1. What is SOC?
SOC stands for Security Operations Center.
It is a centralized team responsible for continuously monitoring,
detecting, analyzing, and responding to cyber security incidents.
SOC works 24×7 to protect an organization from cyber attacks.
2. Why SOC is Important
- Cyber attacks happen anytime
- Early detection reduces damage
- Mandatory for banks, IT companies, hospitals
- Protects data, reputation, and business continuity
3. SOC Architecture (High Level)
- Log Sources (Servers, Firewalls, Applications)
- SIEM Platform
- Security Analysts
- Incident Response Team
- Threat Intelligence Feeds
All logs and alerts are centralized in SIEM.
4. SOC Job Roles
| Role |
Responsibility |
| SOC Analyst L1 |
Monitor alerts and dashboards |
| SOC Analyst L2 |
Analyze incidents and investigate threats |
| SOC Analyst L3 |
Advanced threat handling and escalation |
| Incident Responder |
Contain and eradicate cyber attacks |
| Threat Hunter |
Proactively search for hidden threats |
| SOC Manager |
Manage team, processes, and reporting |
5. Tools Used in SOC
| Tool Type |
Purpose |
| SIEM |
Log collection, correlation, alerting |
| EDR |
Endpoint threat detection |
| IDS / IPS |
Network intrusion detection and prevention |
| SOAR |
Automated incident response |
| Threat Intelligence |
Known attacker techniques and indicators |
6. SOC Incident Response Lifecycle
- Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Lessons Learned
7. Skills Required for SOC Jobs
- Networking basics
- Linux fundamentals
- Log analysis
- Understanding of attacks & malware
- Communication and documentation
SOC jobs focus more on analysis and thinking than hacking.
8. Career Path in SOC
- SOC Analyst L1 → L2 → L3
- Incident Responder / Threat Hunter
- Security Engineer
- SOC Manager / CISO
9. SOC vs Ethical Hacking
- SOC = Defense (Blue Team)
- Ethical Hacking = Attack Simulation (Red Team)
- Both are equally important