The Threat Analyst is an intermediate Subject Matter Expert in Cyber Security. They are an experienced Security Analyst which understands the more advanced features of security tools and has a thorough understanding of networking and platform architecture, such as routers, switches, firewall, security, etc. They have the ability to dig through and understand various logs such as Network, Firewall, Proxy, Application, etc.
The Threat Analyst profile gives the analyst all the same features as the SOC Analyst and additionally provides access to scripting, SQL, and CLI.
Generally, the responsibilities for the Threat Analyst would include:
- Investigating more complicated events
- Investigating escalated alerts
- Investigating breaches
- Taking the necessary steps to remove/quarantine malware, a breach or an infected system
- Hunts for malware attacks
- Investigating more complicated attacks like APTs (Advanced Persistent Threats)