1

Soc Level 1 Analyst Jobs (NOW HIRING)

The SOC Analyst 1 supports the organization's security operations by monitoring security events, performing first-level alert triage, validating suspicious activity, documenting tickets, and ...

Contract Job Overview Our client is seeking an experienced Level 2 SOC Analyst to serve as the primary escalation point for Level 1 SOC analysts. The ideal candidate will conduct in-depth incident ...

Your main responsibilities will be: -Modeling power dissipation at the SOC level, including Neural ... in scripting and data analysis. Understanding of VLSI design flow and CMOS technology and ...

Your main responsibilities will be: -Modeling power dissipation at the SOC level, including Neural ... in scripting and data analysis. Understanding of VLSI design flow and CMOS technology and ...

Your main responsibilities will be: -Modeling power dissipation at the SOC level, including Neural ... Pay & Benefits At Apple, base pay is one part of our total compensation package and is determined ...

Your main responsibilities will be: -Modeling power dissipation at the SOC level, including Neural ... Pay & Benefits At Apple, base pay is one part of our total compensation package and is determined ...

next page

Showing results 1-20

Soc Level 1 Analyst information

See salary details

$33K

$76.3K

$124K

How much do soc level 1 analyst jobs pay per year?

As of Jul 19, 2026, the average yearly pay for soc level 1 analyst in the United States is $76,273.00, according to ZipRecruiter salary data. Most workers in this role earn between $57,500.00 and $90,000.00 per year, depending on experience, location, and employer.

What is the difference between Soc Level 1 Analyst vs Soc Level 2 Analyst?

AspectSoc Level 1 AnalystSoc Level 2 Analyst
CertificationsBasic security certifications (e.g., CompTIA Security+)Advanced certifications (e.g., GIAC Security Essentials)
Work EnvironmentMonitors security alerts, initial incident responsePerforms in-depth analysis, escalates complex issues
ResponsibilitiesInitial detection, alert triageIncident investigation, root cause analysis

The main difference between a Soc Level 1 Analyst and a Soc Level 2 Analyst lies in their responsibilities and expertise. Level 1 analysts handle initial alerts and basic troubleshooting, while Level 2 analysts perform more detailed investigations and escalate complex issues. Both roles require security knowledge, but Level 2 analysts typically have more experience and advanced certifications.

What is a SOC Level 1 Analyst?

A SOC Level 1 Analyst is an entry-level cybersecurity professional who monitors and analyzes an organization's security systems for potential threats and incidents. Their main responsibilities include reviewing security alerts, triaging incidents, escalating issues to higher-tier analysts, and documenting findings. They play a critical role in the early detection of cyber threats and help maintain the overall security posture of the organization. SOC Level 1 Analysts usually work in Security Operations Centers (SOCs) and use various security tools, such as SIEM (Security Information and Event Management) platforms, to carry out their tasks. This position is ideal for individuals looking to start a career in cybersecurity.

What are the key skills and qualifications needed to thrive as a SOC Level 1 Analyst, and why are they important?

To thrive as a SOC Level 1 Analyst, you need foundational knowledge of cybersecurity principles, incident response processes, and familiarity with network and system administration, often supported by a relevant degree or certifications like CompTIA Security+. Experience with security information and event management (SIEM) tools, ticketing systems, and basic scripting is typically required. Strong analytical thinking, attention to detail, and effective communication skills help analysts quickly identify and escalate potential threats. These skills and qualities are crucial to ensure timely detection of security incidents and accurate reporting, forming the first line of defense in an organization's cybersecurity posture.

What are some common challenges faced by SOC Level 1 Analysts in their daily workflow?

SOC Level 1 Analysts often face the challenge of handling a high volume of security alerts, many of which may be false positives. Quickly triaging these alerts while maintaining accuracy is essential to ensure real threats are identified promptly. Additionally, analysts must communicate effectively with other team members and escalate incidents when necessary, all while continuing to develop their technical skills in a fast-paced, evolving threat landscape. Balancing these responsibilities can be demanding but offers valuable experience for career growth within cybersecurity.
More about Soc Level 1 Analyst jobs
What states have the most Soc Level 1 Analyst jobs? States with the most job openings for Soc Level 1 Analyst jobs include:
Infographic showing various Soc Level 1 Analyst job openings in the United States as of July 2026, with employment types broken down into 50% Full Time, and 50% Contract. Highlights an 100% In-person job distribution, with an average salary of $76,273 per year, or $36.7 per hour.
SOC Tier 1 Analyst

SOC Tier 1 Analyst

ECS

Portland, OR โ€ข On-site

Full-time

Re-posted 2 hours ago


Job description

Everforth ECS is seeking a SOC Tier 1 Analyst to work in our Portland, OR office. Note: This position is contingent upon contract award.
The SOC Analyst 1 supports the organization's security operations by monitoring security events, performing first-level alert triage, validating suspicious activity, documenting tickets, and escalating confirmed or higher-risk events using approved runbooks and procedures. This role is the initial monitoring and triage tier within the SOC Analyst role family.
The ideal candidate has foundational cybersecurity or IT operations experience, understands basic security concepts and defensive technologies, and can follow established procedures while communicating clearly with SOC Analyst 2, SOC Analyst 3, incident response, engineering, and other program stakeholders.
This role involves shift work schedule to support our 24/7 operation, including weekends and holidays. Candidates must be flexible in their availability. While we make every effort to accommodate individual preferences, it's essential to understand that specific shift requests are not guaranteed and are assigned based on operational needs.
Key Responsibilities
Security Monitoring & Initial Alert Triage
  • Monitor security events and alerts across SIEM, EDR, IDS/IPS, cloud, network, identity, case management, and other approved security platforms.
  • Perform first-level alert validation to determine whether activity is benign, suspicious, policy-related, or requires escalation.
  • Assign initial severity, scope, affected assets, affected accounts, and potential impact using approved triage criteria and runbooks.
  • Escalate confirmed, ambiguous, high-risk, or complex alerts to SOC Analyst 2, SOC Analyst 3, or SOC leadership according to established procedures.

Ticketing, Documentation & Shift Handoff
  • Create and update incident tickets with clear descriptions, timestamps, evidence references, preliminary findings, and actions taken.
  • Document investigation steps, alert context, decisions, and escalation rationale clearly and accurately.
  • Prepare shift handoff notes and status updates to ensure continuity of monitoring and incident follow-up.
  • Maintain case management hygiene, including accurate categorization, status tracking, and closure documentation for routine alerts.

Incident Response Support
  • Support standard incident response activities under direction of SOC Analyst 2, SOC Analyst 3, incident responders, or SOC leadership.
  • Collect readily available logs, alert details, endpoint information, user information, and other operational evidence needed for escalation.
  • Coordinate basic information requests with system owners, security engineers, and other technical teams as directed.
  • Track escalations and provide status updates until ownership is accepted by the appropriate SOC or specialized role.

Tool Use & Procedure Adherence
  • Use SOC tools such as SIEM, SOAR, EDR, threat intelligence portals, case management systems, and vulnerability platforms in accordance with approved procedures.
  • Follow playbooks, standard operating procedures, evidence-handling expectations, and escalation thresholds consistently.
  • Report suspected data quality issues, missing telemetry, dashboard problems, or tool availability concerns to SOC Analyst 2/3, Splunk engineering, or security engineering teams.
  • Participate in training, drills, tabletop exercises, and lessons-learned activities to improve monitoring and triage performance.

Continuous Learning
  • Stay current with common cyber threats, phishing techniques, malware trends, vulnerabilities, user behavior risks, and security operations best practices.
  • Apply feedback from senior analysts to improve alert validation, documentation quality, and escalation accuracy.
  • Contribute operational observations and recurring alert patterns to process improvement discussions.

  • U.S. Citizenship with ability to obtain and maintain a DOE "L" clearance after start.
  • 1-3 years of experience in cybersecurity, IT operations, help desk, networking, systems administration, or SOC monitoring.
  • Basic experience using SIEM, EDR, ticketing, case management, or log-search tools to review security events or operational alerts.
  • Foundational knowledge of Windows, Linux, networking, cloud, identity, endpoint, and common cyber threat concepts.
  • Ability to follow runbooks, validate alerts, document findings, and escalate issues accurately and promptly.
  • Familiarity with incident escalation procedures, shift handoff practices, and basic evidence-handling expectations.
  • Strong attention to detail, written documentation skills, and ability to communicate clearly with technical teams.