Tier I SOC Analyst Interview Questions. What are some good questions to throw at candidates? Only have 30 minutes for the interview.
What are common tasks that your soc does?
Ask them if they have experience with a siem?
Give them a scenario to see their process of handing an issue. A user has logged into a computer in an area they should not have access to, how would they investigate it? An alert popped how would they verify it or say it’s a false positive?
What is the difference between an IDS and an IPS? Provide some use cases for one over the other.
Don’t ask questions, but give them a simple solution to fix ☺️
I really like to see more practical hand-on during a job interview.
What does anti-virus do?
What is MFA?
If you want to test their communication:
Give them a scenario, e.g. vuln scan has found a domain controller’s RPC, DNS, LDAP open to the internet. Ask them to come up with written advice to a client.
Give them a half filled template with the findings filled in and ask them to explain the risk and offer remediation.
I like triage-based questions to see how they think and approach problem solving.
Hack the NSA. Go!
Here’s a post I made when I was going through the interview process
But you’ll more than likely want the top comment where a interviewer listed their question bank
Everyone should be able to explain its own job in simple terms to 9 years old child. Ask your candidate to do so in 2 min.
You’ll see what does he/she considers as absolutely essential in the job.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Username or Email Address