| Title | Author | Created | Published | Tags | | ----------------------------- | ---------- | ------------------ | ------------------ | -------------------------------------------- | | Junior Security Analyst Intro | Jon Marien | September 08, 2025 | September 08, 2025 | [[#soc\|#soc]], [[#arcticwolf\|#arcticwolf]] | # Junior Security Analyst Intro ![[image-933.png]] *** **In the Junior Security Analyst role, you’ll mainly act as a Triage Specialist. You’ll spend most of your time monitoring and sorting through logs and security alerts.** ### **Responsibilities For a Junior Security Analyst (Tier 1 SOC Analyst/Triage Specialist) typically include:** - Watching for and investigating alerts (usually in a 24/7 operations environment) - Setting up and managing the company’s security tools - Creating and using basic rules for Intrusion Detection Systems (IDS) - Joining SOC team meetings and working group discussions - Opening tickets and escalating important security incidents to higher-level analysts when needed ### **Qualifications The most common required are:** - 0–2 years of experience working in Security Operations - A basic understanding of networking (OSI model, TCP/IP model), computer operating systems (like Windows or Linux), and web applications - Knowing how to script or program is helpful but not always necessary ### **Suggested certification:** - CompTIA Security+ As you gain more experience and improve your skills as a Junior Security Analyst, you’ll have the opportunity to move up to Tier 2 and Tier 3 analyst roles. *** ![[image-934.png]] ## **What is a SOC?** The security operations center (SOC) is a 24/7 centralized function within an organization employing people, processes, and technology to continuously monitor and improve an organization's security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. A SOC acts like the hub or central command post, taking in telemetry from across an organization's IT infrastructure. This includes its networks, devices, appliances, and information stores, wherever those assets reside. The proliferation of advanced threats places a premium on collecting context from diverse sources. Essentially, the SOC is the correlation point for every event logged within the organization that is being monitored. For each of these events, the SOC must decide how to manage and act upon them. ![[image-935.png]] ## **Preparation and Prevention** As a Junior Security Analyst, it is important to keep up with the latest cybersecurity threats. Using tools like Twitter and Feedly can help you stay updated with current cybersecurity news. Your job is to watch for and chase down threats, help develop a plan to protect the organization, and always be prepared for the worst-case situations. Prevention means collecting intelligence about new threats, the hackers behind them, and how they operate (their Tactics, Techniques, and Procedures, or TTPs). It also involves routine tasks like keeping firewall protections up to date, patching any weaknesses in current systems, and creating blocklists and allowlists for certain apps, email addresses, and IPs. ## **Monitoring and Investigation** The SOC team actively uses SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) tools to watch for suspicious or dangerous activity on the network. Think of it like being a firefighter responding to alarms: some are low urgency, while others are emergencies. As a Security Analyst, you will learn to sort alerts by importance—Low, Medium, High, and Critical—so you can tackle the most urgent ones first. Having the right tools set up correctly will give your team the best chance to stop threats. Junior Security Analysts have a big role in investigations. They review alerts, figure out how attacks work, and try to stop any further damage. During their investigation, they focus on questions like "How did this happen? When did it start? Why did it happen?" Analysts search through logs and alerts, and also use free online tools to find these answers—a topic you’ll get to explore more as you continue learning. ## **Response** After investigating, the SOC team acts to fix the problem. This can mean isolating infected computers from the network, ending harmful programs, removing bad files, and other cleanup actions. ---