A Day in the Life of an IT Security Analyst
The IT Security Analyst arrives at the office 15 minutes before his shift begins. This allows him to take over seamlessly from his counterpart in the previous shift and review the handover notes.
The Analyst officially starts his shift by checking the handover from the previous shift. He reviews any ongoing alerts or issues that need immediate attention.
The Analyst follows up on any unresolved tickets and alerts handed over from the previous shift. He ensures that all ongoing security incidents are being addressed and documents any progress made.
The Analyst begins monitoring security alerts using the SIEM tool and IPS/IDS solutions and EDR tools. His role involves identifying, investigating, and responding to security alerts as they appear.
Upon identifying an alert, the Analyst conducts a thorough investigation. He reviews the alert details, assesses the threat level, and determines the appropriate response. If necessary, he escalates the issue to the relevant support team.
He also works on monthly patching, uses patching tool and applications to monitor the patching status of all Windows-based systems, addressing any patch failures by redeploying patches or escalating as needed.
As the first past of the day ends, the analyst takes a short break to refresh and prepare for the next set of tasks.
The Analyst reviews vulnerability reports from vulnerability assessment tools. He parses through these reports to identify any critical vulnerability and escalate it to Patch admin.
The Analyst checks the status of firewall and ensures all devices are functioning correctly (healthy state).
The Analyst used multiple tools such SIEM, Check point, Firewall to investigates any anomalies and takes necessary actions to mitigate risks.
The Analyst documents top 5 users for account lockout and failed authentication and escalate the same to HQ team.
The Analyst verifies the containment functionality of tools like IPS, EDR and MFA. He resumes his routine, monitoring alerts from all the tools. He ensures any identified threats are promptly addressed. He reviews tools like VA and PT for any active scans. He identifies any areas of concern and takes proactive measures to enhance security.
In the second half of the day, the Analyst takes a short break to relax and prepare for the final tasks of his shift.
The Analyst conducts a check, using phishing tools to identify any phishing email reported by user. He ensures all emails are sandboxed and categorized as clean.
The Analyst prepares detailed notes for the handover to the next shift. He summarizes all activities, alerts, and any critical issues that need immediate attention to ensure a seamless transition.
Final monitoring and checks are conducted to ensure no issues are left unresolved.
The Analyst finalizes the handover, ensuring the next shift is fully briefed on the current status of all systems and any ongoing issues. This ensures continuous monitoring and security coverage.
The Analyst shift officially ends, and he hands over his duties to the next team, ensuring they are well-prepared to continue monitoring and addressing any security alerts.
The Analyst used multiple tools such SIEM, Check point, Firewall to investigates any anomalies and takes necessary actions to mitigate risks.
