What the numbers say about this work
Government occupation data for the role this maps to — Information Security Analysts (SOC 15-1212). This is planning context for the occupation, not a salary or a job this role guarantees you.
- Median pay (occupation)
- $129,180 / yr · $75,090 to $199,850 (10th–90th percentile)
- Projected change (2024–34)
- +28.5% · ~16k openings/yr
- Typical entry education
- Bachelor's degree
BLS OEWS — occupation-level, national BLS Employment Projections 2024–34 This role has a high-confidence mapping to the listed O*NET-SOC/BLS occupation.
What it pays by metro
The national median hides a wide geographic spread. Below is the occupation’s median in some of the highest-paying and largest-employment metros, adjusted for local prices — regional price-level context, not take-home pay or a salary this role guarantees you.
| Metro | Nominal median | Cost-adjusted |
|---|
| San Jose, CA | $176,120 | $159,496 |
|---|
| Raleigh, NC | $143,640 | $146,337 |
|---|
| Seattle, WA | $161,780 | $145,573 |
|---|
| San Francisco, CA | $162,310 | $140,391 |
|---|
| Huntsville, AL | $130,330 | $140,031 |
|---|
| Washington, DC | $148,950 | $136,797 |
|---|
See all metros and how this is calculated → Sources: BLS OEWS (May 2025), occupation-level metro median ÷ BEA Regional Price Parities (2024, US=100).
What employers ask for right now
The skills and certifications employers most often name in a sample of 77public job postings for this role. Treat it as a to-learn list — it’s dated hiring language, not a count of open jobs, demand, or salary.
Most-named skills
- Cybersecurity 61
- SIEM 53
- Incident response 48
- EDR 44
- threat intelligence 42
- threat hunting 36
- Splunk 30
- Python 26
- AWS 24
- Azure 24
- CrowdStrike 22
- PowerShell 21
Certifications named
- Security+ 10
- CySA+ 10
- CCNA 3
- CompTIA A+ 2
- PMP 1
Compare what employers ask across roles → Qualitative employer-language sample only; do not use as official demand, market-size, salary, or certification ROI evidence.
Certification decision support
Certifications mapped to SOC Analyst
Certifications mapped to this role from cited OEM target-role data and the RoleMath role mapping, ordered by relationship strength and then Difficulty Score. This is planning context — not a guarantee, not an employer requirement, and not a claim that any one certification is best for everyone. Your fit depends on your background; pay/outlook context is occupation-level on the role page.
SOC foundations
2 mappedEntry and foundation credentials before deeper SOC tooling and response work.
| Credential | Difficulty | Cost | Relationship | Why it appears here |
|---|
| 45/100Moderate | $439 exam | strong signal | Security+ is a common baseline for SOC analyst preparation, but learners still need hands-on SIEM, networking, and incident triage practice.Official source |
| 20/100Foundational | $125 exam | pre entry foundation | CCST Cybersecurity is useful for cyber fit exploration before deeper SOC preparation.Official source |
Detection and monitoring
5 mappedSIEM, monitoring, detection-engineering, and security-operations credentials.
| Credential | Difficulty | Cost | Relationship | Why it appears here |
|---|
| 40/100Moderate | $130 exam | strong signal | Splunk Certified Cybersecurity Defense Analyst maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 40/100Moderate | $999 exam | strong signal | GIAC Certified Detection Analyst (GCDA) maps to SOC Analyst as a strong role signal based on its cited name keyword:security:detection monitoring signal.Official source |
| 50/100Moderate | $999 exam | strong signal | GIAC Continuous Monitoring Certification (GMON) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 60/100Hard | $130 exam | advanced adjacent | Splunk Certified Cybersecurity Defense Engineer maps to SOC Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source |
| 65/100Hard | $200 exam | advanced adjacent | Fortinet NSE 5 - FortiAnalyzer 7.6 Analyst maps to SOC Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source |
Incident response and forensics
7 mappedForensics, incident handling, malware, and response credentials for SOC escalation paths.
| Credential | Difficulty | Cost | Relationship | Why it appears here |
|---|
| 50/100Moderate | $999 exam | strong signal | GIAC Certified Forensic Analyst (GCFA) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 50/100Moderate | $999 exam | strong signal | GIAC Certified Forensic Examiner (GCFE) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 50/100Moderate | $999 exam | strong signal | GIAC Certified Incident Handler (GCIH) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 50/100Moderate | $999 exam | strong signal | GIAC Cloud Forensics Responder (GCFR) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 50/100Moderate | $999 exam | strong signal | GIAC Network Forensic Analyst (GNFA) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 50/100Moderate | $999 exam | strong signal | GIAC Reverse Engineering Malware Certification (GREM) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 55/100Moderate | Cost not verified | strong signal | OffSec Defense Analyst (OSDA) maps to SOC Analyst as a strong role signal based on its cited name keyword:security:soc or security operations signal.Official source |
Threat intelligence
1 mappedThreat intelligence and adversary-analysis credentials that support SOC context and escalation.
| Credential | Difficulty | Cost | Relationship | Why it appears here |
|---|
| 50/100Moderate | $999 exam | strong signal | GIAC Cyber Threat Intelligence (GCTI) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
Network defense
3 mappedNetwork security, traffic analysis, and defensive infrastructure credentials.
| Credential | Difficulty | Cost | Relationship | Why it appears here |
|---|
| 50/100Moderate | $999 exam | strong signal | GIAC Certified Intrusion Analyst (GCIA) maps to SOC Analyst as a strong role signal based on its cited cybersecurity keyword:soc or security operations signal.Official source |
| 50/100Moderate | $300 exam | strong signal after foundation | Cisco CCNA Cybersecurity covers security monitoring host analysis network intrusion analysis and policies for cyber operations routes.Official source |
| 75/100Hard | $439 exam | strong signal after foundation | CySA+ maps more directly to analyst and monitoring work after Security+ or equivalent foundations.Official source |
Vendor SOC platforms
4 mappedVendor-specific SOC, security operations, and analyst-platform credentials.
| Credential | Difficulty | Cost | Relationship | Why it appears here |
|---|
| 40/100Moderate | Cost not verified | strong signal | Microsoft Certified: Security Operations Analyst Associate maps to SOC Analyst as a strong role signal based on its cited name keyword:security:soc or security operations signal.Official source |
| 45/100Moderate | $200 exam | strong signal | Fortinet NSE 7 - Security Operations 7.6 Architect maps to SOC Analyst as a strong role signal based on its cited name keyword:security:soc or security operations signal.Official source |
| 55/100Moderate | Cost not verified | strong signal | Certified SOC Analyst (CSA) maps to SOC Analyst as a strong role signal based on its cited name keyword:security:soc or security operations signal.Official source |
| 60/100Hard | Cost not verified | advanced adjacent | Microsoft Certified: Cybersecurity Architect Expert maps to SOC Analyst as an advanced credential for progressing toward/within this role, not an entry signal.Official source |
Difficulty is the RoleMath Difficulty Score, not a pass rate. Certification mappings are planning context, not employer requirements, job guarantees, salary claims, or ROI claims.
10th percentileU.S. national occupation-level wage context only.
$75,090MedianNot a certification salary or personal prediction.
$129,18090th percentileRequires SOC mapping caveat; use metro pages for local wages.
$199,850BLS wage dataSOC mapping caveatSource posture
View salary table fallback
| Measure | Value | Source layer | Caveat |
|---|
| 10th percentile | $75,090 | bls occupation context | U.S. national occupation-level wage context only. |
| Median | $129,180 | bls occupation context | Not a certification salary or personal prediction. |
| 90th percentile | $199,850 | bls occupation context | Requires SOC mapping caveat; use metro pages for local wages. |
How to become a SOC Analyst
Quick Verdict
A SOC analyst monitors security alerts, triages incidents, and escalates threats using SIEM workflows. A realistic career-changer path: build networking and security fundamentals, then a baseline credential like CompTIA Security+ (RoleMath difficulty: Moderate - a structural score, not a pass rate). BLS reports a $129,180 median wage (2025) for Information Security Analysts - occupation context, not a guarantee.
Cited Detail
SOC analyst shares its occupation with cybersecurity analyst: Information Security Analysts (SOC 15-1212). Top skills: monitoring, critical thinking, reading comprehension, clear writing. Realistic sequence (planning context, not a promise): start with CompTIA Security+ (SY0-701) as a baseline, then hands-on SIEM, networking, and incident-triage practice. CompTIA CySA+ (CS0-003) maps more directly to analyst work after foundations - RoleMath rates it Hard (structural band, not a pass rate). Cisco's CCST Cybersecurity (100-160) is a useful pre-entry fit-check; Cisco CCNA Cybersecurity (200-201) is a stronger signal once you've built foundations. Outlook: BLS projects Information Security Analysts to grow 28.5% over 2024-2034, ~16,000 openings/yr - a multi-year occupation-level projection, not live postings, not a guarantee for this title or for you.
Ready to see how this fits your background?
Build my personalized career plan.