SOC Analyst

Build the skills a successful security operations center (SOC) analyst needs with our library of role-based courses and learning paths. Learn how to analyze and monitor network traffic for security events and vulnerabilities.



What does a SOC analyst do?

A security operations center (SOC) analyst is responsible for analyzing and monitoring network traffic for security events and vulnerabilities. SOC analysts also investigate, document and report on information systems weaknesses. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.


SOC analyst career paths

Domain knowledge

  • Cyber defense analysis
  • Systems analysis


Related job titles

  • Security analyst
  • Security specialist
  • Incident analyst

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • Systems Security Analyst
  • Cyber Defense Analyst
  • Vulnerability Assessment Analyst
  • Cyber Defense Incident Responder
  • Cyber Defense Infrastructure Support Specialist

Training Material

Suggested courses for SOC analysts

Computer Forensics

The Computer Forensics skill path teaches you critical techniques about identifying, preserving, extracting, analyzing and reporting forensic evidence through use of the most popular computer forensic tools.

Cyber Threat Hunting

The Cyber Threat Hunting Learning Path helps you master a repeatable, documentable cyber threat hunting methodology. You'll learn how to leverage a variety of tools to assist with your cyber threat hunting activities.

Incident Response

The Incident Response Learning Path will give students the understanding of how incidents are responded to at a high level, as well as allow them to build important technical skills through the hands-on labs and projects.

Network Traffic Analysis for Incident Response

Learn about network traffic analysis tools and techniques and the valuable data that can be extracted from your network traffic.

Threat Modeling

This path introduces you to threat modeling with RTMP. Beginning with a top-level view of threat modeling, you'll look at core security frameworks, elements of a threat model, threat modeling basics, agile architecture and more.

Vulnerability Assessment

The vulnerability assessment learning path guides you through a holistic security assessment approach, where you will develop a well-structured framework for analyzing the security of a system. You will acquire the skills to perform custom vulnerability assessment for any computer system, application or network infrastructure.

Advanced Intrusion Detection

Building meaningful detections is the first step in identifying malicious intruders on your network and remediating any threats against your environment. The Advanced Intrusion Detection learning path will provide you with the practical, hands-on knowledge you need to fully understand the methodology behind intrusion detection and craft meaningful detection rules and logic.

Cybersecurity Data Science

The best hackers and security experts are using machine learning to break and secure systems. Learn everything you need to employ the latest cutting edge tools in cybersecurity data science.

Plans & pricing

  • Infosec Skills Personal

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

SOC Analyst FAQ

Frequently asked questions

  • What does a SOC analyst do?
    • SOC analysts use their networking, computer science, research and collaboration skills to assess security systems for vulnerabilities and malicious activities and to identify potential
      controls to mitigate them.

      SOC analysts can also be expected to perform many other tasks:

      • Monitor security systems for suspicious network or application behavior
      • Document security incidents and implement response plans
      • Assist with cybersecurity risk assessments, vulnerability testing and compliance activities
      • Monitor and perform security and patch management
  • How do I become a SOC analyst?
    • To help the creation of your development plan, the Bureau of Labor Statistics (BLS) notes that successful SOC analysts typically display the following characteristics:

      Analytical skills: SOC analysts must carefully study computer systems and networks and assess risks to determine how security policies and protocols can be improved

      Detail-oriented: Because cyberattacks can be difficult to detect, SOC analysts must pay careful attention to computer systems and watch for minor changes in performance

      Ingenuity: SOC analysts must anticipate SOC risks and implement new ways to protect their organization’s computer systems and networks
      Problem-solving skills: SOC analysts must respond to security alerts, uncover and fix flaws in computer systems and networks

  • What education does a SOC analyst need?
    • Most SOC analyst vacancies are looking for candidates with a bachelor’s degree in computer science, information assurance or a related field. However, given the large critical skills gap across the cybersecurity industry, many employers’ emphasis on four-year degrees has lessened if the candidate can show tangible technical skills, and related on-the-job experience.

  • What certifications does a SOC analyst need?
  • What skills does a SOC analyst need?
    • SOC analyst day-to-day activities require them to demonstrate competency across the following security domains:

      • Network defense
      • Ethical hacking
      • Incident response
      • Computer forensics
      • Reverse engineering
  • How much does a SOC analyst earn?
    • Here are average salaries for industries employing the most SOC analysts:

      • Finance and insurance: $103,510
      • Computer systems design and related services: $101,980
      • Information: $100,560
      • Management of companies and enterprises: $97,440
      • Administrative and support services: $96,190
  • What does a SOC analyst work?
    • One source lists New Jersey, Delaware, New York, Massachusetts and Maryland as the top employer of security analysts. Given the size of the federal government, Virginia and the District of Columbia can also be expected to employ a lot of SOC analysts.

Unlock 7 days of free SOC analyst training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments