NW: Identify Your Role

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Mar 27, 2018
Version 6Show Document
  • View in full screen mode

The roles listed here are the typical roles or functions of a Security Operations Center (SOC). Determine the role or roles that you perform in the SOC. You can use these functions as a guide to decide how to set up and navigate NetWitness Suite so that you can efficiently perform your job tasks.

Image of SOC team    SOC Manager (SOC Management and Reporting)

Data Privacy Officer


  • Manage SOC Readiness
  • Respond to Incidents
  • Respond to Data Breaches

Monitor and protect privacy and sensitive information

Incident Responder (T1 Analyst) Threat Hunter (T2/T3 Analyst) Content Expert (Threat Intelligence) System Administrator
  • Respond to Incidents
  • Remediate incidents
  • Hunt for threats

  • Conduct forensic analysis

  • Recommend issues for remediation

  • Remediate issues

  • Investigate new threat intelligence

  • Evaluate and create new feeds

  • Create correlation rules to flag indicators of compromise

  • Install and configure equipment and software.

  • Manage user access

  • Monitor and fine tune performance

  • Backup and restore data

  • Manage storage and archives

  • Update software

  • Create reports for regulatory compliance

Previous Topic:Changing Your Password
You are here
Table of Contents > Identify Your Role