Very High demandSecurity

Cybersecurity Analyst

Detect, investigate, and respond to security threats across enterprise environments

4
Core certs
4
Phases
6–12 months from scratch
Time to entry

Job titles

Security Analyst, SOC Analyst +

UK salary range

£40,000–£70,000

US salary range

$65,000–$110,000

Time to first role

6–12 months from scratch

About this role

Cybersecurity analysts monitor security events, investigate incidents, and operate SOC tooling. The role sits at the intersection of threat intelligence, log analysis, and incident response. Entry requires understanding networking fundamentals, security tooling (SIEM, EDR), and threat frameworks like MITRE ATT&CK.

Key skills employers look for

SIEM & log analysisThreat detection & huntingIncident responseVulnerability managementNetwork traffic analysisGRC basics

Certification roadmap

1

Foundation

Networking + security fundamentals — both are required before the analyst certs

FoundationCompTIA
4–8 weeks

N10-009CompTIA Network+

Security analysts must read pcap files, understand TCP/IP flows, and diagnose network-based attacks. Network+ ensures you have this foundation before tackling Security+.

FoundationCompTIA
6–10 weeks

SY0-701CompTIA Security+

The most widely held entry-level security cert. DoD 8570 IAT Level II baseline. Covers cryptography, threat actors, vulnerability management, identity, and incident response. The expected baseline for almost every SOC analyst role.

FoundationISC2Optional
4–6 weeks

ISC2 CCISC2 Certified in Cybersecurity

Free entry-level cert from ISC2. Good alternative to Security+ if you want an ISC2 credential early or can't yet afford the Security+ exam fee.

2

Analyst Specialisation

The cert that makes you hirable as an analyst — not just security-literate

AssociateCompTIA
8–12 weeks

CS0-003CompTIA CySA+

The most relevant intermediate security cert for analyst roles. Covers threat intelligence, behavioural analytics, log analysis, SIEM, vulnerability management, and incident response in operational depth that Security+ doesn't reach.

3

SIEM & Tooling

Tool-specific certs that are increasingly listed as requirements

FoundationSplunk
2–4 weeks

Splunk Core UserSplunk Core Certified User

Splunk is the most common SIEM platform in enterprise SOCs. This cert demonstrates you can write SPL queries, build dashboards, and investigate log data — practical skills that analysts use on day one.

4

Senior / Expert

For senior analyst and security architect roles — 3–5 years experience

ProfessionalISC2Optional
4–6 months

CISSPISC2 CISSP

The gold standard for senior security professionals. Requires 5 years of paid security experience. Shifts focus from operational analysis to governance, risk, and security architecture.

Frequently asked questions

Do I need Network+ before Security+?

Not officially, but practically yes. Security+ exam questions assume you understand TCP/IP, subnetting, and common protocols like DNS, HTTP, and SMTP. Without Network+, you'll spend double the time on Security+ because every question requiring network context will slow you down.

Is Security+ enough to get a SOC analyst job?

It's the minimum. Pair it with: hands-on experience in a home lab (TryHackMe, HackTheBox), knowledge of Splunk or Microsoft Sentinel basics, and CySA+ if the target role asks for it. Entry-level SOC roles are highly competitive — cert + demonstrated lab skills beats cert alone.

Key terms for this career path

These concepts underpin the certifications in this roadmap and appear regularly in exam questions.

Browse full IT glossary →