SOC Analyst 2 (Senior Security Analyst) Training Program

Role Introduction

  • The SOC Analyst 2 (Senior Security Analyst) role is designed for professionals looking to advance from Tier 1 to Tier 2 or strengthen their core technical and investigative skills in cybersecurity operations.
  • This training emphasizes hands-on, practical, and realistic SOC scenarios where you will:
  • Perform in-depth log analysis across multiple platforms.
  • Gain hands-on experience with SIEM solutions such as Splunk and ELK.
  • Develop detection engineering expertise to fine-tune alerts and troubleshoot issues.
  • Master advanced Blue Teaming tasks, including threat hunting, threat emulation, incident response, and malware analysis.

Course Modules
Section 1 – Log Analysis

  • Introduction to Logs
  • Log Operations & Management
  • Fundamentals of Log Analysis

Section 2 – Advanced Splunk

  • Exploring SPL (Search Processing Language)
  • Setting up a SOC Lab with Splunk
  • Building Dashboards & Reports
  • Data Manipulation in Splunk
  • Hands-on Scenario: Fixit

Section 3 – Advanced ELK (Elasticsearch, Logstash, Kibana)

  • Logstash: Data Processing Engine
  • Custom Alert Rules in Wazuh
  • Advanced ELK Querying Techniques
  • Hands-on Challenge: Slingshot

Section 4 – Detection Engineering

  • Introduction to Detection Engineering
  • Tactical Detection Strategies
  • Leveraging Threat Intelligence in SOC Operations
  • Sigma Rules & Detection Management
  • SigHunt Practical Labs
  • Endpoint Detection & Response with Aurora EDR
  • Automating with SOAR Platforms

Section 5 – Threat Hunting

  • Introduction to Threat Hunting Methodology
  • Hunting for Footholds in Compromised Systems
  • Pivoting Techniques in Hunting
  • Endgame Scenarios in Advanced Threat Hunting
  • Practical Labs:
  • Hunt Me I: Payment Collectors
  • Hunt Me II: Typo Squatters

Section 6 – Threat Emulation

  • Introduction to Threat Emulation & Red/Blue Collaboration
  • Threat Modeling Techniques
  • Hands-on with Atomic Red Team
  • Automated Adversary Simulation with CALDERA
  • Purple Team Labs:
  • Atomic Bird Goes Purple #1
  • Atomic Bird Goes Purple #2

Section 7 – Incident Response (IR)

  • IR Lifecycle: Preparation → Identification → Containment → Eradication → Recovery → Lessons Learned
  • Scoping and Threat Intelligence for IR
  • Remediation and Post-Incident Actions
  • Case Study: Tardigrade

Section 8 – Malware Analysis

  • Overview of x86 Architecture
  • x86 Assembly Crash Course
  • Windows Internals for Analysts
  • Dissecting PE Headers
  • Basic Static Malware Analysis
  • Practical Lab: MalBuster
  • Advanced Static Analysis
  • Basic Dynamic Analysis
  • Debugging for Dynamic Analysis
  • Anti-Reverse Engineering Techniques
  • Case Study: MalDoc – Static Analysis