- Career vs. Job
- Developing Job Roles
- SOC Job Roles
- NICE Cybersecurity Workforce Framework
- Role Tiers
- SOC Services and Associated Job Roles
- Soft Skills
- Security Clearance Requirements
- Pre-Interviewing
- Interviewing
- Onboarding Employees
- Managing People
- Job Retention
- Training
- Certifications
- Evaluating Training Providers
- Company Culture
- Summary
- References
This chapter is from the book
This chapter is from the book
This chapter is from the book
Role Tiers
Roles within each SOC service can be broken down into different tiers or skill levels, which signify associated responsibilities. For example, a first-tier SOC analyst may be responsible for detecting, identifying, and troubleshooting security events that come into the SOC. Often this is the tier that communicates with the affected party. Responsibilities include detection, classification, and escalation of events. A second-tier analyst may have mitigation responsibilities over any event escalated by a first-tier SOC analyst. If the event requires even further support, a more-experienced third-tier analyst may be involved to remediate the situation. The third-tier analyst might also build tools and processes to improve capabilities within the SOC, including the processes followed by lower-tier analysts. Higher-tier roles have higher compensation but require deeper technical skills and experience. The same tiered approach can apply to other job roles with SOC services, such as a first-tier developer handling basic coding while a higher-tier developer would have responsibilities over the project’s direction.
Each job role you create for your SOC should have a tier structure to promote career growth. A pay scale should also be assigned to each tier of a job role to inform employees what the expected compensation range is with an associated job role. The specific requirements advertised for the job role that includes the associated tier can reference lower tiers along with including the additional experience and skills needed to be considered for the higher-tier job role. Using this structure not only weeds out candidates that do not have the associated skills for the job tier being requested but opens the door for those same candidates to consider a lower tier of the same job role that might be more appropriate for their skill and experience level. For example, a SOC might post open job roles for multiple analyst jobs at different tier levels. A candidate who interviews for the tier 3 analyst role might be informed that he is not qualified for that role but should consider applying for a tier 1 or 2 analyst role, with the goal of eventually gaining the experience to be promoted to a tier 3 analyst. Using this approach will provide direction for career growth, open your recruiting efforts to more candidates, and keep expectations for hiring and promotions clear to all employees.
It is important to validate industry pay ranges and experience expectations against any job role you create as well as the tier you associate the role with. With publicly available sources of pay ranges online, job candidates have expected pay ranges for specific job titles. The same expectation applies to associated tiers with a job title. For example, job and recruiting website Glassdoor estimates an average base pay for a tier 1 analyst at $77,665 per year USD, while an experienced analyst salary range increases to $99,898 per year USD. Aligning with industry trends for pay ranges will reduce the risk of not capturing quality candidates as a result of not advertising acceptable pay scales in your job posting. You should apply similar research to expectations for skills and experience. Online employment resources such as Glassdoor and Monster not only provide expected pay ranges for job roles, but also suggest years of experience in the role and a generic view of expected skills. Use these expectations as you list out what requirements for skills and experience are needed for your job roles, keeping in mind that your job roles will be based on the services provided by your SOC and will be different than a generic industry explanation of a job title and associated experience tier.