Career Path

SOC Analyst

Career Path

SOC Analysts are the front line of defensive security operations and one of the most in-demand roles in cybersecurity. This career path will prepare you for success as an entry-level SOC Analyst.

Path Releasing Q2 2025
Full access included with 
Insider Pro
 and 
Teams

31

H

35

M
Time

Intermediate

i
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

20

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

Enrollees

Learners at 96% of Fortune 1000 companies trust Cybrary

About this Career Path

Cybrary’s Security Operations Center (SOC) Analyst career path and associated assessments will equip you with the knowledge and hands-on skills you need to launch your career as a SOC Analyst. Over the course of 20+ courses and hands-on virtual labs, you will learn defensive security fundamentals, log analysis, network-based detection, and host-based detection.

As you proceed through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic.

Read More

Skills you'll gain

  • Analyzing security logs
  • Detecting and responding to network-based threats
  • Identifying host-based security incidents
  • Using security information and event management (SIEM) tools
  • Creating and managing security alerts and tickets

Path Outline

Collection Outline

Coming Soon

The Leadership and Management Career Path is expected to release in Q2 of 2025. Sign up now to explore our other leadership courses and content.

Start Learning for Free
1

Learn

Learn core concepts and get hands-on with key skills.

COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
Defensive Security and Cyber Risk
H
35
M

In this course, you will learn the basics of defensive security and cyber risk. You will review foundational risk management concepts such as calculating risk and strategies for dealing with risk. You will also explore the NIST CSF as a framework for understanding defensive security.

COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
Defensive Security Operations
1
H
10
M

In this course, you will learn the basics of defensive security operations. You will review the key roles and responsibilities within a Security Operations Center (SOC), as well as enabling technologies for defensive security, including a deep dive on Continuous Monitoring.

COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
Security Ticketing
1
H
15
M

In this hands-on lab, you will learn the basics of security ticketing, including the core components of a security ticket and how they can be resolved. You will practice navigating a security ticketing platform, and create, edit, and close tickets in that platform.

COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
Log Analysis Basics
1
H
30
M

In this hands-on lab, you will learn the basics of log analysis, including key terms and basic anatomy. You will practice using the command line to conduct simple analysis techniques on a series of log files, including profiling and search.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
SIEM Basics
1
H
M

In this hands-on lab, you will learn the basics of SIEMs, including basic functionality and practical applications. You will practice analyzing log files using the Wazuh SIEM.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Windows Event Logs
1
H
10
M

In this hands-on lab, you will learn the basics of Windows Event logs, their format, and different types. You will practice using the Event Viewer and correlating between Event Logs in the Event Viewer and a SIEM

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
SIEM Search Expressions
1
H
10
M

In this hands-on lab, you will learn the basics of using search expressions in a SIEM. You will practice creating a series of search expressions in the Wazuh SIEM.

COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
COURSE
Network Detection Basics
0
H
40
M

In this course, you will learn the basics of security monitoring and detection for network traffic.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Network Observables
1
H
10
M

In this hands-on lab, you will learn the basics of network observables. You will practice researching and documenting observables from a suspicious email using the security ticketing system theHive.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
SIEM Detection and Alerting
1
H
15
M

In this hands-on lab, you will learn the basics of SIEM-based detection and alerting. You will practice using the Wazuh SIEM to create, modify, and test custom rules and alerts.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Web Activity Logs
1
H
15
M

In this hands-on lab, you will learn the basics of web activity logs. You will then practice identifying meaningful events in web proxy (HTTP/HTTPS) and name server (DNS) logs in the context of a new threat intelligence report.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Host Detection Basics
1
H
15
M

In this course, you will learn the basics of host-based detection and analysis. You will learn about host monitoring strategies, relevant host data, visibility, and content access techniques, as well as types of detection logic.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
EDR Basics
1
H
10
M

In this hands-on lab, you will learn the basics of Endpoint Detection and Response tools. You will practice using the Wazuh EDR to install an agent on a Windows endpoint and detect simulated attacks aligned to the MITRE ATT&CK framework.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
SIEM Dashboards
1
H
30
M

In this lab, you will learn the basics of SIEM dashboards. You will practice creating your own custom dashboard using the Wazuh SIEM.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Spearphishing with a Link
1
H
30
M

In this hands-on lab, you will learn how to analyze spearphishing emails containing malicious links. You will practice analyzing a sample spearphishing email.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Execution in Windows
1
H
20
M

In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Persistence in Windows
1
H
20
M

In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Spearphishing with an Attachment
1
H
45
M

In this hands-on lab, you will learn the basics of email analysis with a special focus on malicious attachments. You will practice performing triage analysis of a spearphishing email containing a suspicious attachment.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Local Authentication in Windows
1
H
10
M

In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.

VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
VIRTUAL LAB
Domain Authentication in Windows
1
H
25
M

In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.

2

Practice

Exercise your problem-solving and creative thinking skills with security-centric puzzles

CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
Search and Destroy
0
H
30
M

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
Red Alert
0
H
30
M

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
Process Profiles in Courage
0
H
30
M

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
Certificate of Authenticity
0
H
30
M

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
Keen Observation
0
H
30
M

In this hands-on challenge, you will practice researching network observables.

CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
CHALLENGE
Beaucoup Phish
0
H
30
M

In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.

3

Prove

Assess your knowledge and skills to identify areas for improvement and measure your growth

ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
Defensive Security Fundamentals
1
H
0
M

Test your Defensive Security Fundamentals knowledge and skills to identify strengths, gaps, and weaknesses in areas like defensive security operations, cyber risk, and security ticketing. Measure your mastery of Host Analysis and advance your career with targeted course and virtual lab recommendations.

ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
Log Analysis
1
H
0
M

Test your Log Analysis knowledge and skills to identify strengths, gaps, and weaknesses in areas like log anatomy, log types, Windows event logs, and SIEM-based log analysis. Measure your mastery of Log Analysis and advance your career with targeted course and virtual lab recommendations.

ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
Host Based Detection
1
H
0
M

Test your Host-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses in areas like EDR, process analysis, and authentication.

ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
ASSESSMENT
Network Based Detection
1
H
0
M

Test your Network-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses.

4

Train Your Team

Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.

Instructors

Joseph White
Lab Architect
Read Full Bio
Garret Donaldson
Lab Architect
Read Full Bio
Chris Daywalt
Security Freelancer
Read Full Bio
Marc Balingit
Security Research
Read Full Bio

Get Hands-on Learning

Put your skills to the test in virtual labs, challenges, and simulated environments.

Measure Your Progress

Track your skills development from lesson to lesson using the Cybrary Skills Tracker.

Connect with the Community

Connect with peers and mentors through our supportive community of cybersecurity professionals.

Success from Our Learners

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

"Becoming a Cybrary Insider Pro was a total game changer. Cybrary was instrumental in helping me break into cybersecurity, despite having no prior IT experience or security-related degree. Their career paths gave me clear direction, the instructors had real-world experience, and the virtual labs let me gain hands-on skills I could confidently put on my resume and speak to in interviews."

Cassandra

Information Security Analyst/Cisco Systems

"I was able to earn both my Security+ and CySA+ in two months. I give all the credit to Cybrary. I’m also proud to announce I recently accepted a job as a Cyber Systems Engineer at BDO... I always try to debunk the idea that you can't get a job without experience or a degree."

Casey

Cyber Systems Engineer/BDO

"Cybrary has helped me improve my hands-on skills and pass my toughest certification exams, enabling me to achieve 13 advanced certifications and successfully launch my own business. I love the practice tests for certification exams, especially, and appreciate the wide-ranging training options that let me find the best fit for my goals"

Angel

Founder,/ IntellChromatics.

Frequently Asked Questions

Why are SOC Analysts important?

SOC Analysts play a critical role in an organization’s cybersecurity defense by detecting, analyzing, and responding to security threats in real time. SOC Analysts monitor network traffic, investigate suspicious activity, and mitigate potential breaches by implementing security measures.

As cyber threats grow more complex, SOC Analysts help organizations stay ahead of attackers. Their work is critical for minimizing downtime, preventing data loss, and keeping companies compliant with industry cybersecurity regulations.

What are some SOC Analyst responsibilities and job requirements?

SOC Analysts monitor, detect, and respond to security incidents, playing a critical role in protecting an organization’s computer systems, networks, and data. SOC Analysts must remain aware of emerging threats, attack techniques, and vulnerabilities. 

Common SOC Analyst tasks and responsibilities include:

  • Providing threat analysis and security logs for security devices
  • Analyzing and responding to hardware and software weaknesses and vulnerabilities
  • Investigating, documenting, and reporting security problems and emerging trends
  • Managing network intrusion detection systems
  • Performing internal and external security audits
  • Maintaining security protocols and controls to protect systems and files against unauthorized access
Who is this for?

This career path is designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level defensive security role. This includes current early-career and mid-career IT practitioners looking to transition into a cybersecurity role. 

Experienced defensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.

What jobs can I get as a SOC Analyst?

While this course is focused on the SOC Analyst role and job title, there are other roles with similar responsibilities. Professionals trained in defensive security can pursue a variety of roles, including:

  • Cybersecurity Analyst
  • Threat Intelligence Analyst
  • Incident Response Analyst
  • Information Security Analyst
  • SOC-focused Security Engineer

SOC Analysts are employed across every industry, from healthcare and government to manufacturing, finance, retail, and more.