A security operations center (SOC) analyst is a cybersecurity staff member who is responsible for monitoring and fighting threats to an organization’s IT infrastructure. He or she is in charge of assessing security systems, identifying and patching vulnerabilities, and improving cyber resilience.

Some organizations choose to build their internal SOCs, but those that lack experts and know-how rely on outsourcers.

Becoming a SOC analyst can be an excellent career choice for those who want to jumpstart their career in cybersecurity. 

Other interesting terms…

Read More about a “SOC Analyst

Acting as the first line of defense against cyber threats, SOC analysts develop and implement security strategies for organizations. If you want to become part of a critical security team, read on to find out what course to take and skills to develop.

What Does a SOC Analyst Do?

The primary responsibilities of a SOC analyst include:

  • Monitoring security access and reporting potential malicious activities to a superior
  • Performing security and risk analyses to pinpoint vulnerabilities and assessing their potential impact on the organization
  • Investigating breaches and identifying their root cause
  • Preparing reports to help security leaders evaluate the effectiveness of security policies
  • Recommending improvements to security standards
  • Updating security systems to make sure the organization is sufficiently protected from cyber threats
  • Performing security audits 
  • Collaborating with third-party vendors

What Qualifications and Skills Should a SOC Analyst Have?


A SOC analyst should have at least a bachelor’s degree in computer science or any related field. Successful SOC analysts often undergo training and secure credentials from reputable organizations to become a Certified SOC Analyst (CSA). That is considered the first step to becoming a SOC team member.


The CSA program can help a SOC analyst acquire the necessary skills to become a Tier I and subsequently a Tier II analyst. Here’s how the two differ:

  • Tier I SOC analyst: Often considered as a triage specialist with system administration skills in Linux, Windows, and macOS. A Tier I SOC analyst is also well-versed in Ruby on Rails, Python, PHP, C, C#, Java, and Perl. He or she helps team members review all incident alerts and determine their urgency. A Tier I SOC analyst also elevates priority concerns to their Tier II counterparts.
  • Tier II SOC analyst: Also called an “incident responder.” A Tier II SOC analyst reviews tickets sent by his or her Tier I counterparts. He or she gathers new threat intelligence to determine the scope of an attempt or ongoing attack.

What Open-Source Tools Do SOC Analysts Often Use?

Since SOC analysts need to develop holistic security protection protocols, they need to use all available resources. Some of the open-source tools they can use are:

  1. Delta: A project of the Open Networking Foundation, Delta helps detect potential problems within a software-defined network (SDN) and how these can be exploited. The tool can probe not only known but also unknown network vulnerabilities.
  2. Ettercap: This is useful for testing man-in-the-middle (MitM) attacks. It explores how an environment responds to such an attack.
  3. HoneyNet: This helps SOC analysts study commonly used attack patterns to come up with strategies to deceive perpetrators, thus helping safeguard network-connected assets in the future.
  4. Infection Monkey: This is a complete tool that reveals events that can occur within a network once an attacker gains access.
  5. Lynis: This reveals all utilities and applications in Unix-based systems, including their configurations and vulnerabilities.
  6. Maltego: Primarily used for data mining and link analyses, Maltego provides a library of transformations for investigating threats.
  7. Nagios: This helps monitor an entire network, including infrastructure, traffic, and all connected servers.
  8. OpenVAS: This is a scanner that assesses and identifies assets that have vulnerabilities that can leave a network open to a security attack.
  9. Snort: This is an intrusion detection and prevention system (IDS/IPS) that does real-time analyses to identify anomalies and attacks.
  10. Vega: A web security scanner and testing platform, Vega helps test web applications to determine cross-site scripting (XSS), Structured Query Language (SQL) injection, and other vulnerabilities. 

How Much Does a SOC Analyst Earn on Average?

According to salary reports in Glassdoor, the average salary of a US-based SOC analyst is US$71,000 a year. Improving one’s skills, and climbing up the ladder can significantly impact his or her salary.