+ Reply to Thread
Results 1 to 5 of 5
  1. Junior Member Registered Member
    Join Date
    Jan 2018

    Default Tier 1 SOC Analyst Job Interivew Prep. Need tips.

    Hello everyone.

    i'm in the process of being considered for a Tier 1 Soc Analyst position.

    and very soon i will be interviewed

    i have a security + certification and a GCIH certification. i just earned both of them.

    i also have a secret clearance too.

    i'm trying to get whatever advice i can for people here on actions i can do to prepare for the job interview.

    my guess is that i will get a technical screening on the phone first.

    i looked at some old threads here about Soc Analyst Tier 1:

    Soc analyst tier 1 interview

    SOC Security Analyst Tier 1 job offer

    any additional advice would be appreciated.

    Reply With Quote Quote  

  2. SS
  3. Junior Member
    Join Date
    May 2011

    CISSP, C|EH, Sec+, others
    I would do the following.
    - Know the OSI model like the back of your hand. Not just the layers, but what each layer does.
    - Expect trick questions like "What layer of the OSI model does Ping fall on?"
    - Be able to name at least three current cyber security events currently in the news
    - Be able to name at least 5 sources of cyber news (ThreatWiire, SC Magazine, Krebs, etc)
    - Be able to go explain what you would do if you saw an attack at 3 in the morning and you were the only one in the SOC
    - Make them aware that cyber is a passion, not just a job role
    - Know the basics of Linux commands, and know something about shells
    - Be honest. ie, if they ask you how to reverse engineer malware (or something advanced)and you don't have the experience, tell them you haven't done that before. Don't bullshit.
    - Get familiar with a the basics of a few SIEMS (ArcSight, Sourcefire, Qradar, etc) Splunk is hot right now. Youtube is your friend.
    - Be able to explain PCAP (know some Wireshark filters)
    - Your GCIH will come in very handy, so utilize it in the conversation. "We did labs with <fill in the blank>"

    - Be confident
    Reply With Quote Quote  

  4. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Surf City USA
    Blog Entries

    PenTest+, CISSP, SSCP, GSEC, CASP, CEH (revoked), CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, MSIT InfoSec
    And to add:
    • Know how basic endpoint security works (e.g., computers, peripherals, IoT, etc.).
    • Know how basic midpoint security works (e.g., firewall/WAF, proxy/reverse proxy, IDS/IPS, etc.).
    • Know about Cloud security vs Data Center security. (tip: AWS Assoc cert puts you above your competition).
    • Emphasize any experience you have in programming, writing reports/documentation, or IT host/network admin.
    • Understand all of the ways a large enterprise can be cyber-attacked.
    • Be able to talk about current InfoSec events like it's sports-talk--especially when related to APT.
    • Don't apologize for not knowing the answer to a question; just do your best to answer it.
    • Remember to breathe.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  5. Senior Member scaredoftests's Avatar
    Join Date
    Dec 2013
    behind you!

    ACAS,Comp TIA Security +, Novell CNE, HDI Customer Service, ITIL Foundation, MTA
    ASK a lot of questions as well. Show your interest. Be early.
    Never let your fear decide your fate....
    Reply With Quote Quote  

  6. Junior Member Registered Member
    Join Date
    Jan 2018
    Thanks guys! much appreciated.

    Thank u so much. this has been very helpful
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks