Cyber Landscape • Room 1

The SOC Structure

A Security Operations Center (SOC) is organized into tiers. Tier 1 Analysts triage alerts, Tier 2 Analysts perform deep investigation, and Tier 3 analysts handle advanced threat hunting.

Beyond the analyst tiers, Security Engineers build and tune detections, while Security Architects design the overall defensive infrastructure and data pipelines.

Understanding who does what prevents bottlenecks. A Tier 1 analyst should escalate, not try to do a Tier 3 hunt on their own.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

Triage incoming alerts

Deep-dive investigation

Proactive threat hunting

Build & tune correlation searches

Tier 1 Analyst

Tier 2 Analyst

Tier 3 Analyst

Security Engineer