How to Become a Level 1 SOC Analyst

As the volume and complexity of cyber attacks increase, defending organisations against attacks is vital. SOC Analysts are at the forefront of this, with a significant role in handling security operations.

A career as a SOC Analyst can offer great rewards and benefits, including flexibility, career security, unlimited progression, opportunities to advance, and unique challenges, where no two days are the same!

Continue reading as we uncover everything you need to know about Level 1 SOC Analysts and how our SOC Level 1 Pathway can help you kickstart your career.

What is a SOC Analyst?

A Security Operations Centre (SOC) is a centralised security unit, with a team responsible for protecting the company against security threats.

A Security Operations Centre Analyst, also known as a SOC Analyst, works in a SOC team to monitor, analyse, and respond to security issues as the front line of a company's cyber defences. The SOC Analyst role includes implementing and incorporating tools and technologies to identify security threats and vulnerabilities to prevent cyber attacks further.

SOC Analyst Level 1 roles and responsibilities

At a high level, you can think of SOC Analyst Level 1 as being the first line of defence within a SOC team. Most organisations usually have very good coverage and visibility of their digital infrastructure; they can get granular information on what is happening across computers on the network. The technology installed on this infrastructure can also identify potentially malicious activity. This can include anything from attackers trying to access sensitive information to users running malicious files.

All this information is fed back to the SOC team and the SOC Level 1 Analysts are primarily responsible for separating the real threats from the false ones.

Other duties of SOC Analysts include:

• Continuously monitor and investigate the security alerts queue
• Monitor the health of security sensors and SIEM (Security Information and Event Management) infrastructure
• Collect data and context necessary to initiate Level 2 escalation
• Deliver scheduled and ad-hoc vulnerability assessment reports
• Configure and manage the security monitoring tools

The levels of a SOC Analyst

SOC Analysts are split into three levels (often referred to as ‘tiers’) based on their primary specialities.

Level 1 SOC Analyst

Level 1 SOC Analysts (also known as Tier 1 SOC Analysts or entry-level SOC Analysts) are triage specialists with a primary role of monitoring and identifying potential threats. They regularly investigate security incidents, and if necessary, Level 1 SOC Analysts escalate incidents to Level 2, reviewing their urgency to prioritise issues.

Level 2 SOC Analyst

Level 2 SOC Analysts (also known as Tier 2 SOC Analysts or Incident Responders) are responsible for responding to cyber attacks and investigating incidents escalated by Level 1 SOC Analysts. After assessing the scope of these incidents, Level 2 Analysts respond accordingly.

Level 3 SOC Analyst

Level 3 SOC Analysts (also known as threat hunters) hold high experience and expertise, with a crucial role in supporting Level 2 Analysts in responding to complex security issues. They routinely search for threats and vulnerabilities while studying solutions to counter emerging trends.

As you become an experienced Level 1 SOC Analyst, you can progress to become a Level 2 SOC Analyst, Level 3 SOC Analyst, SOC Engineer/Architect, or SOC Manager in your SOC career path. If you are looking for SOC Analyst progression from Level 1, you'll find plenty of options to move forward to more senior positions!

SOC Analyst salaries

How much does a SOC Analyst make? SOC Analyst salary earnings vary depending on the level/tier, location, experience, and employer.

In the UK, Level 1 SOC Analysts can expect a starting salary of £31,554, with an average salary of £37,647 ($69,530) after some experience. Meanwhile, SOC Analysts of (Levels 2 and 3) can expect to earn £40,715 upwards.

How to become a SOC Analyst

SOC Analyst qualifications

You won't need a degree to become a SOC Analyst, although this can help. Additionally, obtaining SOC Analyst certifications, such as the CySA+ from CompTIA, can be the doorway into the industry. However, it’s worth remembering that cyber security certifications are not required across all cyber security fields. Becoming a certified SOC Analyst isn’t a requirement for entry-level roles.

Keeping up with the industry

In defensive security, SOC Analysts are at the team's core and must therefore keep up with the rapidly evolving industry and increasingly sophisticated attacks.

There are a number of researchers, influencers, and key content creators in the field that share the very latest in defensive security, including Katie Paxton-Fear, Nicole Enesse, Simply Cyber, Florian Roth, Chris Greer, Alyssa Miller, Tracy Z. Maleef, Lesley Carhart, and Marcus J. Carey.

We also recommend regularly keeping up with ThreatPost, The Hacker News, PenTest Magazine, and the TryHackMe blog.

Gaining experience

If you want to build cyber security experience, some options include volunteering, paid internships, and work placements. Alternatively, many cyber security professionals begin in IT support roles, building comprehensive technical knowledge, before moving into an entry-level SOC Analyst role.

SOC Analyst skills

SOC Analysts must demonstrate a continual drive, creative thinking, and dedication to making an impact. A strong understanding of the fundamental technologies is also required, including the following topics:

• Network Fundamentals - the core concepts of how computers communicate with each other are important to understand before learning how to attack and defend networks
• Web Application Technologies - learn the building blocks of the world wide web to understand how to attack web applications
• Linux Fundamentals - Many servers and security tools use Linux. Learn how to use the Linux operating system, a critical skill in cyber security
• Windows Fundamentals - Get hands-on access to Windows and its security controls. These basics will help you in identifying, exploiting and defending Windows

SOC Analysts must also have soft skills like critical thinking, problem-solving, independence, resilience, and logical thinking.

SOC Analyst training

One of the most significant benefits of pursuing SOC Analyst careers is that you can learn and upskill on your own through TryHackMe, giving you an excellent way to get a foothold in the field!

While our Pre-Security Training pathway teaches you the pre-requisite technical knowledge to get started in cyber security, our SOC Level 1 pathway covers a wide array of tools and real-life analysis scenarios, enabling you to become a Level 1 SOC Analyst.

Play through a day in the life of a Level 1 SOC Analyst. Throughout the pathway, you’ll learn how to monitor and investigate alerts, configure and manage security tools, develop and implement IDS signatures, and escalate security incidents to the Tier 2 and Team Lead (if needed). After completing this pathway, you will have the skills required to pursue new career opportunities in defensive security - perfect for aspiring SOC Analysts!

Want to learn more about the pathway and how it can help you? Look at our SOC Analyst Training: Everything You Need to Know guide.

Working through online CTFs, like King of the Hill, can challenge you through defensive and offensive security topics that are transferable to SOC Analyst roles and responsibilities in a fun and competitive environment!

Our Achieving Entry-Level Roles blog gives further insights into entry-level cyber security jobs.