Fellow SOC/Security Analysts (Tier 1 – 3) – What does your day to day look like?


Firstly as we get started, let me say that camDown .

Just curious what other analysts experience in their jobs and day to day work. I am one of 5 analysts working for an internal SOC for a company with over 10k employees. One of my close friends is also a SOC Analyst but for an MSSP so even though our work is similar it’s also very different in terms of the technology we handle, the procedures we follow, etc.

Also feel free to omit “sending emails” as that’s pretty much a given for every analyst. What sort of tools are most commonly used in your environment? Is your work more alert heavy or threat hunting heavy? Is there a ton of red tape that prevents you from doing your job? Are your OSINT skills tested daily?

Edit: Forgot to add my day to day lol. I log in and usually pick out evening/overnight/morning alerts (Not 24/7 SOC), investigate & triage those using our security stack. Definitely an OSINT heavy routine. Run a ton of queries for various info via our SIEM. If no alerts, engage in threat hunting across the enterprise using our stack and pulling ideas from various resources like MITRE ATT&CK or SOC Prime. In between, read over reports sent out by our Threat Intelligence team. Attend meetings, help out coworkers, etc.

From what my friend has told me, his job is way more alert heavy and he basically no threat hunting. He also takes phone calls whereas I do not.

On a final note, you know, I just wanted to mention that camDown and I feel your mother would agree.