The Tier 2 security investigator steps in when the threat has been identified as real. Based on the threat intelligence which is increasingly relying on automation to increase the speed of response, the security investigator will work to identify hosts and devices which suffered the attack, analyze processes, etc. Investigator’s responsibility will be the discovery of the sources of attack, its development stages, residence in the protected IT environment, etc. Tier 2 security investigators also have to develop and implement strategies for threat mitigation and eradication aimed at minimization of the damage to the stage when the recovery or remediation can be started to get things to where they should be.

The primary responsibility of this SOC team member is to timely stop real attack and minimize its consequences. Surely, as we stated before ultimate success depends not only on the tools used and expertise but also on the efficient work of the Tier 1 analysts.

The skills set of a typical Tier 2 security investigator is similar to that of a Tier 1 analyst, but additionally, you should expect: system administration, web programming and scripting languages, also forensics, malware assessment, and threat intelligence skills are expected. A major advantage would be ethical hacker training.

Trilight Security offers for outsourcing trained security investigators with experience obtained in extremely different IT environments.

Read more about SOC team composition and SOC-as-a-Service