SOC Analyst CV Example
For Security Operations Centre analysts monitoring, detecting, and responding to security threats in real time. Demonstrates your analytical rigour, knowledge of attack vectors, and expertise with security monitoring tools.
Recommended template: BoldPro
Key Skills to Include
Quick Tips
- Specify the SIEM platforms you have worked with and the scale of the environments you have monitored.
- Highlight security certifications such as CompTIA CySA+, GCIA, or Blue Team Level 1.
- Include examples of notable security incidents you detected and your role in the response process.
- Demonstrate your knowledge of threat intelligence frameworks and attack methodology classification.
Ready to build your CV?
Start with the Bold template and customise it for your information technology role.
Upgrade to ProHow to Write Your SOC Analyst CV
A SOC analyst CV must demonstrate your ability to detect, investigate, and respond to security threats in real time. Employers want to see that you can work under pressure, triage alerts accurately, and communicate findings clearly. Your CV should combine SIEM tool proficiency with evidence of real-world incident investigation and a structured approach to threat detection and response.
CV Structure
Use a reverse-chronological format with a profile, skills section, work experience, and certifications. Feature your security certifications prominently. For each role, describe the SOC environment — team size, shift pattern, client base, and the number of endpoints monitored. Separate routine monitoring responsibilities from notable investigations and achievements.
CV Format
Choose a professional template that prioritises readability. SOC hiring managers scan for certifications, SIEM platform experience, and investigation examples. Keep to two pages and place certifications and key skills in the first half of the document. Save as PDF.
CV Profile Examples
SOC Analyst — Tier 2
SOC analyst with four years of experience performing real-time security monitoring, threat detection, and incident response within enterprise and managed services environments. Proficient in Splunk, Microsoft Sentinel, and CrowdStrike with hands-on experience investigating phishing campaigns, malware infections, and lateral movement attempts. CompTIA CySA+ and Blue Team Level 1 certified with a methodical approach to alert triage and threat classification using the MITRE ATT&CK framework.
SOC Analyst — Entry Level
CompTIA Security+ certified SOC analyst with eighteen months of experience monitoring security events within a 24/7 SOC supporting 20 enterprise clients. Skilled in SIEM alert triage, log analysis, and incident documentation using QRadar and ServiceNow. Completed TryHackMe SOC Level 1 and Blue Team Level 1 training with a strong foundation in network security fundamentals and common attack patterns.
SOC Analyst — Threat Intelligence
SOC analyst with five years of experience combining real-time security monitoring with threat intelligence research to improve detection capabilities. Expert in Splunk correlation rules, YARA signature creation, and open-source threat intelligence integration. Published internal threat advisories on emerging attack campaigns and contributed detection rules that identified three previously undetected intrusions within client environments.
State your SOC experience level (Tier 1/2/3), years of experience, primary SIEM platforms, and key certifications. Include one notable investigation or detection achievement to demonstrate your capability.
Key Skills for Your SOC Analyst CV
Security Monitoring
Performing continuous monitoring of security events across networks, endpoints, and cloud environments to detect threats.
SIEM (Splunk, QRadar, Sentinel)
Using SIEM platforms to aggregate, correlate, and analyse security logs for threat detection and investigation.
Threat Detection & Triage
Evaluating security alerts to determine severity, validity, and appropriate response actions using structured triage processes.
Incident Response
Investigating confirmed security incidents, containing threats, and coordinating remediation with client or internal teams.
Malware Analysis
Performing basic static and dynamic malware analysis to understand threat behaviour and support incident response.
Log Analysis
Analysing network, endpoint, and application logs to trace attacker activity and reconstruct incident timelines.
Threat Intelligence
Researching emerging threats, integrating intelligence feeds, and creating detection signatures based on new indicators.
MITRE ATT&CK Framework
Mapping detected threats to MITRE ATT&CK techniques and tactics for consistent classification and communication.
SOC Playbooks
Following and developing standardised response playbooks for common threat scenarios to ensure consistent SOC operations.
Work Experience Examples
For each role, describe the SOC environment, the scale of monitoring, and your shift pattern. Detail the types of threats you investigated, the tools you used, and your triage methodology. Include specific investigation examples and quantified achievements — detection times, false positive reductions, or incident containment successes.
SOC Analyst (Tier 2)
Citadel Cyber Defence
Performed security monitoring and incident response within a managed SOC serving 30 enterprise clients with combined infrastructure of 150,000 endpoints.
Responsibilities
- Monitored and triaged security alerts from Splunk and CrowdStrike Falcon, investigating an average of 60 alerts per shift across multiple client environments.
- Conducted deep-dive investigations into confirmed incidents including phishing, ransomware, credential theft, and insider threat indicators.
- Mapped detected threats to MITRE ATT&CK techniques and documented indicators of compromise for threat intelligence sharing.
- Created and tuned Splunk correlation rules and CrowdStrike custom IOAs to improve detection accuracy and reduce false positive rates.
- Mentored Tier 1 analysts, reviewing their triage work and providing guidance on investigation techniques and escalation criteria.
Achievements
- Detected and contained a supply chain compromise affecting a financial services client, preventing lateral movement to domain controllers within 90 minutes of initial alert.
- Reduced average mean time to detect from 28 minutes to 9 minutes by implementing automated enrichment workflows and tiered alert prioritisation.
- Authored 18 SOC playbooks for common threat scenarios that standardised response procedures and improved Tier 1 resolution rates by 25%.
SOC Analyst (Tier 1)
Irongate Security Services
Provided first-line security monitoring for a managed SOC supporting 15 clients across finance, healthcare, and retail sectors.
Responsibilities
- Monitored QRadar SIEM dashboards during 12-hour shifts, triaging alerts based on severity and documented escalation criteria.
- Investigated low-to-medium severity alerts including failed login attempts, suspicious email activity, and policy violations.
- Documented investigations in ServiceNow with clear timelines, evidence, and recommended actions for client security teams.
- Updated threat intelligence feeds and blocklists based on daily threat briefings and industry advisories.
Achievements
- Identified a brute force attack targeting a healthcare client's VPN gateway and escalated before any accounts were compromised.
- Achieved a 98% SLA compliance rate for alert response across all assigned client environments over a twelve-month period.
Education & Qualifications
List security certifications first — CompTIA CySA+, Security+, GCIA, BTL1, or vendor certifications. Follow with your degree and any structured training programmes. Include CTF achievements, TryHackMe rankings, or home lab experience if applicable.
CompTIA CySA+
A cybersecurity analytics certification validating skills in threat detection, analysis, and response for SOC roles.
Blue Team Level 1 (BTL1)
A practical defensive security certification covering SOC operations, SIEM analysis, and incident handling.
CompTIA Security+
A foundational security certification covering core cybersecurity concepts and defensive practices.
GIAC Certified Intrusion Analyst (GCIA)
An advanced SANS certification demonstrating expertise in network traffic analysis and intrusion detection.
Frequently Asked Questions
What should I include on a SOC analyst CV?
How do I get into a SOC analyst role with no experience?
How important is the MITRE ATT&CK framework for SOC analysts?
Should I include CTF or lab experience on a SOC analyst CV?
More Information Technology CV Examples
Cyber Security CV
For cybersecurity professionals protecting organisations from digital threats. Showcases your expertise in threat detection, vulnerability management, and security architecture across enterprise environments.
1st Line Support CV
Designed for first-line IT support professionals handling initial user queries, troubleshooting common issues, and escalating complex problems. Demonstrates your customer service skills and technical troubleshooting ability.
API Testing CV
For QA engineers and testers specialising in API testing and validation. Highlights your proficiency with testing frameworks, automation tools, and your understanding of RESTful and SOAP architectures.
Application Support Analyst CV
For application support analysts maintaining business-critical software systems and resolving production issues. Demonstrates your analytical skills, SLA management, and ability to bridge technical and business teams.
CCTV Technician CV
For CCTV technicians installing, maintaining, and troubleshooting surveillance systems. Showcases your technical knowledge of IP and analogue camera systems, networking, and compliance with data protection regulations.
Database Administrator CV
For database administrators managing the performance, security, and availability of enterprise database systems. Demonstrates your expertise in database design, optimisation, and disaster recovery planning.