SOC analyst careers

What is a SOC?
Cybersecurity analysts and other cybersecurity professionals often work in a security operations center, also known as a SOC. The SOC is the central hub of an organization's cybersecurity function, and the people, processes and technology that make up the SOC are responsible for detecting, analyzing and responding to cyber incidents.

What is a SOC analyst?
SOC analysts are the people who use those tools to detect, analyze and respond to threats. Essentially, they are the cybersecurity first responders that are on the frontlines of a cybersecurity team.

What is a NOC analyst?
You may have also heard the term network operations center, also known as a NOC. A NOC is focused on the IT side of an organization's infrastructure rather than the security side. A NOC analyst and others on the NOC team are primarily responsible for maintaining uninterrupted service and optimizing network performance. Although both a NOC and SOC are related to business risk and organizational stability, they serve two different functions.

SOC analysts are often organized into tiers based on experience. How you define a SOC level 1 analyst vs. a SOC level 2 analyst can vary based upon the organization and how the SOC is structured. However, it's typical to have three tiers, plus management:

• SOC analyst tier 1 is a name for an entry-level SOC analyst or junior SOC analyst. Alerts that come from the SIEM usually flow to a tier 1 SOC analyst to prioritize and investigate.
• SOC analyst tier 2 is a more experienced position. They deal with perceived threats or challenging cases that are escalated from their tier 1 coworkers. They are sometimes referred to as cyber incident responders.
• SOC analyst tier 3 is a more senior position. They often have a more proactive role of hunting down and identifying threats vs. responding to known issues. Because of this, they are sometimes referred to as cyber threat hunters.
• SOC manager is the leader of the entire SOC team. They are responsible for setting the strategy, as well as hiring, training, reporting and communicating metrics to other stakeholders in the organization.

A SOC team may also include security engineers or security architects. Additionally, the roles within a SOC may have different names depending on the organization. For example, SOC analysts are often referred to as security analysts, cybersecurity specialists, incident analysts or cyber defense analysts.

What do you need to learn to be a SOC analyst? The primary duty of a SOC analyst is to monitor network traffic for cyber threats, so typical duties revolve around using tools to collect, analyze, filter or restrict traffic to the network. Infosec Skills author Mike Meyers has a number of videos demonstrating these tools. See them in action below:

• How to use Wireshark for protocol analysis: Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump
• How to use Nmap and other network scanners: Learn how to use free network scanning tools like Nmap, Zenmap and advanced port scanner to discover what's on your network — or someone else's
• 4 network utilities every security pro should know: Command-line utilities are useful in a variety of scenarios. Learn how, and when, you can use Ping, Netstat, Traceroute and ARP
• How to configure a network firewall: Learn the basics of setting up a network firewall, including stateful vs. stateless firewalls, setting up access control lists and more

For more information, read our SOC analyst job description article.

As noted above, there are a number of free open-source tools that are commonly used by SOC analysts (see "SOC analyst tools" and "What is a typical task for the SOC tier 1 analyst?"). When employed as a SOC analyst, you may also encounter popular commercial tools, such as:

• Solarwinds Security Event Manager
• Solarwinds Log Analyzer
• Splunk Enterprise Security
• LogRhythm NextGen SIEM
• Alienvault Unified Security Management
• Sumo Logic
• McAfee Enterprise Security Manager
• LogDNA
• Datadog

Since an entry-level SOC analyst's primary duty is to look at alerts and logs, you should get comfortable with network analysis tools, packet crafting tools, instruction detection and prevention tools, SIEM tools like Splunk, and logs from firewalls, email, web and DNS.

Cybersecurity never stops, and many SOCs operate all day, every day, year-round. How the SOC schedule is set up may vary depending on an organization's size, reach and preferences. For example, a global organization may have teams spread across different time zones so that most analysts work a typical first-shift schedule. Other organizations may have SOC analyst night shifts and overnight shifts to ensure staffing 24 hours a day.

Some common SOC schedules for a week:

• Five, eight-hour shifts totaling 40 hours
• Four, 10-hour shifts totaling 40 hours
• Rotating 12-hours shifts (one example is the Panama schedule, which has four teams working 12-hour shifts on a 14-day schedule: 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off)

Some organizations may require more than 40 hours during certain circumstances (e.g., a major cyberattack) or require on-call shifts to help ensure continuous coverage.

Wondering where to find SOC analyst jobs? You can search all of the popular job boards for "SOC analyst" — or related names like "security analyst" or "cybersecurity specialist." Find hundreds of open jobs here: Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder.

There are also cybersecurity-focused job websites like infosec-jobs.com, ClearedJobs and others.

Cybersecurity groups and associations like ISSA, ISACA or Women in Cybersecurity are another great way to network and find potential job openings. You can also try attending local meetups or connecting with other cybersecurity professionals on popular cybersecurity discussion boards.

According to salary.com, the average SOC analyst salary (base) in the United States in 2022 is $93,888, and the average base salary range for all SOC analysts falls between $79,968 and $112,461. When looking at total compensation, which includes annual incentives like bonuses, the average jumps to $100,200 and the range to between $83,851 and $125,131.

Payscale reports a wider range of pay, with entry-level security analysts earning total compensation of around $61,000 and the most senior (20+ years) security analysts earning $95,000.

Salary can also vary quite a bit based on job location, benefits and other factors. However, based on these reports a SOC analyst tier 1 salary can expect to fall somewhere in the range of $60,000 to $90,000.

Paid training courses can be a great way to build your SOC analyst skills, but it's entirely possible to learn everything you need to know for free. Try exploring:

• SOC analyst blogs: Hundreds of personal and commercial blogs offer technical walkthroughs of free and paid tools, break down career journeys and provide other valuable resources
• SOC analyst podcasts: Weekly podcasts like Cyber Work provide insights from those in trenches about what it's like to actually work as a SOC analyst and other roles
• SOC analyst books: Rent popular cybersecurity books from your local library, whether you want to learn cybersecurity basics, find your career path, earn an entry-level certification or jump-start your SOC analyst career
• Social media: Follow thought leaders and connect with potential mentors on places like LinkedIn, Twitter, YouTube, TechExams and other platforms