SOC Analyst (Level 1–3)

Objectives:

• Equip learners with skills to monitor, analyze, and respond to security events.
• Develop proficiency in SIEM tools and incident management.
• Prepare for SOC analyst certifications.

Curriculum:

• Introduction to SOC Operations and Roles
• SIEM Fundamentals & Log Management
• Alert Analysis & Incident Triage
• Threat Detection & Correlation Techniques
• Incident Escalation & Reporting
• Automation & Playbooks
• Advanced Malware & Attack Techniques
• Real-world SOC scenarios and hands-on exercises

12-Week SOC Analyst (Level 1–3) Training Curriculum

Week 1: Introduction to SOC Operations and Roles

The program begins with an overview of Security Operations Center (SOC) functions, roles, and responsibilities. Participants will learn how a SOC operates within an organization, the different analyst levels, and typical workflows. This foundational knowledge will include understanding SOC processes such as threat monitoring, incident detection, analysis, escalation, and response. Interactive discussions and role-playing exercises will help embed these concepts.

Week 2: Fundamentals of SIEM and Log Management

Participants will dive into Security Information and Event Management (SIEM) concepts, focusing on how SIEM tools like Splunk and ELK Stack are deployed to collect, aggregate, and normalize logs across diverse IT environments. Hands-on labs will involve configuring these tools, ingesting logs, and performing basic searches to understand event data. The emphasis is on building skills for effective log management critical for threat detection.

Week 3: Log Analysis and Basic Alerting

This week focuses on analyzing raw logs to identify suspicious activities. Participants will learn how to write queries, filter data, and identify anomalies. Labs include practical exercises in parsing logs, creating alerts,and understanding how alerts correspond to security threats. The goal is to develop acute log analysis skills for early detection.

Week 4: Fundamentals of Alert Analysis and Incident Triage Learners will understand how SIEMs generate alerts and how to differentiate between benign and malicious alerts. They will practice initial triage steps—prioritizing alerts based on severity, scope, and potential impact—and documenting findings systematically. Labs simulate real-world alert scenarios for hands-on triage experience.

Week 5: Threat Detection and Event Correlation Techniques Participants will explore techniques to detect sophisticated threats by correlating multiple security events. They will learn to create and tune detection rules, leverage TTPs (Tactics, Techniques, and Procedures), and recognize attack patterns. Practical exercises include rule creation and threat scenario simulations to enhance detection capabilities.

Week 6: Incident Escalation and Reporting

This week covers the escalation process, including when and how to escalate an incident internally or externally. Learners will draft incident reports, communicate findings, and document timelines accurately.

Through role-playing and simulated incidents, students will reinforce reporting best practices vital for effective incident management.

Week 7: Automation and SOC Playbooks

Automation is key to operational efficiency. Learners will explore scripting fundamentals (Python, Bash) and how to develop automation playbooks to handle repetitive tasks such as alert enrichment and response. Labs will include developing simple automation scripts and understanding how automation integrates into SOC workflows.

Week 8: Advanced Malware & Attack Techniques

This week covers the analysis of malware and understanding attacker tactics. Participants will examine malware behavior, persistence mechanisms, lateral movement, and data exfiltration. Labs will involve malware reverse engineering, analyzing attack chains, and understanding how to detect these behaviors within logs and endpoints.

Week 9: Real-world SOC Scenarios and Threat Hunting

Students will participate in comprehensive simulations mimicking real- world attack scenarios. This includes responding to simulated breaches,threat hunting exercises, and lateral movement detection. The focus is on applying detection rules and analysis skills in dynamic situations, reinforcing real-time response capabilities.

Week 10: Threat Detection & Response Exercises

Building on previous weeks, students will run full-cycle attack simulations—from initial intrusion detection, analysis, to containment and eradication. Labs will involve using SIEM tools to identify complex threats, execute incident response procedures, and learn from simulated attack chains.

Week 11: Capstone Project & Integration

During this week, learners will undertake a capstone project that combines detection, analysis, automation, and reporting. Working in teams, they will analyze a simulated attack, develop detection rules, automate responses, and produce detailed reports. This project demonstrates mastery of skills acquired and prepares students for certification and real-world deployment.

Week 12: Review, Certification Preparation, and Final Assessment

The final week provides a comprehensive review of all topics, mock exams, and scenario-based quizzes. Participants will receive feedback on their performance and preparation strategies for industry certifications such as CompTIA CySA+. The course concludes with a certification readiness assessment, ensuring participants are equipped to transition into operational SOC roles.

Labs/Tools/Simulations:

• Splunk, ELK Stack
• Log analysis exercises
• Incident response drills
• Threat detection simulations
• SOC automation demos

Internships & Projects:

• Building a Mini SOC
• Real-time log monitoring projects
• Incident response case studies

Certifications:

• Certified SOC Analyst (CSA)
• SIEM and incident management certifications

Job Readiness Program:

• Resume & interview coaching
• Industry insights
• Mock interview sessions
• Placement assistance