all right so welcome everyone in this video we are going to talk about must have keywords for every sock analyst resume let's admit the fact the point is it doesn't matter how good you are for a specific job role maybe but if your if your resume is not up to the Mark you are not going to go to the interview itself so better focus on your resume make sure you have all the relevant keywords required for a sock and analy job role without taking much time let's get started let's get started so these are the
13 musthave keywords for every sock analyst resume okay so we are going to start from first and up to 13 13 is very very important guys to be with me till the end okay let's talk about the very first keyword that you should have in your resume you must have in your resume it's incident response incident response talks about uh is majorly FOC Fus on the sock level two role but uh you even if you are applying for a level one role you should be familiar with what you know inser response process really looks like
it includes multiple steps from preparation to detection to analysis for example if if there's a ransomware attack how would you isolate your machine or how would you contaminate your content perform the contentment into the network how would you eradicate a malware from the network perform the recovery perform the uh incident report as well so that's all covered in the incident response next keyword is threat hunting now threat hunting can be of two types it could be either Proactive or reactive uh when you do it reactive way it's a part of uh incident response but when
you do it proactive it's a dedicated work all together usually in the large organization this is handled by a dedicated team or sock analyst level three team uh they perform the proactive threat hunting uh you know uh where they uses multiple Frameworks as well they uses multiple uh you know methods as well miter attack framework is also leveraged cyber Kil chin process used there are multiple tools which are used for this including velocity Raptor or osquery or in fact some of the latest edrs are also having this capability it involves a lot of queries involves
a lot collecting a lot of data as well let's talk about the number three which is uh Sim now Sim is very very important this is the heart of the entire sock Security operation Center The Heart Is sock sorry the heart is Sim okay so the SIM can be of Splunk it could be IBM Q radar it could be of securx it could be Microsoft Sentinel or maybe logorithm uh currently it is examing so you have to have either one of the Sim in your rume or at least have this as a keyword even if
you haven't really worked with the actual Sim uh make sure you do the lab practice you you do some home lab with this plank you can find some free Labs uh free home lab set up in the link description below and um have either Splunk Sim make sure you have SIM as a keyword or you can work with the Microsoft senting as well so these These are the Sim you can get some handson with even as a free or evaluation softwares as well then you need to make sure your resume has idas intrusion detection system
now it is it can be compared with the IPS as well you I I could say you should also add IPS as well but remember this uh that every every you need to make sure IDs is there because IDs is a very important and crucial component of any cyber security operation it's basically collects the data monitor all the anomalous Behavior into the network and uh but it will not take take the action itself rather it will notify the admin Z sock analyst to take the further action to perform the incident response to perform perform either
the threat hunting or security investigation further there are multiple ideas solution in the market that some of them are commercial some of them are open source some of the open source product are snot and suata and um uh the the commercial softwares could be your EDR your U you know Firepower is also having snot Enterprise license checkpoint IPS is also very popular so this can be leveraged uh number five is vulnerability management now vulnerability management is a very very important component usually in most of the organization uh sock team itself handle the vulnerability management as
a part of vulnerability management you perform a vulnerability scanning and find out the vulnerabilities on certain application you then uh perform the vulnerability analysis prioritize those vulnerability and assign it to the respective team okay so that's the major job rule there are multiple tools involved with this you have tenable you have colis you have rapid 7 software as well so yeah you must have the keywords next number six is malware analysis although this is majorly useful for so analys level two but it is good to have this in your resume because uh you know this
is again a very very important role because let's say you you got an alert by saying that the file or there's a suspicious file or this email got into the spam folder and now you have to analyze this email as as a part of fishing analysis right so you have to submit this file sample perform the analysis not by using multiple static or different tools but you can use these some sandbox like any run or virus total to submit this malware sample and understand if it is really malicious or not okay number seven is the
sock of course if you're applying for a sock analys role you must have sock as the keyword in your resume no choice right next log analysis now this is the this is very very important thing to have in your resume give me one second let me exit this perfect yeah so log analysis is very very important because whatever happen in your network if you if you have to perform security investigation you have to look at the locks even when you have Splunk right you perform the security investigation you practically analyze the logs the logs could
be from the Linux machine as the a log it could be sis log from the M from the S Linux machine or maybe Apache log or MySQL logs you have to perform certain investigation or maybe it's a Windows log maybe you are analyzing the syston alert so you have to be very very com you know comfortable with the log analysis process you can use different tools for log analysis one which is very common is of course Splunk for performing the uh log analysis process right next network security remember network security is a wide uh domain
I mean there's a firewall involved uh IDs IPS also comes into the network security DNS security is also part of network security so make sure you have this keyword because you have to be a confident about what is IDs IPS and network security is a very common keywords used by almost every ATS system right next 10th is the Cyber thread intelligence so cyber thread intelligence the very important activity in the sock operation uh you know thread intelligence feeds cyber thread intelligence could be of different types it could be strategic it could be operational it could
be tactical on the operational on the sorry on the Strategic level it is majorly consumed by the CEO's Management on the Tactical level it is majorly consumed by the sock analyst so it could be malicious domain or malicious IP address command and control IP address or domain as well or maybe file sample or Hash Hash value as well right 11th is sore s if Sim is the heart of the sock s is the brain okay so s is very very important because it actually uh integrate all the security tools in the network and also orchestrate
it and most important it's actually automate the security activity why it is needed because it actually uh you know um bring down the overall overall uh time for any sock analyst uh you know uh in a way if I tell you in the simple way it's actually uh reduces the overhead of the network it's U if you look at the stock analyst they often get involved in the recurring activi very common uh common type of activity which takes a lot of time is the fishing analysis right so on those situation they tend to spend a
lot of time in understanding if it's a false positive or the real alert with tools like s which you know automate quite a lot of thing which let's say you have an email uh marked as um suspicious email right so as an as a sock analyst I might go to that email download their attachment and probably you know maybe I take the sample um then upload to the virus total and all those stuff maybe I keep it into the uh control envirment and everything I can actually automate this with S I can actually submit uh
this file to the virus tole and get the response or I can also perform the enrichment by itself so it can be automated and and it saves quite a lot of time so keyword number 12 is security monitoring of course security monitoring is the integral part of it you have to monitor active directory security alerts you have to monitor Docker kubernetes your sap application your SAS application your uh you know Azure Cloud infrastructure security alert so this is very important the most important keyword you must have in your resume which is 13th it's actually EDR
make sure you have at least one EDR in your system uh it could be crowd strike it could be Microsoft Defender for inpoint Sentinel one if you haven't worked with them it's okay it's completely fine but make sure you at least uh do a lab testing you set the any of this EDR solution in your home lab and learn about it and then you can add in your resume because if you don't have it I mean of course you should have EDR as the keyword but you should also name few of the EDR tool as
well maybe Microsoft defender or maybe wazu or waza tool as well in your in your resume as well so you have to show if as you know you have a real world experience or maybe a lab experience or you at least know what EDR is if you're applying as a fresher then you you can do the home lab uh but if you are uh you know if you're going for a level two role make sure you are confident about about how to use that tool effectively all right so these are all the 13 must have
keywords for sock analys resume if you have any question do let me know in the comment section below I would love to help you out thank you [Music]
