Chapter 5
Navigating
Your Cybersecurity
Career as a SOC
Analyst
By Deidre Diamond
In the rapidly evolving landscape of cybersecurity, the role of a SOC analyst serves as the foundation for many security professionals. SOC analysts play a crucial role in identifying and mitigating cyberthreats as well as ensuring the safety of organizational systems and data.
In the past year alone, an average of 63,000 SOC analyst roles were posted on CyberSN in the United States, highlighting the high demand for professionals in this field. After all, analysts are the lifeline of our cybersecurity talent ecosystem. They’re relied on to find anomalies and follow suspicious trails of activity. These professionals, like all cybersecurity professionals, need to be treated like emergency healthcare professionals and be given ample time to rest between shifts.
The more we know about what these professionals do, the more we can help them. Whether you’re a current or prospective SOC analyst, here are the ins and outs of navigating your career in cybersecurity.
Step 2
Unveiling Salary, Responsibilities, and Essential Tools
The average salary for SOC analysts with two or more years of experience is $124,150 and ranges from $110,000 to $138,300 per year.
A SOC analyst is responsible for enhancing their organization's cybersecurity posture by monitoring and responding to threats and implementing or enhancing security solutions, such as firewalls, endpoint security tools, and security event monitoring.
To effectively handle high volumes of events and ensure thorough examination of potential incidents, SOC analysts often operate at different levels based on their experience. For example, a SOC I analyst may focus on monitoring an endpoint detection and response (EDR) solution for malicious activity and subsequently escalate potential incidents to a SOC II analyst for further investigation, response, or remediation.
SOC analysts have expertise in cyberattack methods, cloud or network-based services, operating systems, malware, and incident response. The tools of a SOC analyst can vary but typically include anti-virus software, EDR solutions, threat intel platforms, firewalls, security information and event management (SIEM) solutions, and scripting languages.
SOC analysts may also be referred to as:
• Cloud Security Analyst
• Cyberdefense Analyst
• Cyberfusion Analyst
• Cybernetwork Defense Analyst
• Cyber Risk Defense Analyst
• Cybersecurity Analyst
• Cybersecurity Operations Analyst
• Cyberthreat Detection Analyst
• Endpoint Analyst
• Information Assurance Analyst
• Information Security Analyst
• Network Security Analyst
• Purple Team Analyst
• Security Analyst
• Security Operations Monitoring Analyst
• SIEM Analyst
• Systems Security Analyst
Career Path Options and Growth Opportunities
A SOC analyst position offers excellent opportunities for career growth within the cybersecurity field. It serves as a valuable stepping stone toward various cybersecurity roles or can be a fulfilling career path on its own.
To excel in this role, it’s crucial to possess a solid understanding of malware (how it works and how to identify it), networking, attack techniques, and normal operating system behavior. Being proficient in at least one programming/scripting language is ideal. Other skills that will help you in this role are reverse engineering, digital forensics, and penetration testing.
The SOC analyst role encompasses a wide range of cybersecurity disciplines, making it an ideal starting point for individuals who are uncertain about their desired career path within the field. It provides an opportunity to gain exposure to different areas before specializing in a particular domain.
SOC analysts often transition into other areas, such as incident response, digital forensics, threat hunting, risk/compliance, engineering, and many more, as they progress in their cybersecurity career.
Career Path Options, SOC Analyst
Hover over the circles to learn more about each role
Current Role
Feeder Role
Next Role
governance & compliance analyst
Governance and compliance analysts ensure that an organization’s operations and procedures meet government and industry compliance standards.
They research regulations and policies on behalf of the organization, communicate the necessary requirements, apply for certifications, and serve as a subject matter expert on all compliance-related matters.
privacy analyst
A privacy analyst manages the legal and operational risks around sensitive and critical information assets by assessing business operations on a continual basis, developing the right policies, procedures, and training programs, and overseeing all data agreements.
Privacy analysts can focus on the general operations of a business or on privacy as it relates to specific projects.
vulnerability/threat management analyst
Vulnerability/threat management analysts are responsible for maintaining all vulnerability or threat management solutions, ensuring all assets and systems are scanned for vulnerabilities regularly.
They then need to bring any findings to the attention of the business while working within the cybersecurity department to prioritize and remediate threats.
cyber insider threat analyst
Cyber insider threat analysts are responsible for collecting and assessing potential threats from within an organization, whether they’re from employees, business partners, or third-party vendors.
They analyze these threats, identify trends and patterns in threat data, and search for policy violations before disseminating and presenting their findings to key stakeholders.
reverse engineer/malware analyst
Reverse Engineers, also known as malware analysts, use decompiling, disassembling, and deobfuscating to gain a deeper understanding of how and what a malicious software operates.
They identify, examine, and work to understand various forms of malicious software, such as adware, bots, rootkits, spyware, ransomware, Trojan horses, viruses, worms, and much more.
cyber risk analyst
The cyber risk analyst supports the analysis, classification, and response to cybersecurity risks within an organization. They address cybersecurity risk and analyze the potential business and customer risk, aligning processes and controls to relevant frameworks and internal systems.
The cyber risk analyst also works to identify areas of concern for their specific organization, supporting resolution and mitigation by providing advice and recommendations.
threat hunter
A cybersecurity threat hunter is responsible for detecting and identifying highly advanced cyberthreats that cannot be detected by automatic or programmatic solutions.
They search for and track hidden threats before they attack rather than addressing incidents that have already happened, like the incident response team. These threats can be posed by insiders, such as employees, or outsiders, like organized crime groups.
incident responder
Incident responders protect and improve an organization’s security by addressing and managing the activities to recover from a cybersecurity event.
The incident responder makes an assessment on threat severity, conducts investigations, and works to contain, eradicate, and recover from threats.
red teamer
A red team assessment is far more targeted than penetration testing. Red team assessments are employed to rigorously test an organization’s detection and response capabilities.
A red teamer's responsibility is not to find as many vulnerabilities as possible but to access sensitive information that achieves their unique goal. They do this by acting as swiftly and quietly as possible, emulating a malicious actor.
identity and access management (iam) engineer
Access management services encompass all the tools that a user has access to within a company’s IT infrastructure. IAM Engineers implement and continuously optimize identity and access management services in line with evolving technologies and security regulations.
They are responsible for designing, implementing, and maintaining IAM technologies to ensure audit and privacy compliance, driving automation wherever possible. IAM Engineers also assist with resolving any security issues related to IAM operations.
security engineer
Security Engineers develop and maintain the systems that keep sensitive data safe from breaches and leaks.
These professionals play a pivotal role in protecting an organization’s data, reputation, and finances by working with penetration testers, security analysts, and technology managers to secure data as well as installing firewalls and other breach detection systems.
cybersecurity forensic engineer
A cybersecurity forensic engineer is part of the cybersecurity and investigation teams, responsible for acquiring and analyzing information and applying advanced analysis skills to support or contest cyberevent timelines.
They often work to recover hidden, encrypted, or deleted information to safeguard the integrity of data.
cloud security engineer
Cloud security engineers are responsible for the secure operations of cloud infrastructure, platforms, and software, including the installation, maintenance, and improvement of cloud computing environments.
They also help develop new designs and security strategies across cloud-based applications, including the infrastructure, platform, and software supporting them.
cybersecurity lead
The cybersecurity lead heads up the cybersecurity team or a specific department within the cybersecurity team. They are responsible for ensuring that teams are working toward the right goals efficiently.
Cybersecurity leads oversee the delivery of services, manage relationships, and take control of any issues in their department or specialism.
cybersecurity specialist
Cybersecurity specialists are often an entry-level job that will vary depending on company size. Generally, cybersecurity specialists are responsible for helping protect the organization's network and data.
cybersecurity administrator
Cybersecurity administrators typically work as part of a team to cover all the digital security needs of an organization. The role varies with the size and nature of the organization, but in general, security administrators ensure the safety of the organization's data.
SOC Analyst
You Are Here
Cyber
security
Specialist
Cloud Security Engineer
Cyber Insider Threat Analyst
Cyber
security Lead
Security Engineer
Privacy Analyst
Cybersecurity Forensic Engineer
Threat Hunter
Red Teamer
Cyber Risk Analyst
Governance & Compliance Analyst
Vulnerability/
Threat Management Analyst
Identity and Access Management (IAM) Engineer
Cyber
security
Administrator
Incident Responder
Reverse
Engineer/
Malware
Analyst
To advance your career as a SOC analyst, it’s essential to actively explore the various career path options available and gain an understanding of the responsibilities associated with each path.
By doing so, you can make informed decisions about your professional development and choose the most suitable paths to pursue within the dynamic field of cybersecurity.
Finding the Right Role
To facilitate your own career journey, we invite you to join our cybersecurity talent network on CyberSN.com. By creating an anonymous profile and matching you to roles based on your experience and skill set rather than your job title, you can gain access to a wide range of opportunities that align with your aspirations.
Take the next step toward your professional growth and unlock exciting opportunities in the cybersecurity field.
About the author
Deidre Diamond
Deidre Diamond, founder and CEO of CyberSN, transformed the cybersecurity job search and hiring process by launching a deepjobs matching platform and standardizing all cybersecurity job functions into a common taxonomy of 45 roles.
Deidre also founded SecureDiversity.org and the Day of Shecurity conference to help promote diversity in cybersecuriDeidre has more than 29 years of experience in technology and staffing, leading teams at Rapid7 and Motion Recruitment. She received the Top 25 Women in Cybersecurity award by Cyber Defense Magazine and is a sought-after speaker who inspires individuals to join the cybersecurity industry while driving change in the industry.
SecureDiversity.org
Twitter
LinkedIn
Next Chapter
Becoming a Security Researcher:
5 Questions Answered
Previous Chapter
Breaking into Cybersecurity by Leveraging LinkedIn
[ Unveiling Salary, Responsibilities,
and Essential Tools ]
[ Career Path Options and
Growth Opportunities ]
[ Finding the Right Role ]
Chapter 5
Navigating Your
Your Cybersecurity
Career as a SOC
Analyst
By Deidre Diamond
In the rapidly evolving landscape of cybersecurity, the role of a SOC analyst serves as the foundation for many security professionals. SOC analysts play a crucial role in identifying and mitigating cyberthreats as well as ensuring the safety of organizational systems and data.
In the past year alone, an average of 63,000 SOC analyst roles were posted on CyberSN in the United States, highlighting the high demand for professionals in this field. After all, analysts are the lifeline of our cybersecurity talent ecosystem. They’re relied on to find anomalies and follow suspicious trails of activity. These professionals, like all cybersecurity professionals, need to be treated like emergency healthcare professionals and be given ample time to rest between shifts.
The more we know about what these professionals do, the more we can help them. Whether you’re a current or prospective SOC analyst, here are the ins and outs of navigating your career in cybersecurity.
Unveiling Salary, Responsibilities, and Essential Tools
The average salary for SOC analysts with two or more years of experience is $124,150 and ranges from $110,000 to $138,300 per year.
A SOC analyst is responsible for enhancing their organization's cybersecurity posture by monitoring and responding to threats and implementing or enhancing security solutions, such as firewalls, endpoint security tools, and security event monitoring.
To effectively handle high volumes of events and ensure thorough examination of potential incidents, SOC analysts often operate at different levels based on their experience. For example, a SOC I analyst may focus on monitoring an endpoint detection and response (EDR) solution for malicious activity and subsequently escalate potential incidents to a SOC II analyst for further investigation, response, or remediation.
SOC analysts have expertise in cyberattack methods, cloud or network-based services, operating systems, malware, and incident response. The tools of a SOC analyst can vary but typically include anti-virus software, EDR solutions, threat intel platforms, firewalls, security information and event management (SIEM) solutions, and scripting languages.
SOC analysts may also be referred to as:
• Cloud Security Analyst
• Cyberdefense Analyst
• Cyberfusion Analyst
• Cybernetwork Defense Analyst
• Cyber Risk Defense Analyst
• Cybersecurity Analyst
• Cybersecurity Operations Analyst
• Cyberthreat Detection Analyst
• Endpoint Analyst
• Information Assurance Analyst
• Information Security Analyst
• Network Security Analyst
• Purple Team Analyst
• Security Analyst
• Security Operations Monitoring Analyst
• SIEM Analyst
• Systems Security Analyst
• Cloud Security Analyst
• Cyberdefense Analyst
• Cyberfusion Analyst
• Cybernetwork Defense Analyst
• Cyber Risk Defense Analyst
• Cybersecurity Analyst
• Cybersecurity Operations Analyst
• Cyberthreat Detection Analyst
• Endpoint Analyst
• Information Assurance Analyst
• Information Security Analyst
• Network Security Analyst
• Purple Team Analyst
• Security Analyst
• Security Operations Monitoring Analyst
• SIEM Analyst
• Systems Security Analyst
• Information Assurance Analyst
• Information Security Analyst
• Network Security Analyst
• Purple Team Analyst
• Security Analyst
• Security Operations Monitoring Analyst
• SIEM Analyst
• Systems Security Analyst
Career Path Options and Growth Opportunities
A SOC analyst position offers excellent opportunities for career growth within the cybersecurity field. It serves as a valuable stepping stone toward various cybersecurity roles or can be a fulfilling career path on its own.
To excel in this role, it’s crucial to possess a solid understanding of malware (how it works and how to identify it), networking, attack techniques, and normal operating system behavior. Being proficient in at least one programming/scripting language is ideal. Other skills that will help you in this role are reverse engineering, digital forensics, and penetration testing.
The SOC analyst role encompasses a wide range of cybersecurity disciplines, making it an ideal starting point for individuals who are uncertain about their desired career path within the field. It provides an opportunity to gain exposure to different areas before specializing in a particular domain.
SOC analysts often transition into other areas, such as incident response, digital forensics, threat hunting, risk/compliance, engineering, and many more, as they progress in their cybersecurity career.
Career Path Options, SOC Analyst
Hover over the circles to learn more about each role
Current Role
Feeder Role
Next Role
governance & compliance analyst
Governance and compliance analysts ensure that an organization’s operations and procedures meet government and industry compliance standards.
They research regulations and policies on behalf of the organization, communicate the necessary requirements, apply for certifications, and serve as a subject matter expert on all compliance-related matters.
privacy analyst
A privacy analyst manages the legal and operational risks around sensitive and critical information assets by assessing business operations on a continual basis, developing the right policies, procedures, and training programs, and overseeing all data agreements.
Privacy analysts can focus on the general operations of a business or on privacy as it relates to specific projects.
vulnerability/threat management analyst
Vulnerability/threat management analysts are responsible for maintaining all vulnerability or threat management solutions, ensuring all assets and systems are scanned for vulnerabilities regularly.
They then need to bring any findings to the attention of the business while working within the cybersecurity department to prioritize and remediate threats.
cyber insider threat analyst
Cyber insider threat analysts are responsible for collecting and assessing potential threats from within an organization, whether they’re from employees, business partners, or third-party vendors.
They analyze these threats, identify trends and patterns in threat data, and search for policy violations before disseminating and presenting their findings to key stakeholders.
reverse engineer/malware analyst
Reverse Engineers, also known as malware analysts, use decompiling, disassembling, and deobfuscating to gain a deeper understanding of how and what a malicious software operates.
They identify, examine, and work to understand various forms of malicious software, such as adware, bots, rootkits, spyware, ransomware, Trojan horses, viruses, worms, and much more.
cyber risk analyst
The cyber risk analyst supports the analysis, classification, and response to cybersecurity risks within an organization. They address cybersecurity risk and analyze the potential business and customer risk, aligning processes and controls to relevant frameworks and internal systems.
The cyber risk analyst also works to identify areas of concern for their specific organization, supporting resolution and mitigation by providing advice and recommendations.
threat hunter
A cybersecurity threat hunter is responsible for detecting and identifying highly advanced cyberthreats that cannot be detected by automatic or programmatic solutions.
They search for and track hidden threats before they attack rather than addressing incidents that have already happened, like the incident response team. These threats can be posed by insiders, such as employees, or outsiders, like organized crime groups.
incident responder
Incident responders protect and improve an organization’s security by addressing and managing the activities to recover from a cybersecurity event.
The incident responder makes an assessment on threat severity, conducts investigations, and works to contain, eradicate, and recover from threats.
red teamer
A red team assessment is far more targeted than penetration testing. Red team assessments are employed to rigorously test an organization’s detection and response capabilities.
A red teamer's responsibility is not to find as many vulnerabilities as possible but to access sensitive information that achieves their unique goal. They do this by acting as swiftly and quietly as possible, emulating a malicious actor.
identity and access management (iam) engineer
Access management services encompass all the tools that a user has access to within a company’s IT infrastructure. IAM Engineers implement and continuously optimize identity and access management services in line with evolving technologies and security regulations.
They are responsible for designing, implementing, and maintaining IAM technologies to ensure audit and privacy compliance, driving automation wherever possible. IAM Engineers also assist with resolving any security issues related to IAM operations.
security engineer
Security Engineers develop and maintain the systems that keep sensitive data safe from breaches and leaks.
These professionals play a pivotal role in protecting an organization’s data, reputation, and finances by working with penetration testers, security analysts, and technology managers to secure data as well as installing firewalls and other breach detection systems.
cybersecurity forensic engineer
A cybersecurity forensic engineer is part of the cybersecurity and investigation teams, responsible for acquiring and analyzing information and applying advanced analysis skills to support or contest cyberevent timelines.
They often work to recover hidden, encrypted, or deleted information to safeguard the integrity of data.
cloud security engineer
Cloud security engineers are responsible for the secure operations of cloud infrastructure, platforms, and software, including the installation, maintenance, and improvement of cloud computing environments.
They also help develop new designs and security strategies across cloud-based applications, including the infrastructure, platform, and software supporting them.
cybersecurity lead
The cybersecurity lead heads up the cybersecurity team or a specific department within the cybersecurity team. They are responsible for ensuring that teams are working toward the right goals efficiently.
Cybersecurity leads oversee the delivery of services, manage relationships, and take control of any issues in their department or specialism.
cybersecurity specialist
Cybersecurity specialists are often an entry-level job that will vary depending on company size. Generally, cybersecurity specialists are responsible for helping protect the organization's network and data.
SOC Analyst
You Are Here
Cyber
security
Specialist
Cloud Security Engineer
Cyber Insider Threat Analyst
Cyber
security Lead
Security Engineer
Privacy Analyst
Cybersecurity Forensic Engineer
Threat Hunter
Red Teamer
Cyber Risk Analyst
Governance & Compliance Analyst
Vulnerability/
Threat Management Analyst
Identity and Access Management (IAM) Engineer
Cyber
security
Administrator
Incident Responder
Reverse
Engineer/
Malware
Analyst
To advance your career as a SOC analyst, it’s essential to actively explore the various career path options available and gain an understanding of the responsibilities associated with each path.
By doing so, you can make informed decisions about your professional development and choose the most suitable paths to pursue within the dynamic field of cybersecurity.
Finding the Right Role
To facilitate your own career journey, we invite you to join our cybersecurity talent network on CyberSN.com. By creating an anonymous profile and matching you to roles based on your experience and skill set rather than your job title, you can gain access to a wide range of opportunities that align with your aspirations.
Take the next step toward your professional growth and unlock exciting opportunities in the cybersecurity field.
About the author
Deidre Diamond
Deidre Diamond, founder and CEO of CyberSN, transformed the cybersecurity job search and hiring process by launching a deepjobs matching platform and standardizing all cybersecurity job functions into a common taxonomy of 45 roles. Deidre also founded SecureDiversity.org and the Day of Shecurity conference to help promote diversity in cybersecurity. Deidre has more than 29 years of experience in technology and staffing, leading teams at Rapid7 and Motion Recruitment. She received the Top 25 Women in Cybersecurity award by Cyber Defense Magazine and is a sought-after speaker who inspires individuals to join the cybersecurity industry while driving change in the industry.
SecurityDiversity.org
LinkedIn
Next Chapter
Becoming a
Security Researcher: 5 Questions Answered
Previous Chapter
Breaking into Cybersecurity by Leveraging LinkedIn
Chapters
01
So You Want to Be a SOC analyst...
02
The Hard and Soft Skills Needed
to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher:
5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home
Chapters
01
So You Want to Be a
SOC Analyst
02
The Hard and Soft Skills Needed to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher: 5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home