Show pagesourceBack to top Share via Share via... Twitter LinkedIn Telegram Yammer RedditRecent ChangesSend via e-MailPrintPermalink × Table of Contents General tips see also network security roles SOC (Security) Analyst Security Engineers SecOps Engineers Threat Intel Penetration testers Incident Responder Compliance Team Firewall and/or IDS/IPS Engineers Patch Management DLP Analysis Security Architect End user education/communication/training Network Security (NetSec) General tips Use VLANs for segmenting the network (guests, file servers, IoT devices) Use separate WLAN SSIDs for guests use 802.1x/RADIUS see also in this wiki: Network Hacking Security (Admin) Operational Security Privacy 🇩🇪 Windows Security Reddit: r/netsec r/AskNetsec network security roles SOC (Security) Analyst Typically tiered Jr./Sr. or by levels. They are typically SOC monkeys with differing levels of responsibility but they typically stare at a SIEM and close alerts. Security Engineers again typically tiered. This is the team that maintains the security tools. They fix the SIEM or Vulnerability Scanner etc. Thus role typically specializes into a specific tool set such as SIEM, AV, vuln scanners, etc. SecOps Engineers they build custom tools, build plug-ins or other automation tools. Threat Intel they either find their own threat information or correlate existing information into something relevant their soc team or management can use or understand. Penetration testers also called a red team. They are the team that actively attacks a defended environment to find gaps, vulnerable systems or misconfigurations that automated tools miss. Incident Responder typically the team that manages or works security events that are escalated to breaches or incidents. Compliance Team typically deals with audits. And ensures that the technical security controls and configurations meet the applicable requirements for requirements. Firewall and/or IDS/IPS Engineers manage the firewall and or IDS/IPS rules and exceptions however this could be done by the network team too… Just depends on the organization. Patch Management could either be a security person or a good systems/application team. This person ensures all patches are applied based on their risk. DLP Analysis checks or verified DLP alerts to ensure the data being sent is a for a valid purpose and/or sent in a secure method. Security Architect designs organizational security architecture, selects products, reviews and recommends staffing skills, reviews and recommends policy. Obviously not many of these folks around, relative to the groups you identified, though. End user education/communication/training Last modified: 2023-05-08 10:02