SOC Analyst
Career Path
SOC Analysts are the front line of defensive security operations and one of the most in-demand roles in cybersecurity. This career path will prepare you for success as an entry-level SOC Analyst.
31
H
35
M
Intermediate
20
Learners at 96% of Fortune 1000 companies trust Cybrary
.svg){kind=small}
About this Career Path
Cybrary’s Security Operations Center (SOC) Analyst career path and associated assessments will equip you with the knowledge and hands-on skills you need to launch your career as a SOC Analyst. Over the course of 20+ courses and hands-on virtual labs, you will learn defensive security fundamentals, log analysis, network-based detection, and host-based detection.
As you proceed through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic.
Skills you'll gain
- Analyzing security logs
- Detecting and responding to network-based threats
- Identifying host-based security incidents
- Using security information and event management (SIEM) tools
- Creating and managing security alerts and tickets
Path Outline
Collection Outline
Coming Soon
The Leadership and Management Career Path is expected to release in Q2 of 2025. Sign up now to explore our other leadership courses and content.
Start Learning for FreeLearn
Learn core concepts and get hands-on with key skills.
Defensive Security and Cyber Risk
In this course, you will learn the basics of defensive security and cyber risk. You will review foundational risk management concepts such as calculating risk and strategies for dealing with risk. You will also explore the NIST CSF as a framework for understanding defensive security.
Defensive Security Operations
In this course, you will learn the basics of defensive security operations. You will review the key roles and responsibilities within a Security Operations Center (SOC), as well as enabling technologies for defensive security, including a deep dive on Continuous Monitoring.
Security Ticketing
In this hands-on lab, you will learn the basics of security ticketing, including the core components of a security ticket and how they can be resolved. You will practice navigating a security ticketing platform, and create, edit, and close tickets in that platform.
Log Analysis Basics
In this hands-on lab, you will learn the basics of log analysis, including key terms and basic anatomy. You will practice using the command line to conduct simple analysis techniques on a series of log files, including profiling and search.
SIEM Basics
In this hands-on lab, you will learn the basics of SIEMs, including basic functionality and practical applications. You will practice analyzing log files using the Wazuh SIEM.
Windows Event Logs
In this hands-on lab, you will learn the basics of Windows Event logs, their format, and different types. You will practice using the Event Viewer and correlating between Event Logs in the Event Viewer and a SIEM
SIEM Search Expressions
In this hands-on lab, you will learn the basics of using search expressions in a SIEM. You will practice creating a series of search expressions in the Wazuh SIEM.
Network Detection Basics
In this course, you will learn the basics of security monitoring and detection for network traffic.
Network Observables
In this hands-on lab, you will learn the basics of network observables. You will practice researching and documenting observables from a suspicious email using the security ticketing system theHive.
SIEM Detection and Alerting
In this hands-on lab, you will learn the basics of SIEM-based detection and alerting. You will practice using the Wazuh SIEM to create, modify, and test custom rules and alerts.
Web Activity Logs
In this hands-on lab, you will learn the basics of web activity logs. You will then practice identifying meaningful events in web proxy (HTTP/HTTPS) and name server (DNS) logs in the context of a new threat intelligence report.
Host Detection Basics
In this course, you will learn the basics of host-based detection and analysis. You will learn about host monitoring strategies, relevant host data, visibility, and content access techniques, as well as types of detection logic.
EDR Basics
In this hands-on lab, you will learn the basics of Endpoint Detection and Response tools. You will practice using the Wazuh EDR to install an agent on a Windows endpoint and detect simulated attacks aligned to the MITRE ATT&CK framework.
SIEM Dashboards
In this lab, you will learn the basics of SIEM dashboards. You will practice creating your own custom dashboard using the Wazuh SIEM.
Spearphishing with a Link
In this hands-on lab, you will learn how to analyze spearphishing emails containing malicious links. You will practice analyzing a sample spearphishing email.
Execution in Windows
In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.
Persistence in Windows
In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.
Spearphishing with an Attachment
In this hands-on lab, you will learn the basics of email analysis with a special focus on malicious attachments. You will practice performing triage analysis of a spearphishing email containing a suspicious attachment.
Local Authentication in Windows
In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.
Domain Authentication in Windows
In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.
Practice
Exercise your problem-solving and creative thinking skills with security-centric puzzles
Search and Destroy
In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.
Red Alert
In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.
Process Profiles in Courage
In this hands-on challenge, you practice profiling a suspicious process on a Windows system.
Certificate of Authenticity
In this hands-on challenge, you will practice analyzing log events related to Windows authentication.
Keen Observation
In this hands-on challenge, you will practice researching network observables.
Beaucoup Phish
In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.
Prove
Assess your knowledge and skills to identify areas for improvement and measure your growth
Defensive Security Fundamentals
Test your Defensive Security Fundamentals knowledge and skills to identify strengths, gaps, and weaknesses in areas like defensive security operations, cyber risk, and security ticketing. Measure your mastery of Host Analysis and advance your career with targeted course and virtual lab recommendations.
Log Analysis
Test your Log Analysis knowledge and skills to identify strengths, gaps, and weaknesses in areas like log anatomy, log types, Windows event logs, and SIEM-based log analysis. Measure your mastery of Log Analysis and advance your career with targeted course and virtual lab recommendations.
Host Based Detection
Test your Host-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses in areas like EDR, process analysis, and authentication.
Network Based Detection
Test your Network-Based Detection knowledge and skills to identify strengths, gaps, and weaknesses.
Train Your Team
Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.
Instructors
Instructors
Get Hands-on Learning
Put your skills to the test in virtual labs, challenges, and simulated environments.
Measure Your Progress
Track your skills development from lesson to lesson using the Cybrary Skills Tracker.
.png)
Connect with the Community
Connect with peers and mentors through our supportive community of cybersecurity professionals.
Success from Our Learners
Frequently Asked Questions
SOC Analysts play a critical role in an organization’s cybersecurity defense by detecting, analyzing, and responding to security threats in real time. SOC Analysts monitor network traffic, investigate suspicious activity, and mitigate potential breaches by implementing security measures.
As cyber threats grow more complex, SOC Analysts help organizations stay ahead of attackers. Their work is critical for minimizing downtime, preventing data loss, and keeping companies compliant with industry cybersecurity regulations.
SOC Analysts monitor, detect, and respond to security incidents, playing a critical role in protecting an organization’s computer systems, networks, and data. SOC Analysts must remain aware of emerging threats, attack techniques, and vulnerabilities.
Common SOC Analyst tasks and responsibilities include:
- Providing threat analysis and security logs for security devices
- Analyzing and responding to hardware and software weaknesses and vulnerabilities
- Investigating, documenting, and reporting security problems and emerging trends
- Managing network intrusion detection systems
- Performing internal and external security audits
- Maintaining security protocols and controls to protect systems and files against unauthorized access
This career path is designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level defensive security role. This includes current early-career and mid-career IT practitioners looking to transition into a cybersecurity role.
Experienced defensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.
While this course is focused on the SOC Analyst role and job title, there are other roles with similar responsibilities. Professionals trained in defensive security can pursue a variety of roles, including:
- Cybersecurity Analyst
- Threat Intelligence Analyst
- Incident Response Analyst
- Information Security Analyst
- SOC-focused Security Engineer
SOC Analysts are employed across every industry, from healthcare and government to manufacturing, finance, retail, and more.
