Feature
CAREERS • 7 min read

How to Become a SOC Level 2 Analyst

The importance of cyber security has increased in the current digital era. Organisations depend on Security Operations Centres (SOCs) to safeguard their data and assets in the face of growing cyber threats. SOC Level 2 (L2) analysts are in great demand because of their critical role in identifying and handling security issues.

Read on to learn everything you need to know about Level 2 SOC Analysts and how our SOC Level 2 learning path can help you kick-start your career as a SOC Level 2 Analyst or put you on a path to a promotion.

What is a SOC L2 Analyst?

A SOC Level 2 Analyst (or Security Operations Centre Level 2 Analyst) is in charge of strengthening an organisation's security posture through more proactive threat detection and response.

As a company's first defence line, they monitor system and network activity for any dangers or weaknesses.

Compared to a Level 1 Analyst, this position demands a greater understanding of security protocols, techniques, and technology. SOC Level 2 Analysts are the digital equivalent of detectives; they delve into the minute details of possible security occurrences to ensure their company is safe from cyber attacks.

SOC Level 2 Analyst Roles and Responsibilities

A SOC L2 Analyst has a wide range of difficult duties to keep up a strong defence against constantly evolving cyber threats. To improve the organisation's overall security posture, SOC Level 2 analysts are generally required to use their skills to provide in-depth threat analysis, look into incidents, adjust security tools and processes, and work with other cyber security teams.

Moving from SOC L1 to SOC L2, your tasks and duties increase in difficulty and demand:

  1. Incident Detection and Monitoring: Maintain a closer eye and greater sense of accountability on network traffic, system logs, and security warnings.
  2. Incident Analysis: To find possible security issues and evaluate their impact and severity while thoroughly analysing security notifications.
  3. Incident Triage: When deciding whether to escalate an issue, weigh the incident's importance and criticality.
  4. Incident Response: Oversee the response to verified security incidents, arranging containment measures and the extent of the incident's inquiry.
  5. Documentation and Improvement: Take careful note of events, assess them, and adjust security protocols and incident response techniques.

The level of a SOC Analyst

SOC Analysts are divided into three tiers based on their primary areas of expertise.

Level 1 SOC Analyst

Level 1 SOC Analysts (also referred to as tier 1 SOC Analysts or entry-level SOC Analysts) are triage specialists whose primary role is to monitor and identify potential threats. They regularly investigate security incidents, and when necessary, Level 1 SOC Analysts escalate incidents to Level 2 and review their urgency to prioritise issues.

Level 2 SOC Analyst

Level 2 SOC Analysts (also called Tier 2 SOC Analysts or incident responders) are responsible for responding to cyber attacks and investigating incidents escalated by Level 1 SOC Analysts. After assessing the scope of these incidents, Level 2 Analysts respond accordingly.

Following Level 2, SOC Analysts have plenty of opportunities to rise to higher positions.

Level 3 SOC Analyst

Level 3 SOC Analysts (also called threat hunters) have significant experience and expertise and play a critical role in supporting Level 2 Analysts in responding to complex security issues. They routinely look for threats and vulnerabilities and investigate solutions to address emerging trends.


On your SOC career path, you can advance to a Level 3 SOC Analyst, SOC Engineer/Architect, or SOC Manager if you gain experience as a Level 2 SOC Analyst. Starting with our SOC Level 2 learning path, you can advance to senior roles with TryHackMe on your side.

SOC L2 Analyst salaries

Becoming a SOC Level 2 Analyst can be financially rewarding. Salaries vary according to expertise level, industry of the company, and location. On average, a SOC Level 2 Analyst can expect to earn significantly more than their Level 1 counterparts.

  • In the UK, the average annual salary for a SOC Level 2 Analyst ranges from £35,000 to £50,000, with the potential for even higher earnings based on experience and expertise. These figures are expected to have increased as cyber security skills continue to be in high demand.

How to become a SOC Level 2 Analyst

The UK is seeing a steady increase in demand for SOC L2 analysts.

Becoming a SOC Level 2 Analyst is not just a career choice; it's a commitment to protecting the digital world. By following these top tips and dedicating yourself to continuous learning, you can forge a successful path in cyber security and help organisations worldwide protect their digital assets in a challenging and ever-evolving landscape.

By gaining the required knowledge, qualifications and experience, you can step into the SOC Level 2 Analyst role and help protect your organisation's digital assets from ever-changing cyber threats. In addition to the financial benefits, this pathway promises a rewarding and challenging career in the cyber security industry.

SOC L2 Analyst qualifications

As you aim to progress towards a SOC L2 Analyst role, acquiring certifications tailored to defensive security operations can support you in your journey. Mid-level professionals can benefit from CompTIA CySA+, which covers detection, response, automation, threat hunting, and IT compliance.

Pursuing other specialised certifications like eCIR, eCTHP, eCDFP, and GIAC's GCIH, GMON, GCDA, and GCIA can also significantly help enhance your hands-on defensive skills! Additionally, CASP+, CCNA CyberOps, and BTL-1 offer a mix of theory and practical experience covering various aspects of defensive security.

Depending on the tools within your organisation, vendor-specific certifications from CrowdStrike, Zscaler, and Qualys, to name a few, can also be beneficial to develop expertise in specific tooling.

A SOC L2 Analyst is typically expected to have proficiency in multiple domains such as vulnerability management, risk management, access control, firewall management, web filtering, threat intelligence, threat hunting, endpoint security solutions, email security, data loss prevention, detection engineering, malware analysis, SIEM, and more.

TryHackMe also offers a wide range of resources and learning paths to help you get started in your role as a SOC Level 2 Analyst.

Level 2 SOC Analyst skills

Level 2 SOC Analysts must demonstrate a continual drive and possess soft skills such as critical thinking, effective problem-solving, independence, resilience, and rational analysis.

A strong understanding of the following topics are expected:

  1. Incident Handling: Rapid, effective resolution of security incidents.
  2. Threat Hunting: Proactive identification of potential system threats and vulnerabilities.
  3. Security Monitoring: Diligent surveillance of networks and systems for unusual activity.
  4. SIEM Expertise: Proficiency in Security Information and Event Management (SIEM) systems.
  5. Log Analysis: Examining system logs to identify anomalies and security threats.
  6. Network Traffic Analysis: Understanding network traffic flow to detect irregular patterns.
  7. Risk Management: Assessing and addressing security risks.
  8. Communication Proficiency: Clear articulation of incidents and collaboration with teams.
  9. Email Security: Safeguarding against phishing, spam, and other malicious email threats.
  10. Threat Intelligence: Keeping abreast of emerging threats and the evolving cyber landscape.
  11. Endpoint Security: Hardening individual devices to prevent security breaches.
  12. Vulnerability Management: Encompassing the identification, evaluation, remediation, and reporting of security vulnerabilities in systems

Moreover, SOC L2 Analysts should also have a solid foundation in technical areas such as:

  • Experience in handling security-related incidents
  • Vulnerability assessments and penetration testing
  • Firewall configuration and intrusion detection systems
  • Python programming for security tasks
  • Mastery of IDS/IPS protocols
  • Proficiency with diverse operating systems, including Linux, Unix, and Windows
  • Knowledge of network protocols and competence with packet analysis tools
  • Credentials like Security+ or equivalent certifications (e.g., GIAC, CASP, eLearnSecurity, etc.)
  • Experience with analysing and handling malware

Keeping up with the industry

Since SOC analysts are the backbone of the defensive security team, they are responsible for staying informed of the constantly evolving threats and the ever-changing market.

Many experts in the subject, including Katie Paxton-Fear, Nicole Enesse, Simply Cyber, Florian Roth, Chris Greer, Alyssa Miller, Tracy Z. Maleef, Lesley Carhart, and Marcus J. Carey offer the most recent developments in defensive protection.

We also suggest reading ThreatPost, The Hacker News, PenTest Magazine, and the TryHackMe blog to keep up with the latest industry developments.

Gaining experience

If you're currently a SOC Level 1 Analyst and aiming to advance to the Level 2 position, here are some invaluable tips on gaining experience for your new role :

1. Constant Learning: Keep informed of the latest developments and threats in the cyber security industry.

2. Develop Your Analytical Skills: Analysts at Level 2 require strong analytical skills. Develop your ability to analyse logs, analyse occurrences, and recognise attack patterns.

3. Develop Technical Proficiency: Become familiar with security technologies and tools that are frequently utilised in SOC environments, including as intrusion detection systems, firewall technologies, and SIEM (Security Information and Event Management) systems.

4. Develop Soft Skills: Cooperation and effective communication are essential. Become more skilled at sharing thoughts, working with others, and completing incident reports.

5. Seek Mentorship: If possible, look for mentors or seasoned SOC Level 2 Analysts who can offer advice and insights specific to your career goals.

6. Put Your Initiative Into Practice: Don't wait for chances to present themselves. Assume responsibility proactively, provide assistance with difficult assignments and show that you're prepared for the next step.

SOC Analyst training

TryHackMe offers the ideal SOC Level 2 Analyst learning path to help you achieve success in your career. We want to see you thrive as a SOC L2 Analyst with TryHackMe on your side, with hands-on, realistic, and practical scenarios! This learning path will assist you in making the transition into a Level 2 position or strengthen the fundamental technical skills required to function well in your existing role.

With the SOC Level 2 Analyst learning path, you will play through a day in the life of a Level 2 SOC Analyst, where you'll practise log analysis thoroughly and gain practical knowledge with various SIEM platforms through realistic scenarios. The path will also cover topics related to detection engineering, enabling you to diagnose and resolve problems with logging, alerting, and detection.

You will also learn essential technical skills to perform advanced Blue Teaming tasks like malware analysis, incident response, threat hunting, and emulation.

After completing this learning path, you will have the skills required to step up your career opportunities in defensive security to a Level 2 SOC Analyst!

Validate Your Skills with SAL1

For those looking to prove their expertise and stand out in the cyber security field, the SAL1 (Security Analyst Level 1) Certification provides industry-recognised validation of your threat detection, investigation, and response skills. Designed for hands-on, practical learning, SAL1 ensures you have the core competencies needed to excel in a SOC environment and take the next step in your cyber security career.

authorCarah Els
Dec 12, 2023

Join over 640 organisations upskilling their
workforce with TryHackMe

We use cookies to ensure you get the best user experience. For more information contact us.

Read more