Unveiling SOC Analyst Careers: Salary, Job Outlook & Training (2024)

Unveiling SOC Analyst Careers: Salary, Job Outlook & Training (1)

$93,888

Average U.S. salary
Unveiling SOC Analyst Careers: Salary, Job Outlook & Training (2)

33%

Projected career growth through 2030
Unveiling SOC Analyst Careers: Salary, Job Outlook & Training (3)

Entry-level

Common first cybersecurity role

What does a SOC analyst do?

A junior SOC analyst is one of the primary entry-level roles within cybersecurity. SOC analysts are responsible for monitoring, investigating and reporting incidents from security information and event management (SIEM) systems. SOC analysts also monitor firewall, email, web and DNS logs to identify and mitigate intrusion attempts.

SOC analyst roles and responsibilities

The extent of a SOC analyst's duties — and the number of analysts working in the SOC — is dependent on the organization's size, industry and cybersecurity maturity. Smaller organizations may have a single analyst on staff, while large enterprises may employ 100 or more cybersecurity analysts within their SOC.

Typical duties include:

  • Review, prioritize and investigate SIEM alerts
  • Document cyber incidents and implement incident response plans
  • Follow patch management and vulnerability testing processes
  • Assist with risk management, audit and compliance requirements

SOC analyst career path FAQ

A junior SOC analyst is one of the primary entry-level roles within cybersecurity. There is a range of roles within a SOC, so junior analysts may work alongside more senior analysts, forensic investigators, incident responders, security engineers, security managers and more.

What does SOC analyst stand for?

What is a SOC?
Cybersecurity analysts and other cybersecurity professionals often work in a security operations center, also known as a SOC. The SOC is the central hub of an organization's cybersecurity function, and the people, processes and technology that make up the SOC are responsible for detecting, analyzing and responding to cyber incidents.

What is a SOC analyst?
SOC analysts are the people who use those tools to detect, analyze and respond to threats. Essentially, they are the cybersecurity first responders that are on the frontlines of a cybersecurity team.

What is a NOC analyst?
You may have also heard the term network operations center, also known as a NOC. A NOC is focused on the IT side of an organization's infrastructure rather than the security side. A NOC analyst and others on the NOC team are primarily responsible for maintaining uninterrupted service and optimizing network performance. Although both a NOC and SOC are related to business risk and organizational stability, they serve two different functions.

What are the different SOC analyst levels?

SOC analysts are often organized into tiers based on experience. How you define a SOC level 1 analyst vs. a SOC level 2 analyst can vary based upon the organization and how the SOC is structured. However, it's typical to have three tiers, plus management:

  • SOC analyst tier 1 is a name for an entry-level SOC analyst or junior SOC analyst. Alerts that come from the SIEM usually flow to a tier 1 SOC analyst to prioritize and investigate.
  • SOC analyst tier 2 is a more experienced position. They deal with perceived threats or challenging cases that are escalated from their tier 1 coworkers. They are sometimes referred to as cyber incident responders.
  • SOC analyst tier 3 is a more senior position. They often have a more proactive role of hunting down and identifying threats vs. responding to known issues. Because of this, they are sometimes referred to as cyber threat hunters.
  • SOC manager is the leader of the entire SOC team. They are responsible for setting the strategy, as well as hiring, training, reporting and communicating metrics to other stakeholders in the organization.

A SOC team may also include security engineers or security architects. Additionally, the roles within a SOC may have different names depending on the organization. For example, SOC analysts are often referred to as security analysts, cybersecurity specialists, incident analysts or cyber defense analysts.

What is a typical task for the SOC tier 1 analyst?

What do you need to learn to be a SOC analyst? The primary duty of a SOC analyst is to monitor network traffic for cyber threats, so typical duties revolve around using tools to collect, analyze, filter or restrict traffic to the network. Infosec Skills author Mike Meyers has a number of videos demonstrating these tools. See them in action below:

  • How to use Wireshark for protocol analysis: Learn how to analyze network traffic with the free protocol analyzer Wireshark and sniffing tool tcpdump
  • How to use Nmap and other network scanners: Learn how to use free network scanning tools like Nmap, Zenmap and advanced port scanner to discover what's on your network — or someone else's
  • 4 network utilities every security pro should know: Command-line utilities are useful in a variety of scenarios. Learn how, and when, you can use Ping, Netstat, Traceroute and ARP
  • How to configure a network firewall: Learn the basics of setting up a network firewall, including stateful vs. stateless firewalls, setting up access control lists and more

For more information, read our SOC analyst job description article.

What tools should I get used to as a SOC analyst?

As noted above, there are a number of free open-source tools that are commonly used by SOC analysts (see "SOC analyst tools" and "What is a typical task for the SOC tier 1 analyst?"). When employed as a SOC analyst, you may also encounter popular commercial tools, such as:

  • Solarwinds Security Event Manager
  • Solarwinds Log Analyzer
  • Splunk Enterprise Security
  • LogRhythm NextGen SIEM
  • Alienvault Unified Security Management
  • Sumo Logic
  • McAfee Enterprise Security Manager
  • LogDNA
  • Datadog

Since an entry-level SOC analyst's primary duty is to look at alerts and logs, you should get comfortable with network analysis tools, packet crafting tools, instruction detection and prevention tools, SIEM tools like Splunk, and logs from firewalls, email, web and DNS.

What hours do SOC analysts work?

Cybersecurity never stops, and many SOCs operate all day, every day, year-round. How the SOC schedule is set up may vary depending on an organization's size, reach and preferences. For example, a global organization may have teams spread across different time zones so that most analysts work a typical first-shift schedule. Other organizations may have SOC analyst night shifts and overnight shifts to ensure staffing 24 hours a day.

Some common SOC schedules for a week:

  • Five, eight-hour shifts totaling 40 hours
  • Four, 10-hour shifts totaling 40 hours
  • Rotating 12-hours shifts (one example is the Panama schedule, which has four teams working 12-hour shifts on a 14-day schedule: 2 days on, 2 days off, 3 days on, 2 days off, 2 days on, 3 days off)

Some organizations may require more than 40 hours during certain circ*mstances (e.g., a major cyberattack) or require on-call shifts to help ensure continuous coverage.

Where can I find SOC analyst jobs?

Wondering where to find SOC analyst jobs? You can search all of the popular job boards for "SOC analyst" — or related names like "security analyst" or "cybersecurity specialist." Find hundreds of open jobs here: Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder.

There are also cybersecurity-focused job websites like infosec-jobs.com, ClearedJobsand others.

Cybersecurity groups and associations like ISSA,ISACAorWomen in Cybersecurity are another great way to network and find potential job openings. You can also try attending local meetups or connecting with other cybersecurity professionals on popular cybersecurity discussion boards.

How much does a junior SOC analyst make? What does a senior SOC analyst earn?

According to salary.com, the average SOC analyst salary (base) in the United States in 2022 is $93,888, and the average base salary range for all SOC analysts falls between $79,968 and $112,461. When looking at total compensation, which includes annual incentives like bonuses, the average jumps to $100,200 and the range to between $83,851 and $125,131.

Payscale reports a wider range of pay, with entry-level security analysts earning total compensation of around $61,000 and the most senior (20+ years) security analysts earning $95,000.

Salary can also vary quite a bit based on job location, benefits and other factors. However, based on these reports a SOC analyst tier 1 salary can expect to fall somewhere in the range of $60,000 to $90,000.

Where can I find free SOC analyst training resources?

Paid training courses can be a great way to build your SOC analyst skills, but it's entirely possible to learn everything you need to know for free. Try exploring:

  • SOC analyst blogs: Hundreds of personal and commercial blogs offer technical walkthroughs of free and paid tools, break down career journeys and provide other valuable resources
  • SOC analyst podcasts: Weekly podcasts like Cyber Work provide insights from those in trenches about what it's like to actually work as a SOC analyst and other roles
  • SOC analyst books:Rent popular cybersecurity books from your local library, whether you want to learn cybersecurity basics, find your career path, earn an entry-level certification or jump-start your SOC analyst career
  • Social media: Follow thought leaders and connect with potential mentors on places like LinkedIn, Twitter, YouTube, TechExams and other platforms

How to get a SOC analyst job?

Hiring managers are looking for SOC analyst resumes that demonstrate a proactive desire to learn. So how can you become a SOC analyst if you don't have experience or alearning budget? Go get that experience! Create a side project. Find a SOC analyst internship. Volunteer. Build a home network to analyze traffic. Or find a mentor by joining a cybersecurity group.

SOC analyst requirements

Some organizations are shifting away from degree requirements and focusing on projects, experiences and certifications. However, a bachelor’s degree in computer science, cybersecurity or another technical field may still be required.

What are the basic requirements for a SOC analyst? At a minimum, you'll need an understanding of IT infrastructure and cybersecurity foundations. For more information on how to build that knowledge, watch Keatron Evans' live demo and Q&A, Getting started in cybersecurity.

SOC analyst training courses

Live SOC analyst boot camps and on-demand SOC analyst courses provide expert, guided instruction to build your knowledge and skills. A few popular options are listed below:

CompTIA Security+ Boot Camp Learn how to configure and operate many different technical security controls in this five-day Security+ training. Learn More
Ethical Hacking Boot Camp Go in-depth into the techniques used by black-hat hackers and earn your CEH and PenTest+ in this five-day training. Learn More
Cyber Threat Hunting Boot Camp Learn how to find, assess and remove threats from your organization in this three-day training. Learn More
CertNexus CyberSec First Responder Learning Path This learning path provides a comprehensive methodology for defending the cybersecurity of organizations. Learn More
Incident Response Learning Path This learning path demonstrates how incidents are responded to at a high level and builds technical incident response skills. Learn More
Network Traffic Analysis for Incident Response Learning Path This learning path highlights network traffic analysis tools and techniques — and the valuable data that can be extracted. Learn More
Computer Forensics Learning Path This learning path covers identifying, preserving, extracting, analyzing and reporting forensic evidence. Learn More
Advanced Intrusion Detection Learning Path This learning path covers the methodology behind intrusion detection and crafting meaningful detection rules and logic. Learn More

More cybersecurity career advice

Starting a cybersecurity career can feel daunting, but don't let that fear stop you from taking the leap, says best-selling author and Infosec Skills instructor Ted Harrington. “Every single person who has ever achieved excellence didn’t know anything at one point, but they set out with that mindset of curiosity. You can do it, and you can excel at it. Just don’t be scared and put in the work.”

Want more career advice? Watch the Cyber Work Podcast or read these popular articles:

  • 7 steps to building a successful career in information security
  • 10 reasons why you should pursue a career in information security
  • Most valuable cybersecurity skills to learn in 2022
  • Which cybersecurity certifications are best for your career?
  • How to specialize in cybersecurity: Find your path and your passion
  • Incident responder careers: What’s it like to work in incident response?
  • Threat hunter
  • 133 cyber security training courses you can take now — for free
Unveiling SOC Analyst Careers: Salary, Job Outlook & Training (12)

Most recent SOC analyst articles

Splunk: An easy tool for cybersecurity professionals to monitor threats Read More
SOC analyst career path Read More
SOCs spend nearly a quarter of their time on email security Read More
Cybersecurity analyst resume tips Read More
Cybersecurity analyst salary Read More
Cybersecurity analyst job description Read More
What does a cybersecurity analyst do? Read More

View All SOC Analyst Articles

Unveiling SOC Analyst Careers: Salary, Job Outlook & Training (2024)
Top Articles
Latest Posts
Article information

Author: Gregorio Kreiger

Last Updated:

Views: 6225

Rating: 4.7 / 5 (77 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Gregorio Kreiger

Birthday: 1994-12-18

Address: 89212 Tracey Ramp, Sunside, MT 08453-0951

Phone: +9014805370218

Job: Customer Designer

Hobby: Mountain biking, Orienteering, Hiking, Sewing, Backpacking, Mushroom hunting, Backpacking

Introduction: My name is Gregorio Kreiger, I am a tender, brainy, enthusiastic, combative, agreeable, gentle, gentle person who loves writing and wants to share my knowledge and understanding with you.