Having a background from network engineering, should I go for a security operations center (SOC) engineer? Is there a good career path?
On average network, engineers are paid $85K on a yearly basis. This shows the demand in today’s job market. Therea is good scope for network engineers because people from the networking background can switch on to multiple roles based on their interests and knowledge. Security Operation Center (SOC) is one option and the other is “Network Security Operations Engineer”. Most of the tasks are similar for SOC & Network Security Operations Engineers. Let's have an overview such that it shall be easy for you to understand.
Network Security Operations Engineer Role & Responsibilities:
Network Security Operations Engineers come up with new approaches to fix existing production security problems. They undertake risk analysis, vulnerabiliencryption.and security reviews and partner with their teammates on solutions for authorization, authentication, and encryption.
Engineers must have in-depth knowledge of **LAN **and **WAN **and must know how to devise, implement, and configure firewalls.
They monitor anti-spam technologies and have knowledge of email, DDoS, intrusion detection systems, vulnerability scanning, and network access control.
In addition, engineers should support and maintain existing firewall infrastructure, be constantly on the lookout for opportunities to automate, cut down expenditure, and improve quality of service. For more information please refer to the below link.
Reference : https://www.fieldengineer.com/skills/network-security-operations-engineer
SOC involves three segments:
Primary: Data collection like finding data sources is the first part. Common data sources are network activity/security events (firewalls, IDS/IPS, net flow, vulnerability scanners), threat intelligence (internal and external feeds), Endpoint activity (ETDR, DNS, DHCP, AV, OS logs), and finally authorization (LDAP, Active Directory, VPN, SSO).
Secondary: The second part is a threat intelligence platformcase/ticketSIEM). A Threat Intelligence Platform (TIP) automatically collects and reconciles tickets/casesus sources and formats.
Tertiary: The final part would be case/ticket management system. Any sensible software platform can be used when managing tickets/cases.
Good Luck!
Article Source: https://bit.ly/31zXhkX
On average network, engineers are paid $85K on a yearly basis. This shows the demand in today’s job market. Therea is good scope for network engineers because people from the networking background can switch on to multiple roles based on their interests and knowledge. Security Operation Center (SOC) is one option and the other is “Network Security Operations Engineer”. Most of the tasks are similar for SOC & Network Security Operations Engineers. Let's have an overview such that it shall be easy for you to understand.
Network Security Operations Engineer Role & Responsibilities:
Network Security Operations Engineers come up with new approaches to fix existing production security problems. They undertake risk analysis, vulnerabiliencryption.and security reviews and partner with their teammates on solutions for authorization, authentication, and encryption.
Engineers must have in-depth knowledge of **LAN **and **WAN **and must know how to devise, implement, and configure firewalls.
They monitor anti-spam technologies and have knowledge of email, DDoS, intrusion detection systems, vulnerability scanning, and network access control.
In addition, engineers should support and maintain existing firewall infrastructure, be constantly on the lookout for opportunities to automate, cut down expenditure, and improve quality of service. For more information please refer to the below link.
Reference : https://www.fieldengineer.com/skills/network-security-operations-engineer
SOC involves three segments:
Primary: Data collection like finding data sources is the first part. Common data sources are network activity/security events (firewalls, IDS/IPS, net flow, vulnerability scanners), threat intelligence (internal and external feeds), Endpoint activity (ETDR, DNS, DHCP, AV, OS logs), and finally authorization (LDAP, Active Directory, VPN, SSO).
Secondary: The second part is a threat intelligence platformcase/ticketSIEM). A Threat Intelligence Platform (TIP) automatically collects and reconciles tickets/casesus sources and formats.
Tertiary: The final part would be case/ticket management system. Any sensible software platform can be used when managing tickets/cases.
Good Luck!
Article Source: https://bit.ly/31zXhkX