Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
日本語
Entry № 1179

SOC Analyst

SOC Analyst とは何ですか?

SOC AnalystA security operations role responsible for triaging alerts, monitoring SIEM/EDR/XDR queues, investigating suspicious events, and escalating confirmed incidents to IR — typically tiered (T1 triage, T2 investigation, T3 hunt/engineering).

A Security Operations Center (SOC) analyst is the frontline role in detection-and-response operations, tasked with reading, triaging, and acting on the stream of alerts from a SIEM, EDR/XDR, NDR, identity-protection, and SOAR pipelines. SOCs are typically tiered. Tier 1 analysts triage volume — confirming or dismissing alerts against runbooks, escalating valid suspicion. Tier 2 analysts investigate deeper, pulling context across multiple data sources, performing log dives, and driving IR until containment. Tier 3 (or 'senior') analysts run threat hunts, build detections, tune false positives, and own playbook authorship. Common skill stack: log query languages (SPL, KQL, Lucene), an EDR (CrowdStrike, SentinelOne, Defender, Carbon Black), packet/pcap basics, MITRE ATT&CK familiarity, Sigma rule authoring, scripting (Python, PowerShell), and clear written communication for incident tickets. Certifications often associated with the role include CompTIA Security+, BTL1/2, GIAC GCDA / GCFA / GCIA, and increasingly vendor-specific badges. Burnout from alert volume is a documented occupational hazard; MDR and SOAR adoption shifted the role toward higher-context investigation.

  1. 01

    A Tier 1 SOC analyst triages an EDR alert for a suspicious PowerShell command line, confirms it matches a benign sysadmin script, and closes the ticket.

  2. 02

    A Tier 3 analyst writes a Sigma rule for a new lateral-movement technique observed in a recent intrusion, then validates coverage with Atomic Red Team.

よくある質問

SOC Analyst とは何ですか?

A security operations role responsible for triaging alerts, monitoring SIEM/EDR/XDR queues, investigating suspicious events, and escalating confirmed incidents to IR — typically tiered (T1 triage, T2 investigation, T3 hunt/engineering). サイバーセキュリティの 役割とキャリア カテゴリに属します。

SOC Analyst とはどういう意味ですか?

A security operations role responsible for triaging alerts, monitoring SIEM/EDR/XDR queues, investigating suspicious events, and escalating confirmed incidents to IR — typically tiered (T1 triage, T2 investigation, T3 hunt/engineering).

SOC Analyst はどのように機能しますか?

A Security Operations Center (SOC) analyst is the frontline role in detection-and-response operations, tasked with reading, triaging, and acting on the stream of alerts from a SIEM, EDR/XDR, NDR, identity-protection, and SOAR pipelines. SOCs are typically tiered. Tier 1 analysts triage volume — confirming or dismissing alerts against runbooks, escalating valid suspicion. Tier 2 analysts investigate deeper, pulling context across multiple data sources, performing log dives, and driving IR until containment. Tier 3 (or 'senior') analysts run threat hunts, build detections, tune false positives, and own playbook authorship. Common skill stack: log query languages (SPL, KQL, Lucene), an EDR (CrowdStrike, SentinelOne, Defender, Carbon Black), packet/pcap basics, MITRE ATT&CK familiarity, Sigma rule authoring, scripting (Python, PowerShell), and clear written communication for incident tickets. Certifications often associated with the role include CompTIA Security+, BTL1/2, GIAC GCDA / GCFA / GCIA, and increasingly vendor-specific badges. Burnout from alert volume is a documented occupational hazard; MDR and SOAR adoption shifted the role toward higher-context investigation.

SOC Analyst からどのように防御しますか?

SOC Analyst に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

SOC Analyst の別名は何ですか?

一般的な別名: Security Operations Center analyst, SOC Tier 1/2/3。

関連用語