What you’ll learn:
Students will learn how to detect, investigate, and respond to real-world cyber threats in a Security Operations Centre environment.
Students will learn to use SIEM tools like Splunk and Wazuh to analyze logs, create dashboards, and generate real-time security alerts.
Will learn how to apply the MITRE ATT&CK framework to map threats, identify tactics, techniques, and procedures (TTPs), and improve SOC detection coverage.
Students will complete a simulated SOC investigation from initial alert triage to creating and submitting a professional incident report.
The SOC Analyst Level 1 & 2 Masterclass is your complete, hands-on training program to launch a successful career in cybersecurity. This course takes you inside the day-to-day operations of a real Security Operations Centre (SOC) and equips you with the skills to detect, investigate, and respond to real-world cyber threats.
Through 12 comprehensive modules and practical, scenario-based training, you will master SOC fundamentals, network traffic analysis, operating system internals, SIEM usage, threat intelligence, detection engineering, and full-scale incident response. Every topic is reinforced with hands-on labs, simulations, and real attack investigations to make you job-ready.
Here’s what you’ll learn in each module:
- Module 1: SOC structure, workflows, tools, KPIs, and the role of L1 & L2 analysts.
- Module 2: Networking essentials for SOC, including OSI/TCP-IP, protocols, packet inspection, and detecting network-based threats.
- Module 3: Windows & Linux internals, log sources, and investigative commands for uncovering malicious activity.
- Module 4: Understanding the threat landscape, mapping attacks to MITRE ATT&CK, and analyzing malware & phishing campaigns.
- Module 5: SIEM fundamentals, log lifecycle, Splunk queries, Sigma rules, and dashboard creation.
- Module 6: L1 alert monitoring, triage processes, enrichment with OSINT, and correlation techniques.
- Module 7: Investigating brute force, phishing, malware, data exfiltration, and command & control (C2) attacks.
- Module 8: SOC documentation, ticket lifecycle, escalation notes, and effective communication with stakeholders.
- Module 9: Threat intelligence tools, OSINT investigations, threat actor profiling, playbooks, and AI-assisted triage.
- Module 10: L2 detection engineering, writing & validating rules, log correlation, and deception techniques.
- Module 11: Incident response lifecycle – containment, eradication, recovery, and lessons learned.
- Module 12: Capstone project simulating a full SOC investigation with multiple threat scenarios.
- Operate confidently in a SOC environment handling both L1 & L2 tasks.
- Monitor, triage, and investigate security alerts using industry tools like Splunk, Wazuh, Elastic Stack, and Wireshark.
- Apply MITRE ATT&CK to strengthen detection capabilities.
- Create and tune detection rules, correlate logs, and escalate incidents effectively.
- Build a professional SOC portfolio with reports, dashboards, and detection rules to showcase to employers.
Who this course is for:
- This course is for aspiring SOC Analysts who want to start a career in cybersecurity.
- It is ideal for Junior Security Engineers and Blue Team members looking to strengthen their SOC skills.
- IT professionals who wish to transition into a security-focused role will find this course highly valuable.
- Cybersecurity students preparing for interviews, assessments, or hands-on SOC tasks will benefit from this training.
Link:
