SOC Analysts: What Are They And How Do You Become One?

Thinking about stepping up your cyber security game, gaining some new skills and exploring new career paths, but not sure what to do next?

Well, if you're either just starting out, or currently tackling cyber security challenges solo for a small company, then becoming a SOC analyst might just be your next big career move!

And I know what you’re thinking:

• I’ve heard them mentioned, but what exactly is a SOC Analyst?
• What do they do?
• Is it a good job?
• Does it pay well?
• What skills do I need to get hired as one?

Don’t worry!

In this guide, I’ll answer all of these questions and more, as well as explain what a SOC is, how analysts fit into this (as well as other cyber security roles), why a SOC is crucial for modern large businesses, and more.

Now only that, but we’ll look at the specific skills needed for this role, as well as recommendations of where and how to learn them.

So grab a coffee and a notepad and let’s dive in!

What is a SOC Analyst?

In simple terms, a SOC analyst is a cyber security expert who works inside of a SOC or ‘Security Operations Center'.

The role can vary slightly depending on what level of analyst they are, but it can also vary based on the size of the company.

To explain it better, we need to look at how an SOC actually works, and the tasks inside of them, so let's get that first.

What is a Security Operations Center (SOC)?

A Security Operations Center (SOC) is a centralized cybersecurity unit within a company, dedicated to addressing security issues at both an organizational and a technical level.

Their main goal is to perform continuous, 24/7, systematic monitoring and analysis of an organization's security posture to detect and respond to cybersecurity threats effectively.

Some of which are proactive, while other tasks are reactive.

Key functions of a SOC include:

• Continuous Monitoring: The SOC is responsible for the ongoing surveillance of an organization's networks and systems to identify, analyze, and respond to cybersecurity threats in real-time
• Incident Response: SOC teams manage security incidents, coordinating responses to mitigate and recover from cyber threats, from initial detection to recovery strategies post-incident. This is usually done in a tiered response with multiple SOC members (more on these roles in a second)
• Digital Forensic Analysis: In the event of a security breach, SOC analysts will also conduct digital forensic analysis to determine the root cause of the incident, gather evidence and understand the extent of the damage. This helps in preventing similar incidents in the future and strengthening the organization’s security posture
• Security Auditing: Regular security audits are also conducted to ensure that the organization's security measures meet required standards and to identify and address vulnerabilities promptly
• Threat Intelligence: SOCs need all their members to be on top of their game, and so will regularly engage in learning and updating their skills, as well as analyzing information regarding emerging threats and cybercriminal tactics to proactively protect the organization from potential security risks
• Compliance and Reporting: SOCs also play a crucial role in ensuring organizational compliance with current and upcoming cybersecurity laws and regulations, preparing detailed reports on security status, incident handling, and compliance for internal management and external regulators

As you can see, the SOC functions as a vital component of an organization's cybersecurity infrastructure, offering a focused and coordinated defense against cyber threats.

However, it’s probably a little different to what you might have experienced so far in your career, both in terms of team size and specific skills and roles, so let’s look at this in more detail.

What are the different roles within a Security Operations Center?

In theory, there are 6 key roles within an SOC, with tiered levels to some of those roles.

However, the reality is that the structure and distribution of roles within an SOC can vary significantly based on the organization's size and available resources.

• In smaller organizations, individuals may take on multiple roles due to resource limitations
• Larger organizations tend to have more specialized roles for deeper expertise in cybersecurity areas
• Then when you get to very large Enterprise level or mature organizations, they may even further specialize into teams dedicated exclusively to network security, endpoint security, and cloud security within the SOC

Some key roles typically found within a SOC include:

The SOC Manager

This role oversees the entire SOC operations, manages the team and resources, ensures performance and security goals are met, and collaborates with other organizational units on security issues.

SOC Analysts

These are the front-line professionals responsible for monitoring security systems, analyzing alerts, and detecting potential threats, and the goal of our guide.

We’ll cover them in more detail later (such as skills and salary, etc), but SOC analysts are often categorized into different levels based on their expertise:

• Level 1 SOC Analyst (L1): Engages in initial alert monitoring, triage, and determines if further investigation is warranted.
• Level 2 SOC Analyst (L2): Conducts in-depth analysis of escalated alerts, handles incident detection and response.
• Level 3 SOC Analyst (L3): Focuses on advanced threat detection, forensic investigation, and recovery, and develops and implements advanced defensive strategies and countermeasures

There’s a few reasons for this tiered system, but basically it comes down to filtering of threats, and managing of human resources.

Initial sorting and handling of alerts by Level 1 analysts ensure that only the most serious threats are escalated to higher levels, allowing more experienced analysts to focus on critical and complex issues without being overwhelmed by routine tasks.

That said, it also means that level 1 analysts get a lot of experience with early threat analysis and management.

Important: There are 4 more roles inside of a SOC that we haven't covered yet.

From the initial overview of the 3 levels of SOC analyst, you might think these other roles are possibly redundant. However, there are some subtle differences, as well as depth of focus, hence why these are also dedicated roles.

Incident Responders

Incident Responders are specialized in dealing specifically with confirmed cybersecurity incidents. Their main focus is on containment, eradication, and recovery, which requires a specific set of skills in incident management and crisis control, and restoring systems to normal operations.

While SOC analysts, especially at Level 2 and Level 3, may participate in some aspects of incident response, Incident Responders are dedicated to this phase and are trained to manage incidents from start to finish.

Threat Hunters

Threat Hunters proactively and continuously search for not yet identified threats that exist within the network. This role requires a proactive mindset and skills in advanced analytics, hypothesis creation, and deep knowledge of adversaries.

While Level 3 analysts may perform similar tasks as part of their role, Threat Hunters are solely focused on hunting, which involves more strategic and speculative searching than the typically reactive nature of SOC analyst duties.

Compliance Auditor

Compliance Auditors focus on ensuring that the organization meets all external regulatory requirements and internal policies. This role involves a thorough understanding of laws and standards, conducting audits, and working closely with legal, regulatory, and compliance teams.

This role is separate from the daily operational focus of SOC analysts and involves more interaction with compliance frameworks and auditing processes, which are typically not part of the regular duties of SOC analysts.

Security Engineer

Security Engineers are primarily responsible for the design, implementation, and maintenance of the security infrastructure. This includes the development and tuning of tools like firewalls, intrusion detection systems, and security software.

Unlike SOC analysts who use tools to monitor and respond to incidents, Security Engineers are focused on the technical development, configuration, and optimization of those tools.

Is a SOC Analyst a good career choice?

Since the SOC analyst role is more of an entry-level to mid-level role (depending on tier classification and experience), it's a great place to start a career in Cyber Security.

It's also a great role for people wanting to be part of a more structured and larger scale cybersecurity team.

Job demand

Bearing in mind that not every company will have a SOC, there are fewer roles available than broader cybersecurity positions. However, you will almost always be at a larger, more tech focused company.

With that out of the way, at the time of writing, there are currently 12,315 open SOC Analyst jobs available in the US.

Also, this is just what is available on a single job posting site, with many more options to search through.

How much do SOC Analysts get paid?

This can vary based on factors like experience, location, organization size, and specific job responsibilities.

The average SOC analyst salary for those 12,000+ jobs posted on ZipRecruiter is around $99,000+ per year.

That being said, a large section of those roles are at around $125,000+, but this is for SOC analysts at Level 2 and 3.

Do SOC Analysts need a degree?

Nope! While a degree in computer science, cybersecurity, or a related field is sometimes required for SOC analyst roles, most organizations will accept candidates based on a combination of education, certifications, and work experience instead.

Heck, here's a current SOC analyst job open at Google, and even they say that relevant similar experience is fine, instead of a degree:

However, if you don’t have a degree, you will need to show and prove relevant experience (from work and projects), as well as specific skills and certifications that prove you can do the job.

But people will degrees still have to have these things to prove their skills too.

So what skills do you need to show? Here are the most important ones.

What skills do I need to become a SOC analyst?

That Google job posting gives hints at a lot of these, but here’s a little bit more information.

Technical Skills

1) Networking and Systems Knowledge

You need to understand network protocols (TCP/IP, HTTP, DNS, etc.) and network infrastructure components (routers, switches, firewalls, etc.).

You'll also need experience with operating systems, particularly Windows, Linux, and UNIX, as well as the command-line interfaces for these systems.

2) Security Concepts and Tools

Knowledge of security principles, cybersecurity threats, attack techniques, and mitigation methods is vital.

You also need experience with security tools such as firewalls, antivirus software, intrusion detection systems (IDS), and intrusion prevention systems (IPS), as well as proficiency in Security Information and Event Management (SIEM) software.

3) Basic Scripting and Programming skills

You need to be able to write scripts to automate routine tasks and parse data.

Python is highly recommended for this, due to its ease of use and widespread support in cybersecurity tools.

Other useful programming languages might include PowerShell for Windows environments, Bash for UNIX/Linux, or even JavaScript for web-based threat analysis.

Analytical Skills

As you would probably have already guessed, you need strong problem-solving skills to identify, assess, and remediate security threats.

You also need an attention to detail to carefully monitor systems and spot out-of-the-ordinary behaviors, as well as the ability to analyze and interpret data from various sources to determine potential security breaches.

Soft Skills

1) Communication

You need to be able to clearly communicate security risks and incidents to both technical and non-technical stakeholders. This isn't just verbal though, you also need some writing skills for effective report writing and documentation of incidents and procedures.

2) Teamwork

Because the SOC is a team, you need to be able to colloborate with other team members and departments.

3) Adaptability and willingness to learn

The cybersecurity landscape is constantly evolving, so being able to learn and adapt to new threats and technologies is essential. You also need to want to learn about new tech and threats. Not everyone has this drive for continuous learning.

Certifications

1) CompTIA Security+:

This is an entry-level certification that covers basic cybersecurity knowledge and best practices.

It helps to stay up-to-date with new threats and is a common ‘must have’ before you can be hired (certifications like this one are more important than a degree for most companies).

There are others certifications if you want to go for higher levels of SOC analyst though, such as:

• Certified Information Systems Security Professional (CISSP): This is a more advanced certification for those with at least five years of experience in the field
• Certified Information Security Manager (CISM): This focuses on governance, risk management, and compliance, and is more of a speciality cert for compliance auditors

So yeah, just a few things to learn! The good news is, if you’ve been doing some cybersecurity for a while now, you probably have some of these already.

Also, keep in mind that you don't need to be the very best in all of these areas. There are many requirements needed and recommended for a SOC analyst, but nobody expects you to be a master at all of them since that would be close to impossible.

That is why SOC analysts work in a SOC team that has other people who are good in different sets of skills.

But if you take the courses and complete the projects I recommend, you'll be proficient in the most important areas and will have the skills needed to get hired.

How to become a SOC analyst

Realistically, you need to learn the skills I've outlined, prove that you have those skills, and then apply for jobs!

Let's recap the skills you need with specific resources:

1. Learn the basics of security principles, cybersecurity threats, attack techniques, and mitigation methods here
2. Learn Linux
3. Learn the basics of network protocols and networking
4. Get some experience with security tools and the ethical hacking process. If you know how the attacks can happen, you can prepare for them
5. Learn Python is highly recommended due to its ease of use and widespread support in cybersecurity tools
6. Learn Bash for UNIX/Linux
7. Pass the CompTIA+ certification exam

They might seem like a lot, but these same skills will open up multiple cyber security career options, so the benefits just keep on compounding!

As you're learning these skills, make sure to do the included projects so you that you have something to put on your portfolio which you'll need when applying to jobs.

So what are you waiting for? Become a SOC analyst this year!

As you can see, the SOC analyst role is a great place to start a career in tech and is definitely a great entry point into the world of cybersecurity.

The pay is solid, and there’s definite room for growth - both in terms of roles and experience gained. Not only that, but by training for a role like this, you’ll also open up even more opportunities.

All that’s left to do now is to start learning!

P.S.

All of the resources that I’ve mentioned in this guide, are all available with a ZTM membership, for a single monthly fee (with discount for annual or lifetime purchases).

This means that if you become a member, then you have access to all of these courses right away and will have everything you need in one place to learn for this role (and even other cybersecurity roles).

Plus, as part of your membership, you'll get to join me and 1,000s of other people (some who are alumni mentors and others who are taking the same courses that you will be) in the ZTM Discord.

Ask questions, help others, or just network with other cybersecurity experts and other tech professionals.

Make today the day you take a chance on YOU. There's no reason why you couldn't be applying for SOC Analyst jobs just 6-12 months from now if you just follow the steps I outlined and put in the hard work.