Security analyst, sometimes known as an incident responder or security operator, is the front line of defense in the SOC, Tier 1. Their usual responsibilities would be configuring and monitoring security tools to identify cybersecurity threats. Incident responder works in the world of alerts that need triage, classification, and prioritization. Then the identified incidents will be handled by the Tier 2 specialist or Security Investigator.

Sometimes, the Tier 1 security analyst’s responsibility can be implementing security measures, if commanded by the management, and on-call response to incidents happening outside business hours.

Do not be fooled by the hierarchy of the SOC team. Tier 1 analyst or incident responder’s role is of high importance because it is right on this line where the decision is made: is there incident happening or not?

The skills set of a typical Tier I security analyst usually includes system administration, web programming languages, such as Python or PHP, and scripting languages. Security certifications such as CISSP are an advantage.

Trilight Security offers outsourcing trained and experienced security analysts working in Splunk, Elastic, MS Sentinel, and other SIEM environments.

Read more about SOC team composition and SOC-as-a-Service

To Augment Your SOC Team With a Tier 1 Security Analyst:

10 Major Benefits of Partnership with MSSP


Managed Security Service Provider is a perfect option for businesses of any size that are looking for advanced cybersecurity protection. Partnership with qualified MSSP brings you and your security team serious benefits. DOWNLOAD whitepaper and find out more.

DOWNLOAD