Overview
Works within a Security Operations Center, monitoring security alerts, triaging potential incidents, performing initial investigations, and escalating issues according to defined procedures. Often synonymous with Security Analyst, especially at Tier 1/2 levels.
Responsibilities
- Monitor security tools (SIEM, IDS/IPS, EDR) for threats (Tier 1/2)
- triage alerts
- perform initial investigations
- escalate incidents
- follow standard operating procedures (SOPs)
- basic threat analysis and reporting
- (Often overlaps heavily with 'Security Analyst')
Required Skills
- SIEM tools
- IDS/IPS alerts
- EDR alerts
- basic network traffic analysis
- log analysis
- ticketing systems
- understanding of common attack vectors
- following procedures accurately
Salary Expectations
$60,000 - $100,000 USD
Relevant Certifications
Common Career Pathway
Very common entry-level cybersecurity role. Often transitions from IT support or network operations. Foundation for many other security roles (Incident Response, Threat Hunting, Engineering).
Learning Roadmap
IT Fundamentals -> Network+ -> Security+ -> Learn SIEM/Security Tools -> Understand common threats -> Practice alert triage -> CySA+.