Interviews (Saga of SOC Analysts/Cybersecurity Analysts(Part 2)

I had written about the interviews and my thoughts on how can one be more prepared to crack the SOC analyst interviews. In the previous post I think it was bit generic, so I felt that I should provide more specifics for people to improve their skills and increase their chance of succeeding.

As previously mentioned, interviewers generally start of asking the basics, what you do on a daily routine and then depending on the answers the candidate (that is you) provide, dig deeper and ask more questions to understand whether you a good fit for the role or not.

To begin with, I generally ask the candidates to briefly introduce themselves and explain their current roles and responsibilities so that I get a sense of what they do and then take it forward accordingly. This is an area where I see lot of candidates not being impressive or not doing great. What I mean is that folks tend to speak a lot and make the interviewer lose interest. This answer has to be basically concise and crisp and at the same time give an overview of what your daily job looks like and some tinge of yourself as a person. You should not typically take more than 2–3 minutes.

For example: As a security analyst and being with L1/L2 team my daily job involves monitoring different alerts and in case of an incident, create a ticket, provide my findings, escalate it to the next level or take the necessary IR steps to close it out(depending on your role). Some of the different alerts I handle are X, Y, Z. If you are having couple more responsibilities that you handle you can mention that. Apart from that you can also mention something that holds your professional interest or some sort of a side project you are working and then probably tell a bit about your personal stuff (may be hobbies, or something exciting which you did recently) and close off.

For example: I am interested in <your area of professional interest> and am doing this course or undergoing training and personally I love <your hobby> plus 1 or 2 more points about yourself. That’s it.

But often I see candidates stating like:

“Hi my name is XYZ, I have completed my graduation in XYZ college. Here in may day to day job I get alerts from SIEM. We are using XYZ SIEM. When I get alert, we will check in Virustotal and see if it is true positive or false positive. If it is false positive we close it otherwise we will escalate to L2 team. Then we also get DLP alerts and we get WAF alerts. We are using “XYZ” for email security and we get alerts regarding phishing mail, so we do that analysis also and then we handle EDR alerts and “XYZ” is the EDR tool blah..blah..blah” or some variations of these. Few people go as long as they can and I had to sometimes interrupt the candidate and ask my next question.

Lengthy answers can be really frustrating. If you keep it short and simple that goes a long way and definitely if the interviewer is interested to know more, he will follow up with questions for sure. Short and crisp answers also prove that you are an effective communicator.

Its not about a right or wrong answer and there is no standard pattern to this question but the key is to not bore the interviewer and sort of start the interview on a good or positive note.

Hope that this tip helps anyone reading this (in their next interview).