SOC Analyst: EVERYTHING You Wanted to Know!

Wondering how to be a SOC analyst? Read below to understand what SOC analyst do and how to get your first job.

What Is a SOC Security Analyst?

A SOC analyst is a person who studies and analyzes information security threats and vulnerabilities. They examine data from both internal and external sources, as well as analyze data to find patterns and trends that could be useful for assessing risks. By reviewing these patterns of activity, they can determine whether there’s a security risk—and if so, how serious it is.

SOC Analyst vs Security Analyst

Security analyst roles come with a variety of titles. Let’s take a look at a couple other types of roles:

Security Compliance Analyst. This is a person that doesn’t analyze threat data but is more focused upon the security governance, risk, and compliance (“GRC”) of the organization. Depending on the nature of the role, they implement or examine current security policy, standards, controls, and procedures to determine whether they’re compliant with the intended security goals of the organization. This type of analysis isn’t dependent on log monitoring; rather, the intent is more “compliance monitoring”. Though non-technical in nature, a security compliance analyst does need to be familiar with the technical aspects of the profession.

Information Security Analyst. Technically speaking, the term “cyber” in cyber security deals with digital information. However, an organization may define an “information security analyst” for individuals responsible for analyzing the security of all information, including physical paper that’s been locked away. You may hear the terms “cyber security analyst” and “information security analyst” used interchangeably. If an organization does make a distinction, you might expect additional analysis regarding their physical security measures.

Although today’s article is more heavily focused on the SOC analyst type of role, some aspects are applicable to all cyber analyst roles in general.

What to Consider!

While SOC analyst is a good place to start your career, there are points you need to consider before diving right in!

If you’re getting into cyber security because you think being an analyst is an easy job, it’s time to start looking into another industry. This is a challenging job just like any other cyber career with its own set of pros and cons. Expect to spend long hours staring at data in front of a computer screen while performing research on the side.

If you want to enter this career as a steppingstone to another security position, it’s doable provided you’re not trying to make a leap from analyst to red teamer! If you can handle that, then you’re on the right path!

What Is the Average SOC Analyst Salary?

Wondering how much do SOC analyst make? Below are listed the base pay hourly rates from select websites within the Washington DC region.

  • PayScale: $86,628/year or $42/hour *Cyber security analyst
  • Salary.com: $77,884/year or $37/hour
  • Glassdoor: $67,380/year or $32/hour
  • ZipRecruiter: $106,259/year or $51/hour

SOC Analyst Roles and Responsibilities

What do SOC analyst do? Each security analyst role will have varying degrees of responsibility so it’s up to you to check out the job description and make your own comparisons. Let’s look at some of the common SOC analyst day to day activities:

Network Monitoring. Use and configuration of network defense tools to monitor for system anomalies that might be indicative of a breach.

Detection and Event Correlation. Use of security incident and event management (SIEM) tools to identify threat activity from multiple sources across the network.

Threat Research. Maintain awareness of the most current threats, vulnerabilities, attack methods as well as detection techniques using common threat lists such as the CVE.

Event Documentation. Log alerts and threat data from detection events as well as collaborate with customers and various security team members to create incident and remediation reports.

Custom Support. Provide customers with incident response support such as: creating tickets, tracking investigations, upholding remediation efforts, and any other threat mitigating activities.

Technical Documentation Support. Analysts may also be asked to develop plans for implementing new processes or technologies within an organization’s infrastructure; they may also be responsible for training employees on how best to protect themselves from cyber threats.

SOC analyst duties involve roles such as: threat hunting, SIEM monitoring, incident response, network troubleshooting, system hardening, vulnerability scanning, etc.

Types of Roles

It’s hard to say what exactly you’ll be required to learn because there are many types of SOC analyst roles!

To give you an idea, here are some of the categories different roles may cover:

  • Access to Cloud Services
  • Endpoint Detection and Response
  • Firewalls (Next-Generation or Web Application)
  • Forensic Analysis
  • Identity and Access Management
  • Intrusion Prevention and Detection Systems
  • Managed Detection and Response
  • Network Access Control
  • Security Information and Event Management
  • Simulated Breach and Attacks

These are by no means exhaustive, and each one of these is a specialized area of security analysis with their own specific tools. It’s not realistic to believe you’re going to know all of them; however, if you have a particular niche that you can focus on, you’ll be better off.

How to Be a SOC Analyst?

It’s said that cyber security is not an entry level career; in a sense that’s very true. You’ll be competing against professionals with years of experience in IT wanting to make a switch. So, give yourself a chance by taking advantage of every learning opportunity!

Additionally, if you’ve participated in any security bootcamp, freelance work, or any college laboratory/project work, list it on your resume! Interested in more tips to upgrade your cyber security resume?

Most importantly, experience counts above all else. If you have any real-world IT experience, or can find ways to get some, you’ll be ahead of the curve. Check out some of these freelance sites to help you gain some experience:

  • Upwork – Great freelance site for technical workers.
  • Freelancer – Another really good option for showcasing your talent.
  • Guru – Great spot to freelance your IT experience.
  • Fiverr – My personal favorite to find gig work.
  • TopTal – Job portal designed for the best of the best.
  • FlexJobs – Here you’ll find a mix of gig work and full-time employment.
  • JoinHandshake – An extremely popular site for college students and graduates.

Every cyber graduate struggles for months to get a first-time job. Be prepared to receive many no responses and rejections before you even have a chance to sit down for your first interview. Remember, motivation only turns the car on, but it’s your perseverance that will see you through to the finish line!

In the next section, I’ll discuss the required skills for SOC analyst.

SOC Analyst Job Requirements

If you’re wondering how to get a SOC analyst job, let’s look at the prerequisites:

Critical Thinking. The most important qualification for this position is the ability to think critically. You’ll be looking at a tremendous amount of data, which means you’ll need to be able to tell what’s important and what isn’t.

Decision Making. You’ll come across many false positives, or even false negatives (i.e. anomalies that show up as negative, but are real threats). You must make decisions quickly, based on the facts at hand and in an environment where there are no right answers. Being an analyst is labor intensive and while security tools are available to help, don’t expect it to automate the decision-making process for you!

Communication. You’re expected to attend meetings as the subject matter expert; as such, you’ll need excellent communication skills. As part of your job, you’ll have to explain your findings to other people who might not understand them as well as you do.

Sales. This is an odd skill to possess; however, I’m not talking about selling a tool or product; instead, I’m referring to your ability to sell yourself. There’ll be times when you believe implementing certain security solutions are appropriate but would require additional cost and cause disruption to the company’s productivity. Be prepared to defend your reasoning as this can include communicating with executives and making sure they understand the importance of your work on their business bottom line.

Sociability. Ironically, the technical aspect of being a SOC analyst isn’t as crucial as being able to interact with your teammates. You’ll be working alongside other colleagues for long periods of time, and if you can’t get along with one another, the entire team will suffer!

Curiosity. There’s a lot that’ll be thrown at you, and you’ve got to be willing to do the research necessary to make sense of the information. Be prepared to undertake the responsibility of researching the who/what/when/where/why and how of the threat data and vulnerabilities.

Being Adaptable. With the cyber industry in a constant state of flux, you’ll need to adapt your approach as new information and events unfold around you. This means quickly processing new threats, monitoring techniques, security tools, etc.

In the next several sections I’ll discuss SOC analyst qualifications, including whether a degree is necessary.

How to Become a SOC Analyst Without a Degree?

Yes, it is possible to get a job in cyber security without a degree; however, that’s entirely dependent on the organization’s experience and education requirements.

A degree will give you an advantage when applying for jobs, especially true if you have no IT experience at all. Your resume will stand out among other applicants and may even earn you more interviews than someone without a degree.

Of course, there is a trend toward substituting education for those with sufficient experience; but in almost any case, obtaining security certifications are a must!

What Degree Do I Need?

If you’re planning to go into cyber security and wondering what degree you need to become a SOC analyst, there’s some good news!

There are no specific cyber security degrees required for this position. If you have a formal education in cyber security, software, computer science or engineering, or information technology (IT), you shouldn’t have any issues transitioning into cyber security.

The college electives you take also matter. Some companies may prefer applicants who have taken additional course work in computer science or computer engineering, while others may be looking for a concentration in business administration or information technology.

If you’re trying to figure out which degree and concentration works best for your career goals, it’s important to consider your future goals and what kind of job opportunities are available in your area.

Sure, there are some positions that may require more education and experience. But for most entry-level positions, you should be able to get away with having a bachelor’s degree and no experience. However, as I mentioned earlier, without experience, it’ll take time to get your foot in the door.

What Is the Best SOC Analyst Certification?

There are multiple paths to becoming a certified SOC analyst!

Regardless of whether you decide to get a college degree, or receive any type of formal training, getting a SOC analyst certification will help your career goals.

First and foremost, the best certification for SOC analyst is the CompTIA Security+. This security certification is an absolute must for anyone attempting to enter the field of cyber security.

After you’ve successfully passed the Security+ exam, you have several options from the most well-known certifying agencies (GIAC, ISC2, CREST, and EC Council):

  • CompTIA CySA+
  • ISC2 Systems Security Certified Practitioner
  • GIAC Certified Intrusion Analyst
  • GIAC Continuous Monitoring Certification
  • GIAC Certified Detection Analyst
  • GIAC Security Operations Certified
  • CREST Practitioner Security Analyst
  • CREST Registered Security Analyst
  • CREST Certified Network Intrusion Analyst
  • EC Council Certified SOC Analyst
  • EC Council Certified Threat Intelligence Analyst

Some of you will ask about ISACA; while they do offer some very good security certifications, there didn’t appear to be any dedicated to cyber security analysis.

Is SOC Analyst a Good Job?

Depends. As you probably realize by now, the role of SOC analyst is broad in scope and so are the responsibilities associated with it. So, it’s hard to guess if you’re going to have a tough time with the role.

Some claim that being a SOC analyst is very demanding while others will say it was easy. In fact, for a SOC analyst, burnout isn’t uncommon due to the constant vigilance required of the job.

Author

  • Amit Doshi

    Driven by a vision to bridge the cybersecurity talent gap, I’m dedicated to fostering a community where budding enthusiasts and seasoned experts come together. Join me in building a network where we collaborate, learn, and fortify the digital frontier together.

    View all posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top