SOC T1 · Domain 05/10

SOC Analyst Tier 1

The most realistic technical-adjacent on-ramp into cyber for non-coders.

Light code⏱ 6–12 monthsRemote Media transfer

01 · A realistic Tuesday

What the day actually looks like.

Shift work — say 06:00–14:00 WAT to cover the European morning and US East night handoff. Triage 30–60 alerts per shift in Splunk / Microsoft Sentinel / Chronicle. 'Impossible travel: Lagos to Toronto in 10 minutes' — check VPN logs, Entra sign-ins, the device. Sandbox a phishing URL in URLscan, hash-check on VirusTotal, write a 4-line verdict, escalate or close. Repeat. Pattern recognition + writing things down clearly, on rotation.

02 · Who hires

Where the work lives.

Arctic WolfSecureworksTrustwaveDeepwatchExpeleSentireSophos MDRCritical StartReliaQuestCrowdStrike Falcon CompleteMicrosoft Defender ExpertsSentinelOne Vigilance

03 · Skills

What you actually need.

Technical

Networking (TCP/IP, DNS, HTTP)
Basic Windows / Linux event logs
One SIEM (Splunk, Sentinel, QRadar, Chronicle)
One EDR (Falcon, SentinelOne, Defender)
Email / phishing analysis
MITRE ATT&CK
Ticketing (ServiceNow, Jira, TheHive)transferable

Soft

Pattern recognitiontransferable
Editors are professional pattern matchers — spotting 'this looks off' in 100 logs is the same as a continuity error in 100 frames.
Documentation disciplinetransferable
Written communicationtransferable
Calm during high alert volumetransferable

04 · Career ladder

The shape of the journey.

1
SOC Analyst T10–2 yr
2
SOC Analyst T22–4 yr
3
SOC T3 / Senior4–7 yr
4
SOC Lead6–10 yr
5
SOC Manager9–15 yr

6–12 monthsto break in

36121824

Note. Times reflect typical paths for someone with strong communication and 10–15 hrs/week of focused study.

05 · Salary explorer

What it pays.

Ranges are directional. Currency: USD · annual. The local-to-remote 12–18 month jump is the practical career move. Last updated: 2025.

06 · Certifications

The cert sequence that won't bankrupt you.

TryHackMe SOC L1 path

TryHackMe

$14/mo. The canonical hands-on starting point.

Free starter

$14 · ₦21k

Security+

CompTIA

Often via StationX bundles ~$340. Standard hiring filter.

Recommended

$404 · ₦606k

Microsoft SC-200

Microsoft

Defender + Sentinel — fits Microsoft-shop banks.

Recommended

$165 · ₦248k

BTL1 (Blue Team Level 1)

Security Blue Team

Hands-on alternative to SC-200.

Nice-to-have

$490 · ₦735k

Splunk Fundamentals 1/2

Splunk

Free official training.

Free starter

Free

CySA+

CompTIA

T2 progression cert.

Eventually needed

$404 · ₦606k

07 · Remote-friendliness

Working from Lagos, Abuja, or anywhere.

4/5

24/7 coverage means Nigerian timezone is an asset. Realistic Nigerian path: first job at a local SOC for 12–18 months, then jump to a remote MSSP at 2–3× the USD salary.

08 · Trade-offs

The good, the gritty, and who this suits.

Pros

+Realistic foot-in-the-door — most non-coders enter cyber here.
+Pattern recognition over coding.
+Clear progression to T2/T3, threat hunting, IR, GRC.

Cons

−Lowest-paid cyber role.
−Shift work and burnout (71% of SOC analysts cited as burnout-affected, 2025 industry data).
−AI/agentic SOC tools are automating routine triage — adapt and learn to supervise the tools.

Personality fit

If you can spot a continuity error across 100 frames, you can spot a malicious login across 100 alerts.

09 · Watch this

Three to five hours that beat any cert.

Become a SOC Analyst in 2024 — ROADMAP

MyDFIR

Why watch. Step-by-step roadmap with no fluff.

How to Become a Cybersecurity Analyst

Cyberspatial

Why watch. Concrete entry-path guidance.

What does a SOC analyst do?

Career Crucible

Why watch. Honest day-to-day from a working analyst.

10 · Next step for this path

Do this by Friday.

This week: subscribe to TryHackMe ($14/mo via virtual USD card) and complete the free pre-security path by Sunday. That's the only first step that matters.