, and the monitoring and analyzing of resources.
- Security Architect: A Security Architect is exactly how it sounds, they design and build a security infrastructure and network security for an organization. They are also responsible for maintaining the security, assessing vulnerabilities, and thinking like a hacker, to prevent a security incident or data breach from occurring. The best security architects are ones that have a greater understanding of how hackers gain unauthorized access into organizations, deploying the latest methods of attacks.
- Security Engineers: Security Engineers help facilitate and drive strategy in an organization’s security, performing vulnerability assessments and penetration tests to determine the areas of weakness in security. This role shares similar responsibilities as a Security Architect, in that they are building security systems from the ground up, but they differ in that engineers are focused on potential vulnerabilities and exploits and creating solutions to prevent attacks from occurring.
- SOC Security Analysts: A SOC Security Analyst identifies issues and problems with a security system and then repairs and optimizes it for efficient use. Additionally, they are responsible for ensuring security measures are working effectively and that the proper training has been carried out at an organization for the implementation of policies and procedures. They work closely with business administrators and internal IT professionals in creating documentation and communicating security flaws.
When determining whether you will go the in-house or outsourced route for a SOC team, Gartner recommends the following:
- Perform a realistic cost-benefit analysis of various security operations models before committing to a completely in sourced SOC;
- Focus on aligning SOC deliverables with business objectives by developing tightly defined goals and metrics that the SOC needs to deliver against;
- Identify high business value and critical security functions and keep them in-house; and
- Consider use of MSSP services to offset the cost of 24/7 SOC operations and to fill coverage gaps.
Have questions regarding Secuvant’s SOC team or SOC-As-A-Service solution? Contact us at 855-732-8826 or email@example.com today.