Roles and responsibilities in Threat Intel Management

Abstract

Roles and responsibilities in a Threat Intel Management environment.

A Threat Intel Management (TIM) analyst may have a different persona in the SOC. In some organizations, the TIM analyst is part of the SOC analyst’s definition of work, but they have different workflows and use cases. The daily work of SOC analysts and TIM analysts are different.

Roles

Responsibility

Security Analyst (SOC Tier-1)

  • Triage Specialist

  • Monitor, manage, and configure security tools

  • Review cases to assess their urgency

  • Escalate cases when necessary

Threat Intel Analyst (SOC Tier 2-3)

  • Case responders and threat hunters

  • Remediation of escalated cases from Tier 1 - investigation, response, and assessments

  • Proactive work to remove infrastructure weaknesses