What Does a SOC Analyst Do? Your 2024 Guide

A SOC analyst, or security operations center analyst, is an IT professional who works as part of a team to detect, prevent, and respond to cybersecurity attacks. Depending on your role in the security team, you may be responsible for monitoring new threats, responding to and documenting incidents when they occur, or actively seeking out potential threats and vulnerabilities. 

In this article, you’ll learn more about what a SOC analyst does, as well as the skills and education you need to become one. 

Read more: SOC Analyst Salary: Your Guide

What is a SOC analyst?

A SOC analyst is a cybersecurity professional who works within a security operations center to analyze threats to sensitive company data and networks. Security operation centers are teams who work to provide company-wide cybersecurity, whether as an in-house department or as an outsourced third party. A SOC team generally includes analysts, network engineers, and cybersecurity professionals. As a SOC analyst, you’ll monitor security systems, respond to threats, contain exposure, and minimize future risks. 

Read more: Cybersecurity Terms: A to Z Glossary

What does a SOC analyst do?

Some companies separate SOC teams into three tiers. Here is a breakdown of each tier and what their roles look like.

• Tier 1—Triage: At this level, you will assess the severity and damage of security incidents and where they came from. Tier 1 SOC analysts provide the initial response to contain the threat and elevate matters that require more investigation and response to tier 2. 

• Tier 2—Investigation and response: At the second level, you will provide further investigation for incidents referred to your team by the triage team, including where and how the incident occurred and the extent of the damage. Then, your team will conduct a complete response to the incident, including recovering data, creating reports, and recommending further action.

• Tier 3—Threat hunting and prevention: At the third level, you will seek out threats and look for insecurities in your network. Threat hunters are expert analysts who create detailed reports outlining areas for improvement, and they can sometimes detect sophisticated threats that bypass tier-1 security. 

SOC analyst responsibilities

Regardless of the structure of your SOC team, some common responsibilities in this position include: 

• Monitoring security: A SOC team is responsible for continuous security monitoring for suspicious activity that could threaten security. This includes network traffic, software, all devices connected to the network, and cloud computing systems.

• Responding to incidents: When the SOC team discovers suspicious activity, they need to respond appropriately. SOC analysts will conduct a root cause investigation to determine the details of the incident and how it happened. Then they’ll work to limit the damage, such as by running antivirus software or removing access to compromised systems. 

• Creating reports: SOC analysts are responsible for communicating when incidents occur and what events contributed to the security breach. SOC analysts may also create reports to demonstrate compliance with data privacy laws and regulations. 

• Testing for vulnerabilities: Sometimes called threat hunting, SOC analysts conduct vulnerability testing on company systems, networks, and other resources to look for areas where security can be tightened and improved. Penetration testing is another form of vulnerability testing that simulates a cyberattack to test for organization preparedness.

• Implementing new security features: A SOC analyst ensures the organization has the most up-to-date security software and tools, including replacing outdated tools with newer technology. 

• Regular maintenance: SOC analysts are responsible for maintaining the company's assets, such as installing software patches, updating tools when needed, and reviewing security procedures.  

• Asset recovery: After a threat has been eradicated, the SOC team must recover data and restore the assets. For example, a SOC analyst might need to restore a compromised device or processes that were shut down or isolated during recovery efforts. 

• Post-mortem analysis: One way SOC analysts prevent cyberattacks from happening is by learning from their mistakes. A post-mortem analysis can help a SOC team understand what went wrong and develop new procedures and policies to prevent a similar attack. 

SOC analyst skills

To become a SOC analyst, you will need to develop a base of cybersecurity and technology skills, as well as build abilities for working in a team. To succeed in this role, it’s important to have key technical and workplace skills. Technical skills represent the practical aspects of your role, while workplace skills contribute to how productive you are in a work environment. Below are some skills you’ll need: 

Technical skills

• Endpoint analysis

• Operating systems

• Vulnerability recognition

• Familiarity with the hacker lifecycle

• Coding and database languages

• Network defense

• Incident response

• Computer forensics

Workplace skills

• Analytical skills

• Critical thinking

• Teamwork

• Communication

What tools do SOC analysts use? 

Security operations center analysts use many tools to complete their work, including: 

• Asset discovery: This software helps you manage your devices and configurations. Asset discovery can also help you mitigate risks and diagnose problems. 

• Vulnerability assessment: This software scans your entire network for vulnerabilities to help prevent incidents before they occur. 

• Intrusion detection: This tool monitors traffic passing through your network to look for threats and suspicious behavior. 

• Endpoint detection: Endpoint detection monitors potential threats on endpoints, which are user devices like laptops and smartphones. 

• User entity and behavior analytics: This software helps monitor for threats by analyzing user behavior for suspicious activity that doesn’t adhere to normal use. 

• Security information and event management (SIEM): SIEM platforms combine tools to help SOC analysts automate threat detection efforts and streamline security operations.

Salary and job outlook for SOC analysts

According to Glassdoor, the estimated total pay for a SOC analyst in the US is $134,108 per year as of September 2024. This figure includes an average base salary of $93,639 and $40,469 in additional pay [1]. Additional pay may represent profit-sharing, commissions, or bonuses. The exact amount you can expect to earn will vary depending on various factors, such as where you live in the world, the certifications you’ve earned, and your highest level of education. 

The US Bureau of Labor Statistics reports that information security analyst jobs, a similar position, will grow by 32 percent from 2022 to 2032, much faster than the average across industries [2]. Globally, the cybersecurity market is projected to be worth $562,72 billion by 2032, according to Fortune Business Insights [3]. 

How to become a SOC analyst

With the right combination of education, certifications, and experience, you can start a career as a SOC analyst. Some employers will prefer credentials such as a degree in computer science or a related field, but you can also learn the skills you need outside of formal degree programs. It can be helpful to gain certifications in cybersecurity or SOC skills like programming languages or computer forensics.

After gaining a relevant education, you may be able to begin a career as a SOC analyst or you might want to gain experience as a system or network administrator first.  

Paths to becoming a SOC analyst

While it may be possible to find an entry-level career directly as a SOC analyst, you may also consider gaining experience in a related field first, such as a systems administrator or network administrator. After gaining experience as an SOC analyst, you may advance to other SOC careers, such as cybersecurity engineering. 

Here’s a breakdown of other roles you may have before or after your job as a SOC analyst. 

Read more: 5 Cybersecurity Career Paths (and How to Get Started)

1. Systems administrator

Average annual US base salary: $89,927 [4]

Job outlook (projected growth from 2022 to 2032): 2 percent [5]

Requirements: Employers will not always require a formal degree, but they usually prefer a bachelor’s degree in computer science or information technology. 

As a systems administrator, you will oversee your organization's computer system needs. You may be responsible for creating user accounts and updating software requirements. Other tasks include managing data storage and email accounts and monitoring system performance. 

Read more: Your Guide to System Administration Degrees

2. Network administrator

Average annual US base salary: $78,638 [6]

Job outlook (projected growth from 2022 to 2032): 2 percent [5]

Requirements: A bachelor’s degree in computer science or information technology is typically required, but it may not always be needed. 

In this role, you will manage network systems for your company, such as setting up and maintaining the infrastructure required for its needs. You may work with a computer network engineer or architect or be responsible for creating and planning the network systems yourself. 

3. Cybersecurity engineer 

Average annual US base salary: $111,735 [7]

Job outlook (projected growth from 2022 to 2032): 32 percent [2]

Requirements: A bachelor’s degree is the most common educational level for cybersecurity engineers, typically in computer science, information technology, or computer information systems. 

As a cybersecurity engineer, you will oversee the systems and security measures that help prevent malicious cyberattacks. You may be responsible for planning, implementing, overseeing security systems, and responding to emergencies. You may also make recommendations for how to improve security. 

Read more: 8 Popular Cybersecurity Certifications [Updated]

Industries SOC analysts work in

As cybercrime becomes more sophisticated, cybersecurity is an issue that no industry can afford to overlook. Companies need security analysts and other cybersecurity professionals to protect sensitive company data and prepare for emergency response in the event of a cybersecurity threat. 

SOC analysts commonly work with cybersecurity companies that provide third-party security solutions in a dedicated security operations center. Other times, SOC analysts work in-house to provide security solutions. In some cases, the SOC team is considered part of the management team, while other times, you may work with the IT department. Industries that employ many SOC analysts include credit mediation, scientific research, and computer systems or services, among others. 

Companies that hire SOC analysts include:

• Deloitte: Deloitte is a global firm that provides tax, audit, regulatory, and other consulting services for Fortune 500 companies. 

• Booz Allen Hamilton: Booz Allen Hamilton provides professional services, including management consulting, technology, and engineering. Its clients include US defense and intelligence agencies as well as a wide range of civilian industries. 

• Nike: Nike is a supplier of athletic footwear and sports apparel found in 170 different countries.

• SAIC: SAIC, or Science Applications International Corporation, provides mission support and information services for government and civilian agencies. 

Get started today

If you’re ready to become a SOC analyst or learn more about the role, consider taking IBM’s Security Analyst Fundamentals Specialization course on Coursera. You can complete the three-course Specialization and learn skills like threat intelligence and digital forensics in as little as two months. Upon completion, gain a shareable certificate to include in your resume, CV, or LinkedIn profile.