NW: Identifying Your Role

Document created by RSA Information Design and Development on Sep 18, 2017Last modified by RSA Information Design and Development on Jul 8, 2019
Version 9Show Document
  • View in full screen mode

The roles listed here are the typical roles or functions of a Security Operations Center (SOC). Determine the role or roles that you perform in the SOC. You can use these functions as a guide to decide how to set up and navigate RSA NetWitness® Platform so that you can efficiently perform your job tasks.

Image of SOC team    SOC Manager (SOC Management and Reporting)

Data Privacy Officer


  • Manage SOC readiness
  • Respond to incidents
  • Respond to data breaches
  • Monitor and protect privacy
    and sensitive information
Incident Responder (T1 Analyst) Threat Hunter (T2/T3 Analyst) Content Expert (Threat Intelligence) System Administrator
  • Respond to incidents
  • Remediate incidents
  • Hunt for threats

  • Conduct forensic analysis

  • Recommend issues for remediation

  • Remediate issues

  • Investigate new threat intelligence

  • Evaluate and create new feeds

  • Create correlation rules to flag indicators of compromise

  • Install and configure equipment and software

  • Manage user access

  • Monitor and fine tune performance

  • Backup and restore data

  • Manage storage and archives

  • Update software

  • Create reports for regulatory compliance

Previous Topic:Changing Your Password
You are here
Table of Contents > Identifying Your Role