Professional certificatesThe certification that sets the standard for SOC Analysts
Security Analyst Level 2 (SAL2) is an advanced, hands-on certification for analysts ready to operate at the next level. Validate your technical depth, judgement and communication required in modern security operations.
Developed in collaboration with
Why get TryHackMe SAL2 certified?
Stand out with SAL2
Mid-senior level SOC roles demand more than alert triage. SAL2 proves you can investigate complex threats and perform at the level modern security teams depend on.
- Validate real investigation depth
- Demonstrate analytical judgement
Flexible learning
SAL2 is delivered through realistic, browser-based simulations designed to mirror real SOC investigations without rigid proctoring constraints.
- 72-hour flexible exam window
- Fully browser-based, hands-on
Industry recognised
Built to reflect real employer expectations, SAL2 signals that you are ready for greater responsibility within defensive security teams.
- Promotion-ready credential
- Recognised defensive benchmark
Reflecting elite SOC practice
SAL2 doesn't test theory, it simulates real investigative environments where context, prioritisation, and communication matter.
- 12 multi-stage SOC scenarios
- Technical + reporting assessment
Key skills evaluated in TryHackMe SAL2
Multi-Stage Incident Investigation
Analyse complex attack chains across realistic SOC scenarios.
Threat Analysis & Contextual Reasoning
Interpret activity and determine its significance.
SOC Tooling & Workflow Fluency
Work confidently across SIEM, EDR, and investigation environments.
Cross-Domain Investigation
Investigate threats across cloud, Active Directory, network, and endpoint systems.
Decision-Making Under Pressure
Prioritise effectively and make informed security decisions.
Professional Communication
Articulate findings clearly through structured reporting tasks.
Service Level Awareness
Operate within defined response time expectations during investigations.
Prioritisation
Assess multiple alerts and determine what requires immediate action.
Getting TryHackMe SAL2 certified
Complete the recommended preparation
Strengthen your investigation skills through advanced SOC-focused labs aligned with SAL2 expectations. Ensure you are comfortable analysing multi-stage incidents before starting the exam.
Start the exam
Complete 12 realistic SOC scenarios assessing both technical investigation and higher-level decision-making or reporting.
Get certified!
After you pass, you'll receive your SAL2 certificate and digital badge that you can share with employers or on LinkedIn. This credential demonstrates investigation maturity, sound decision-making, and professional readiness in complex defensive environments.
Don't just take our word for it
Overall, I think SAL 2 is a solid and well-designed exam. It's very realistic and reflects quite well what we actually do in an MSSP environment. I think it's a strong and practical certification.
I like that we use the SIEM practically to answer questions as it makes it more interactive, I also liked the report writing as I really had to think about what to write... it felt 'real'.
I think this is a very good exam. It felt engaging, practical, and genuinely challenged me in ways I wasn't expecting. I appreciated having to make decisions based on the scenario and justify them... it made me feel like I was working as a SOC Level 2 analyst.
The exercises are not centered on theoretical knowledge, but on the ability to work with logs, find attack artifacts, and build investigation logic - which closely reflects the real work of an analyst.
Get a professional certificate to validate your knowledge!
- Instant results
- Verifiable certificate
- Shareable Credly badge
- Recognition as a mid-level SOC professional
How SAL2 compares
| Feature | TryHackMe SAL2 | GSOC | BTL2 | eCIR | CySA+ |
|---|---|---|---|---|---|
| 100% hands-on exam | Included | Partial | Included | Included | mostly MCQs |
| Mirrors a real analyst's day | Included | Not included | Not included | Not included | Not included |
| Judgment & communication assessed | Included | Not included | Partial | Not included | Not included |
| Wider coverage, deeper evaluation | Included | Partial | Partial | Partial | Partial |
| Training included in price | Included | Not included | Included | Not included | Not included |
| Total cost (cert + training) | $749 | $5,999+ | $2,500 | $599 | $425+ |
*Prices shown in this comparison table are in USD for reference only. Localized pricing may apply, and prices in your local currency may differ.
The exam details
72-Hour Window
Complete the exam at your own pace within 72 hours.
€640
Already a premium subscriber? Enjoy a 15% discount on the exam fee.
Learning included
6 months of access to premium content included.
1 free retake
If you don't pass on your first attempt, we've got you covered with one free retake.
Building the certification
Industry Researched
Built around real employer expectations
Expert Reviewed
Validated by experienced SOC professionals
Real-World Simulations
Designed to mirror live SOC investigations
Practitioner Led
Grounded in authentic on-shift analyst workflows
Promotion Ready
Signals readiness for greater defensive responsibility
FAQs
Be among the first 100 analysts recognised as Founding Operators
Pass SAL2 and earn early recognition as part of the inaugural cohort, featured publicly and given access to exclusive Founding Operator benefits.
T&C: Recognition will be confirmed after the campaign closes on April 2. Eligible candidates will receive their rewards within a few weeks.