LinkedInX (ex-Twitter)

Roles and Their Requirements

Primary mission: The SOC analyst monitors the organization's information systems to detect suspicious or malicious activity. They identify, categorize, analyze, and qualify security events in real time or asynchronously, based on threat analysis reports. They also support incident response teams in handling confirmed security incidents.

Tools required:

  • Log visualization and correlation

  • Quick IOC analysis (hash, IP, domain)

  • Simple attack simulation to test detection rules

  • Network utilities (Wireshark, whois, curl, etc.)

Beginner Friendly: Yes

DFIR Specialist (Digital Forensics & Incident Response)

Primary mission: This professional intervenes after a confirmed incident to determine its cause, assess the impact, and preserve digital evidence. DFIR typically combines two roles:

  • Digital Forensic: Preservation, extraction, and analysis of digital evidence (disks, logs, memory)

  • Incident Response: Attack analysis, containment, remediation, and feedback

Tools required:

  • Forensic acquisition (disks, RAM)

  • Artifact analysis (MFT, system logs)

  • Memory investigation and timeline creation

Beginner Friendly: No (N2 level minimum)

Threat Intelligence Analyst

Primary mission: The threat intel analyst collects, qualifies, and contextualizes threat-related information. They monitor threat actors, targeted campaigns, and indicators of compromise (IOCs). Their work is essential to detection and response teams.

Tools required:

  • OSINT collection and IOC enrichment

  • Static or dynamic malware analysis

  • Integration with platforms like MISP, Yeti

Beginner Friendly: Possible with supervision

Defensive Pentester

Primary mission: This role simulates realistic attacks to test an organization's detection and response capabilities. They contribute to improving SOC efficiency by confronting it with adversary-like scenarios.

Tools required:

  • MITRE ATT&CK emulation

  • Simulated attack campaigns

  • Sigma / YARA rule testing

Beginner Friendly: No (requires offensive/defensive experience)

Other Blue Team Roles (according to ANSSI)

Category
Role
Beginner Friendly

Detection & Supervision

SOC Manager

No

Response & Investigation

CSIRT Manager, Cyber Crisis Manager

No

Technical Expertise

Defensive Cybersecurity Consultant

Depends on experience

PreviousOS for Blue Team workNextOverview of Distributions by Use Case

Last updated