Security Analyst (Tier 1/2/3 SOC)
What is Security Analyst (Tier 1/2/3 SOC)?
Security Analyst (Tier 1/2/3 SOC)A Security Operations Center professional who monitors alerts, investigates incidents, and escalates threats, with seniority commonly tiered from Tier 1 triage to Tier 3 advanced investigation.
A Security Analyst works inside a Security Operations Center (SOC) to detect, triage, and respond to potential security incidents. Tier 1 analysts watch SIEM, EDR, and XDR queues, validate alerts against playbooks, and escalate true positives; Tier 2 analysts perform deeper investigation, correlate events across tools, contain affected hosts, and own incident tickets; Tier 3 analysts handle advanced incidents, conduct threat hunting, build detections, and tune the SIEM. Reporting is usually to a SOC manager who in turn reports to a Director of Security Operations or the CISO. Common qualifications include a bachelor's degree, hands-on experience with SIEM/EDR platforms, and certifications such as Security+, BTL1, GCIA, GCIH, or CySA+.
● Examples
- 01
Tier 1 closes phishing alerts after confirming they were blocked by the email gateway.
- 02
Tier 3 reconstructs an APT intrusion timeline using EDR telemetry and authentication logs.
● Frequently asked questions
What is Security Analyst (Tier 1/2/3 SOC)?
A Security Operations Center professional who monitors alerts, investigates incidents, and escalates threats, with seniority commonly tiered from Tier 1 triage to Tier 3 advanced investigation. It belongs to the Roles & Careers category of cybersecurity.
What does Security Analyst (Tier 1/2/3 SOC) mean?
A Security Operations Center professional who monitors alerts, investigates incidents, and escalates threats, with seniority commonly tiered from Tier 1 triage to Tier 3 advanced investigation.
How do you defend against Security Analyst (Tier 1/2/3 SOC)?
Defences for Security Analyst (Tier 1/2/3 SOC) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Security Analyst (Tier 1/2/3 SOC)?
Common alternative names include: SOC analyst, Cybersecurity analyst.