Basic incident investigation is performed by the Helpdesk analysts but they are not dedicated or properly trained to perform this role. Most SOCs use university educated analysts with knowledge and experience with pen testing and cyber incident response.