# SOC Analyst Skills Matrix & Career Progression Guide
> Learn the roles and skills for SOC Analyst Tiers L1, L2, and L3. Explore the journey from alert triage to threat hunting and digital forensics.

Tags: cybersecurity, soc-analyst, career-path, threat-hunting, incident-response, siem, digital-forensics, infosec
## SOC Analyst Skills Matrix & Career Path
* Defining roles from First Responder (L1) to Advanced Specialist (L3).

## SOC Analyst Tiers Overview
* **Level 1 (The First Responder):** Alert triage and foundational response.
* **Level 2 (The Investigator):** Domain-specific investigation and root-cause analysis.
* **Level 3 (The Specialist):** Proactive defense, threat hunting, and forensics.

## L1: The First Responder
* **Role:** Front-line SIEM console monitoring.
* **Objective:** Real-time monitoring and qualification.
* **Key Action:** Filtering false positives and escalating valid threats.

## L2: The Investigator
* **Focus:** Cloud incident response, security tool mastery (EDR, SOAR), and system/network administration.

## Typical Work Allocation by Level
* **Level 1:** 70% Monitoring (Triage), 25% Deep Investigation, 5% Hunting.
* **Level 2:** 20% Monitoring (Triage), 60% Deep Investigation, 20% Hunting.
* **Level 3:** 5% Monitoring (Triage), 30% Deep Investigation, 65% Threat Hunting/Architecture.

## L3: The Specialist
* **Advanced Functions:** Cloud/infrastructure architecture, hunting undetected threats, and major incident handling.

## Key Skill Domains: L2 Deep Dive
* **Cloud IR:** Analyzing AWS CloudTrail and Azure Monitor logs.
* **Tool Mastery:** Tuning SIEM queries and building SOAR playbooks.

## Specialized Functions: L3 Deep Dive
* **Threat Hunting:** Proactively searching for Indicators of Compromise (IoCs).
* **Digital Forensics:** Deep-drive analysis of memory, disks, and registries to reconstruct timelines.

## Escalation & Collaboration Workflow
* Process Flow: Alert Ingestion → Qualify & Triage → Deep Investigation → Crisis & Recovery.

## Career Progression Summary
* The path evolves from broad monitoring to deep specialization. Success requires mastering tools at each level before advancement.
---
This presentation was created with [Bobr AI](https://bobr.ai) — an AI presentation generator.