1

I was researching about what job position is related with ethical hacking. I found something like SOC and NOC, but I got a little bit confused.

I know SOC tier 1 does programming tasks and information gathering, tier 2 is the same as tier 1, but a little bit offensive, but however tier 3 is a bug hunter.

Does a NOC do daily penetration testing or is it only in a SOC?

Anders
  • 64,406
  • 24
  • 178
  • 215
  • 1
    Every SOC and NOC is different. There are SOCs that do not do any programming, no offensive work, and no bug hunting. – schroeder Sep 30 '17 at 21:03
  • 1
    Additionally, "ethical hacking" is a vague and problematic buzzword. If you're looking for pentesting work, why not go for a pentesting firm? – Tobi Nary Sep 30 '17 at 21:05

3 Answers3

1

If you are looking for job titles, then the one you used as a tag is the most relevant: penetration tester.

SOCs and NOCs might not do any 'hacking' at all.

schroeder
  • 123,438
  • 55
  • 284
  • 319
1

You need to read the job descriptions carefully as every company slices these things differently. Different shops mix terms up different ways. That said (IME):

  • NOC: Network Operations Center: Concerned primarily with networking operations, focused on route/switch/wlan, with security as a secondary function.
  • SOC: Security Operations Center: Concerned primarily with security operations.

It frankly sounds like you're looking at one firm for your definition of tier 1, 2 & 3. More generally, tiers look something like (IME):

  1. First line analysts: initial data collection, triage of data, determine what to elevate for more detailed analysis.
  2. Experienced analysts: deep dives on particular findings, followup with more sophisticated techniques, often generating final customer deliverables.
  3. Elite analysts: custom pentests based on client specific requirements, R&D and next gen techniques.

For a pen test firm, most Tier 1 functions are pretty automated, or they're loosing money. So I wouldn't expect a tier 1 at a mature, successful pentest firm to be doing more than a modest amount of ad hoc programming work; they've got a well practiced playbook and toolset that they'll be following. Tier 2 folks will be expected to be able to ad lib at will, so if that's your goal, that's where you want to be.

KJ Seefried
  • 121
  • 2
0

From a security Operations center standpoint they may touch on many aspects of offensive security and pentesting, and may also internally have an in incident response team that conducts forensics.

Job titles usually have alot of buzz words thrown in them, building on the previous answers here it seems like you are aimed towards threat hunting / vulnerability analysis / pentesting.

Anders
  • 64,406
  • 24
  • 178
  • 215
TSE
  • 1
  • 1