Looking to start, or progress in your career as a SOC Analyst? You’ve come to the right place. Today we’ll be discussing exactly what a SOC Analyst is, does, and how to become one.
The cyber security sector is continuing to grow, with a report from GOV.UK showing a 10% (5,300) increase in employees in the cyber security sector, in the past 12 months in the UK alone.
Meaning that cyber security professionals are in more demand than ever. Making it a great time to dive into the world of cyber security as a SOC Analyst.
What is a SOC Analyst?
SOC Analyst stands for “Security Operations Center Analyst”, and is an IT Security specialist who monitors an organisation’s networks and systems to identify and deal with potential cybersecurity threats.
A SOC Analyst will test for vulnerabilities in the network, handle cybersecurity incidents, and protect an organisation’s sensitive data from malware or cybercriminals.
What does a SOC Analyst do?
A SOC Analyst is typically the first person to deal with a cybersecurity issue, and the first line of defence. Additionally, they will work proactively to identify potential security threats before they become an issue.
As the first line of defence and one of the more junior members of the cybersecurity team, it is often a SOC Analyst’s job to recognise and flag cybersecurity issues and breaches, and escalate those to the senior members of the team.
The responsibilities of a SOC Analyst include:
- Detecting and preventing intruders from accessing data.
- Incident handling and management.
- Vulnerability testing and threat hunting.
- Prevent attacks on databases, networks, hardware and firewalls.
- Escalation of security breaches and threats.
What are the different SOC Analyst levels?
SOC is generally structured into 3 separate levels, or tiers. As you progress in your SOC career, you will typically learn and progress into the higher tiers: Although it is not uncommon for a SOC Analyst to work across all 3 tiers when necessary.
Tier 1 – Triage
Tier 1 is the most junior, and the typical starting point for someone in their SOC career. They will be the least experienced members of the SOC team, and will be responsible for monitoring for suspicious activity and threats.
A Tier 1 SOC Analyst will be responsible for triaging cybersecurity incidents. This will mean they are responsible for identifying any security issue, and its source, scope, impact and severity.
This will also involve escalating any security incidents to Tier 2 SOC Analysts when necessary.
Tier 2 – Investigation
The next stage, is investigation. Tier 2 SOC Analysts will investigate security breaches to determine the root cause, when Tier 1 SOC Analysts are unable to. Or the security incident is particularly large or dangerous.
This involves analysing logs, network traffic, and other data sources to identify where the breach came from. This also involves creating incident reports and recommendations based on their findings.
Tier 3 – Threat Hunting
The third and final level of SOC is threat hunting. This involves working proactively to hunt for any vulnerabilities or threats in an organisation’s cybersecurity defence.
To reach this level usually requires additional certification or experience in more advanced cybersecurity skills, like penetration testing and ethical hacking.
These are the most senior SOC Analyst on the team, with extensive experience in dealing with cybersecurity incidents. And as such, they will be the highest paid, and may have managerial responsibilities.
How much can a SOC Analyst make?
The typical salary for a SOC Analyst can range from between £25,000 for an entry-level SOC Analyst in a low cost-of-living area, all the way up to £80,000 for Senior SOC Analysts with more experience.
Of course, how much a SOC Analyst can make depends on a multitude of factors:
- Their years of experience.
- The certifications they possess.
- The range of technologies they’ve worked with.
- Where they live and work.
- And how much flexible working they have.
Once you have progressed in your career as a SOC Analyst, you can continue into a number of cybersecurity positions. Cybersecurity is a continually growing and developing industry, with end salaries of £100,000 achievable.
What salary can you earn at each level as a SOC Analyst?
Salaries can vary massively for SOC Analysts depending on experience and skills, due to the broad nature of a SOC Analysts role. For example, here at Dynamic we hire SOC Analysts with salaries ranging from £30,000 for junior positions, all the way up to £80,000 for a Senior SOC Analyst position.
- As a Tier 1 SOC Analyst, you can expect a salary of £24,000 – £36,000.
- As you progress to tier 2, you can expect a salary of between £31,000 – £45,000.
- And as a Tier 3 or above SOC Analyst, the average salary you can earn can range from £37,000, all the way up to £60,000.
SOC Analysts salary source: Glassdoor.
How do you start a career as a SOC Analyst?
The typical starting point for a SOC Analyst is in an IT Support or IT Helpdesk position, before moving into the cybersecurity sector: Typically, they will also hold a cybersecurity or IT degree, and some entry-level certifications.
Business will look for junior SOC Analysts who can demonstrate knowledge of cybersecurity practices afforded by a degree or certifications.
Additionally, demonstrable hands-on experience working in a cyber security role, or working with a ticketing system in a helpdesk or support will be especially attractive to potential employers.
Of course none of these are absolute necessities, plenty of people have started a career as a SOC Analyst without a degree in cybersecurity. But it is the typical starting point, and will give you the best chance of beating the competition.
Do you need IT experience to be a SOC Analyst?
In short, yes, you will need some degree of IT experience to become a SOC Analyst. While technically you could become a SOC Analyst with no prior experience if an organisation would offer you the training necessary: Especially if you have a degree and certifications that show your knowledge of cybersecurity.
However, junior SOC Analyst positions are extremely in-demand, and often have 100’s of applicants. Meaning you’ll likely need some experience in an IT role, preferable in a cybersecurity position, to beat the competition for the position.
What certifications are required to become a SOC Analyst?
The certifications that are “required” to become a SOC Analyst can depend on the specific company and job, as well as the technology you will be working with.
For example, a company that works primarily with Microsoft technology may well look for a SOC Analyst with Microsoft specific certifications, such as the SC-200 and AZ-500.
However, we’ve listed below some of the most popular certifications in the market at the moment, and the one’s were most asked for by the IT businesses we work with:
CompTIA Certifications
CompTIA Security+
The CompTIA Security+ is one of the best cybersecurity certifications for someone early in their cybersecurity, providing them with a core and fundamental understanding of cybersecurity, with on-the-job training: Without confining them to one particular vendor.
CompTIA CySA+ – CompTIA CyberSecurity Analyst
The CompTIA CySA+ is an intermediate level cybersecurity certification, with minimum of 4 years hands-on experience required, and is the next step for someone who has earned their CompTIA Security+.
Cisco Certifications
CCST – Cisco Certified Support Technician (CCST) Cybersecurity
One of Cisco’s entry-level certifications, this one is the starting point for someone in a career in cybersecurity, who is interested in working with Cisco systems.. This is an absolutely entry-level certification, so would be a good idea to progress to later certifications.
From here, you can progress further down the CyberOps certification route with the Associate and Professional level certifications, or the CCNP Security certification.
Microsoft Certifications
SC-200 – Microsoft Certified: Security Operations Analyst Associate
Microsoft’s SC-200 certification is a great starting point for a SOC Analyst looking to work with Microsoft technology. It will give you valuable experience working with Microsoft Sentinel, Defender and Microsoft 365.
AZ-500 – Microsoft Certified: Azure Security Engineer Associate
Meanwhile the AZ-500 exam focuses on cybersecurity with Microsoft’s cloud technology, Azure. Given the increasing demand for cloud professionals, this is a great alternative or complementary certification to earn alongside your SC-200.
ISACA Certifications
These certifications from ISACA and placed lower on our list, due to being certifications that will over qualify you for a SOC Analyst position.
CISM — Certified Information Security Manager
The CISM is a great certification for those looking to move into a management position within cyber security, and away from a hands-on SOC Analyst role.
CISA — Certified Information Systems Auditor
Alternatively, the CISA is a certification that is ideal for someone looking to continue to specialise into auditing businesses IT systems.
ISC2 Certifications
CISSP — Certified Information Systems Security Professional
ISC2’s CISSP, is one of the most difficult to earn cybersecurity certifications, and is the highest paying in Europe and the UK according to Skillsoft’s 2023 IT Skills and Salary Report.
While this would obviously be a great certification for any cybersecurity professional to have, it almost certainly over qualifies you for a SOC Analyst position. It is, however, a great certification to aim for, as you progress in your cybersecurity career.
For more information on the best cybersecurity certifications currently out there, you can have a look at our list here.
How to get a SOC Analyst job
To become a SOC Analyst, there are a few steps that you’ll need to take first to prepare yourself, as well as to beat out the competition when applying for a SOC Analyst job.
Earn a degree in cyber security or computer science.
Earning a degree in computer science, IT, or cyber security is the typical starting place for someone working in cyber security.
To help decide which university degree is right for you, the National Cyber Security Centre is an independent body that has a list of cyber security degrees they have independently accredited that you can see here.
Alternatively you can choose from Edurank’s list of 100 Best universities for Cyber Security in the UK, based on their research performance in cyber security.
Earn an entry-level certification
Which certification is best for you depends on your career choice. For someone who wants to work with Microsoft technology, then the SC-200 or AZ-500 certifications would be the best choice.
But if you’re not sure which area you wish to specialise in, or don’t want to confine yourself to working with only one technology, then we would advise going with the CompTIA Security+.
While other certifications on our list are more entry-level, the CompTIA Security+ offers a few distinct advantages for someone starting out in their cybersecurity career:
- CompTIA is an industry recognised body, and the Security+ certification is one of the most in-demand certifications for junior cybersecurity professionals.
- It is vendor-neutral, meaning you’ll be eligible for more job opportunities than someone who has specialised in one specific technology.
Start with an entry-level job in wider IT
The most important step to becoming a SOC Analyst is getting hands-on experience in IT and cybersecurity. Some businesses we work with, look for either cybersecurity experience, or someone with a cyber security degree alongside some IT experience, in a help desk or support role.
So if this is you, it can be worthwhile considering gaining IT experience in a role like IT Technician, 1st Line Support Engineer, or Help Desk Engineer: Before then specialising in cybersecurity.
Speak to a cyber security professional or recruitment consultant
When you’re just starting in your career, it can be helpful to get some advice from the experts.
A cyber security professional who has been through it all themselves will be able to offer useful advice on how to get started in your own journey.
Or, a recruiter in the IT industry might be able to point you in the direction of some entry-level cyber security roles.
Where can you find SOC Analyst jobs?
The cybersecurity industry has continued to grow, which means more SOC Analyst positions are available than ever before. However, this increased demand has led to an increased supply, and there are now more applications for these SOC Analyst positions than ever before. But where can you find these SOC Analyst positions?
Managed Security Service Providers
One of the most common employers of SOC Analysts are Managed Security Service Providers, who will offer cybersecurity services to other businesses. Going directly to them can be a good way to check if they are currently hiring for any entry-level positions.
Job Boards
It’s always worth your time to look on job boards online like Indeed, Reed for SOC Analyst positions. However, these are often highly contested, meaning you’re less likely to be successful.
IT or Cyber Security Recruitment Agencies
Alternatively, you can choose to work with a recruitment agency that specialises in working with IT or Cyber Security professionals. Which gives you numerous advantages over the competition, like having the insight and advice of a recruitment specialist, support through the recruitment process, and access to exclusive roles.
You can see our open SOC Analyst and Cyber Security roles here. Or if we don’t have any that catch your eye, reach out and contact us here, and we’ll be in touch when we do get any roles that are right for you.