SOC analyst career path: Job description, levels and career progression
Cybersecurity careers can be as diverse as they are deep, offering professionals who are entering the field plenty of opportunities to explore their interests, continue to grow their skill sets and find their particular passion for keeping organizations safe against evolving cyber threats. One of the most common starting points for a cybersecurity career is a security operations center (SOC) analyst position.
SOC analysts must have a broad understanding of a range of security tools, systems and procedures. They play a key role in triaging potential incidents and using their organization’s tools to contain and remediate them.
But not every SOC position is the same; analysts can choose to specialize in specific tools or industries or, on a different path, take on roles addressing more complex technical challenges as they move up the SOC analyst tiers and into management positions.
What could your SOC analyst career path look like? This article will explore typical SOC analyst responsibilities and the potential SOC analyst career progression a cybersecurity professional could experience.
ChatGPT: Self-paced technical training
What is a SOC?
A security operations center is a team of security professionals who use a network of sensors, security tools and monitoring equipment to proactively identify, evaluate and remediate potential cybersecurity threats. Based on understanding “normal” network activity, SOC analysts use their tools and processes to detect anomalous activity, providing 24/7/365 detection and response capabilities.
While some SOCs work in dedicated spaces that serve as a threat intelligence hub for an organization, modern tools and technologies have made it possible for SOC analysts to work in a more distributed environment, coordinating with one another remotely.
Some of the key roles that a SOC can play include:
- Network monitoring
- Vulnerability research and patching
- Threat detection
- Incident response
- Reporting
- Risk management
- Compliance
Required skills for SOC analysts
Working as a SOC analyst offers cybersecurity professionals a fast-paced, collaborative, and challenging career path that offers plenty of opportunities to continue to learn and advance in seniority while gaining more experience. SOC Analyst Level 1 roles are great entry points into the security field for those with the foundational skills learned in the classroom, on the job or via certification programs.
Typically, SOCs look for analysts with some combination of the following technical and non-technical skills:
- Networking concepts, including TCP/IP, routing and switching
- Cybersecurity best practices, techniques and tools
- Coding and database languages
- Firewall management and intrusion detection systems
- Windows, Linux and UNIX operating systems
- Vulnerability testing and reverse engineering
- Critical thinking
- Communication skills, both verbal and written
- Ability to work independently and as part of a team
- Flexibility and a willingness for continued professional development
Because of this unique combination of skills, the median salary of an SOC analyst reached $102,600 in 2021, based on Bureau of Labor Statistics data.
What can a SOC analyst career path look like?
SOC analysts are the first line of an organization's digital defense, constantly responding to anomalies and threats, researching new vulnerabilities, and coordinating with other network and computer engineers to protect assets and data.
A SOC team is a tiered structure of managers, security architects, network engineers and SOC analysts. This structure helps organize the work based on level of effort, complexity and experience, with those at tier 1 typically serving as SOC analyst entry-level jobs. As they gain more experience, a SOC analyst at tier 1 can move up to tier 2 and higher.
While the roles can vary, common areas of focus include:
- Security analyst level 1 / tier 1: Triage — Reviews new alerts and categorizes them into events that can be handled at their level or that require escalation to level 2. Analysts at this level also review user activity and alerts from security tools to identify new events and determine which represent real potential threats.
- Security analyst level 2 / tier 2: Incident response — Handles higher-complexity incidents presented by tier 1 by conducting investigations of affected systems, reviewing logs, focusing on containment and initiating remediation actions. Analysts at this level can also participate in root cause analysis, system restoration activities and developing reports on security issues.
- Security analyst level 3 / tier 3: Threat hunter — Uses internal and external threat intelligence to search for anomalous behavior, test security controls and perform advanced asset protection. Tier 3 analysts work proactively to find weaknesses through penetration testing, vulnerability assessments, and regular reviews of security controls.
- Security engineer/architect: Leads the implementation and management of monitoring and threat analysis tools, including software and hardware solutions. These professionals also assist in developing the key processes and procedures followed across the different tiers.
- SOC manager: Leads the SOC, including personnel management and overseeing all operations. The SOC manager can also be responsible for managing the budget for the SOC, identifying enhancements to overall SOC functions and coordinating the response to major security events.
ChatGPT: Self-paced technical training
Learn more about SOC analysts
Everyone’s path into the cybersecurity field and journey up the career ladder is unique, especially in the SOC analyst cadre. However, several established resources can help those interested in breaking into the field and beyond, ranging from certification programs to in-depth boot camps and even on-the-job experience. Check out our SOC analyst career hub to see more resources.
Whatever combination of formal education and work experience you pursue, you will find that, when working in a SOC, you will constantly be learning from others and the technical challenges you face. This can make for an exciting and rewarding career path, and beginning your career by working in a SOC sets you up for plenty of more senior and higher-paying opportunities.
Sources:
- Occupational Outline Handbook: Information Security Analysts. Bureau of Labor Statistics. May 2021.
- What is a Security Operations Center? Crowdstrike. March 11, 2021
ChatGPT: Self-paced technical training
In this Series
- SOC analyst career path: Job description, levels and career progression
- Threat hunter
- Cybersecurity analyst (SOC analyst) interview questions and answers
- How to become a SOC analyst: Training, certifications and other resources
- Security operations center: 5 key functions your SOC should perform
- SOC analyst resume tips [updated 2022]
- SOC analyst salary: Entry, mid and senior analysts’ earnings in 2022
- Degree vs. certification: Best path to become a cybersecurity analyst
- Cybersecurity analyst job description
- Skills and experience needed to support a CSIRT, SOC or SIEM team
- How to structure your CSIRT or SOC team
