9+ Security Operations Center (SOC) Analyst Resume Examples & Tips for 2026

Here's the problem I keep running into when reviewing SOC Analyst resumes: they read like a copy-paste of security tool documentation. A long list of platforms you've touched, maybe some vague references to "monitoring alerts" and "investigating incidents" — but nothing that tells a hiring manager how you actually think, triage, and respond when things go sideways.

A strong SOC Analyst resume needs to tell the story of how you detect, investigate, and respond to real threats — not just that you sat in front of a SIEM dashboard. It should convey your analytical thinking, your understanding of attack vectors, and the measurable impact of your work on the organization's security posture.

And this is exactly what you'll learn from this article. Inside, you'll find:

• Examples of 9+ SOC Analyst resumes, covering different specializations and tiers.
• Insider tips about what really matters to hiring managers and security leaders recruiting for SOC roles.
• A step-by-step guide for building a SOC Analyst resume that gets you past ATS filters and into interviews.

Sample SOC Analyst Resumes

Take a look at some top-notch sample resumes for SOC Analysts across different specializations and experience levels. Find one that matches your profile and use it as a reference point (or feel free to steal it — just make sure to adjust the wording to reflect your own career journey).

Junior SOC Analyst

A Junior SOC Analyst resume should emphasize foundational cybersecurity knowledge, relevant coursework, lab experience, and any certifications like CompTIA Security+ or CySA+. Highlight your understanding of networking fundamentals, log analysis basics, and familiarity with SIEM tools even from training environments. Showcase eagerness to learn, attention to detail, and any hands-on experience from internships, capture-the-flag competitions, or home lab projects that demonstrate practical security skills.

Mid-Level SOC Analyst

For a Mid-Level SOC Analyst, your resume should demonstrate a solid track record of handling real-world security incidents from detection through resolution. Emphasize your proficiency with SIEM platforms, EDR tools, and threat intelligence feeds. Quantify your contributions — such as volume of alerts triaged, mean time to respond improvements, or false positive reduction rates. Highlight experience mentoring junior analysts and developing detection rules or playbooks.

Senior SOC Analyst

A Senior SOC Analyst resume should showcase leadership within security operations, including designing incident response procedures, tuning detection logic, and driving SOC maturity improvements. Highlight experience leading complex investigations, coordinating cross-functional incident response, and mentoring team members. Include metrics around threat detection improvements, process optimizations, and any contributions to security strategy. Advanced certifications like GCIH, GCIA, or CISSP strengthen your profile significantly.

Cybersecurity SOC Analyst

A Cybersecurity SOC Analyst resume should emphasize your breadth across the cybersecurity domain — not just monitoring, but also vulnerability management, threat hunting, and security architecture awareness. Highlight how you correlate data across multiple security tools to identify sophisticated threats. Showcase your understanding of frameworks like MITRE ATT&CK and NIST, and detail specific incidents where your analysis prevented or mitigated significant breaches or data loss events.

SOC Security Analyst

For a SOC Security Analyst resume, focus on your dual strength in security monitoring and security engineering. Highlight experience configuring and maintaining security tools alongside your daily operational duties. Show your ability to translate security events into actionable intelligence for stakeholders. Detail your work with firewall logs, IDS/IPS alerts, and endpoint telemetry, and emphasize collaboration with IT teams to remediate identified vulnerabilities and harden the environment.

Tier 1 SOC Analyst

A Tier 1 SOC Analyst resume should focus on your ability to monitor security alerts efficiently, perform initial triage, and escalate genuine threats accurately. Highlight your knowledge of common attack patterns, phishing identification, and basic malware analysis. Showcase your speed and accuracy in alert classification, your familiarity with ticketing systems, and your adherence to standard operating procedures. Any metrics around alert volume handled or escalation accuracy will make your resume stand out.

Tier 2 SOC Analyst

For a Tier 2 SOC Analyst, your resume should demonstrate deeper investigative capabilities beyond initial triage. Emphasize your experience conducting root cause analysis, performing packet captures, analyzing malware behavior, and correlating events across multiple data sources. Highlight your role in developing and refining detection rules, writing incident reports, and coordinating containment efforts. Show proficiency with forensic tools and threat intelligence platforms that support advanced investigation workflows.

SOC Incident Analyst

A SOC Incident Analyst resume should zero in on your incident response expertise. Detail your experience managing the full incident lifecycle — from identification and containment to eradication, recovery, and post-incident review. Highlight your ability to lead incident bridges, communicate with stakeholders during active incidents, and produce detailed after-action reports. Metrics such as reduced mean time to contain or number of incidents managed concurrently demonstrate operational impact effectively.

Information Security SOC Analyst

An Information Security SOC Analyst resume should bridge operational monitoring with broader information security governance. Highlight your understanding of compliance frameworks like ISO 27001, SOC 2, or HIPAA alongside your hands-on SOC experience. Emphasize contributions to risk assessments, audit support, and policy enforcement through security monitoring. Show how your operational findings informed security program improvements and helped the organization maintain regulatory compliance.

How to Write a SOC Analyst Resume

Short answer:

Focus on your analytical skills, threat detection capabilities, and the specific tools and frameworks you've used to protect organizations. Create a professional header with your name and contact details. Right below, write a 2–3 sentence resume summary outlining your most impactful security accomplishments. Describe your work history in reverse-chronological order, focusing on incidents handled, detection improvements made, and the tools and methodologies used. Then, cover your education, including security certifications, list key skills, and add extra sections such as certifications, lab projects, or security community involvement.

Include all the necessary sections in the correct order

Here's the correct order of sections for most SOC Analyst resumes:

• Header with contact information
• Resume summary or objective
• Work experience
• Education
• Skills
• Certifications

Depending on your current career situation, you can also throw in some additional sections. For instance:

• Certifications and training (if extensive, give this its own prominent section)
• Home lab or personal security projects
• Capture-the-flag (CTF) competitions and achievements
• Security community involvement and conference participation
• Publications or blog posts on security topics
• Professional associations

Include everything that shows you're capable of doing what the job requires. Make every section count. If it doesn't clearly highlight your security skills, it doesn't belong on your resume.

If you have less than five years of relevant experience, keep your resume 1-page long. For more senior SOC Analysts, a two-page resume is fine.

More details here: What Sections to Include on Your Resume?

Now, I'll give you a high-level overview of how to write each section, going from top to bottom. Well… almost. The only exception is the resume summary section. While it comes right after your contact info, it's actually easier to write it last. More on that in a sec.

Create a professional resume header

• Start with your name and contact information. Include the basics: your full name, phone number, professional email address, location, and LinkedIn profile. If you have a personal security blog, GitHub with security scripts, or a TryHackMe/HackTheBox profile, adding a link can demonstrate hands-on skills.
• Right below your name, clearly state your professional title (e.g., SOC Analyst or Senior Security Operations Analyst). This sets expectations and immediately positions you for security roles.

For more information, see: How to Create a Resume Header

Describe your work history

• Use reverse-chronological order. List your positions starting with the current or the most recent one.
• In each entry, include your job title, company name, location, and dates of employment.
• Below each position, write 3–7 bullet points — the more recent the position, the more bullet points you should include. Describe your responsibilities and, more importantly, your accomplishments.
• Use action verbs and quantify your achievements (e.g., "Triaged an average of 200+ daily security alerts with a 98% accuracy rate, reducing false positive escalations by 35%").
• If specific security frameworks, methodologies, or tools were central to your roles (e.g., MITRE ATT&CK, NIST Incident Response, Splunk, CrowdStrike), weave these details into your descriptions. This will also help you pass ATS scans.

Learn more about the best practices of this section with our detailed guide on how to describe your work experience on a resume.

List your degrees and detail professional learning

• In the education section, list your highest degree first, including the degree type, major, and institution.
• If you have relevant work experience, include only the name of your school and the degree you got. If you're an entry-level candidate, you can add more detail — list relevant coursework (network security, digital forensics, operating systems), extracurricular activities, and academic achievements.
• If you have security certifications (e.g., CompTIA Security+, CySA+, GCIH, CISSP), either include them in an "Education and Certifications" section, or create a separate "Certifications" section and place it right below. For SOC roles, certifications often carry as much weight as degrees — sometimes more.

For an in-depth guide on how to describe your education on a resume, see: How to List Education on a Resume

List your most relevant skills in the skills section

• Include a mix of technical skills (e.g., SIEM platforms, EDR tools, packet analysis) and security frameworks (e.g., MITRE ATT&CK, NIST CSF, Cyber Kill Chain) that you are proficient in.
• Add in some soft skills such as analytical thinking, communication, and collaboration. These demonstrate your capacity to work under pressure and communicate findings to both technical and non-technical audiences.
• You can use two separate subsections, one for hard skills, one for soft skills, or just list all the skills under one heading.
• Match your skills to the description of the job you're applying for. I'm not saying you should dump every security tool ever made onto your resume (especially if you've never used them), but highlight the areas where your expertise overlaps with what the job ad asks for.

Need some inspiration to get started? Here are some good skills to feature on your SOC Analyst resume.

Security tools and platforms:

• Splunk
• Microsoft Sentinel
• IBM QRadar
• CrowdStrike Falcon
• Palo Alto Cortex XSOAR
• Carbon Black
• Wireshark
• Elastic Security (ELK Stack)
• ServiceNow (SecOps)
• VirusTotal / Any.Run / Hybrid Analysis

Security frameworks and methodologies:

• MITRE ATT&CK
• NIST Cybersecurity Framework
• Cyber Kill Chain
• NIST 800-61 (Incident Response)
• ISO 27001
• Diamond Model of Intrusion Analysis
• OWASP Top 10
• Threat Intelligence Lifecycle
• SANS Incident Response Process
• Zero Trust Architecture

Key soft skills for SOC Analysts:

• Analytical Thinking
• Attention to Detail
• Communication (written and verbal)
• Problem-Solving
• Teamwork and Collaboration
• Adaptability Under Pressure
• Time Management and Prioritization
• Continuous Learning Mindset
• Critical Thinking
• Situational Awareness

For a full-blown guide on listing skills on a resume, visit: How to Put Skills on a Resume

Use additional sections as further proof of your fit

Additional sections add depth to your resume and back up your claimed expertise. Good examples of extra sections to add to a SOC Analyst resume are:

• Certifications. In cybersecurity, certifications are often non-negotiable. Give them prominent placement — especially industry-recognized ones like CompTIA Security+, CySA+, GCIH, GCIA, GCED, or CISSP.
• Lab projects and CTF competitions. A resume section dedicated to hands-on security projects — like building a home SOC lab, participating in CTF events, or contributing to open-source detection rules — can provide concrete examples of your skills in action.
• Professional associations. Membership in organizations like (ISC)², ISACA, or local ISSA chapters showcases your commitment to the profession.
• Conference attendance. Listing security conferences like DEF CON, BSides, Black Hat, or SANS summits shows you stay current with evolving threats and techniques.

Highlight the most relevant information in a resume summary

Once you're done writing your SOC Analyst resume, give it a full read. Pick the most relevant information and compile it into a summary paragraph. Place it right under the resume header.

• Be brief and to-the-point. In 3–4 sentences, sum up your career highlights, core competencies, and what you bring to the table. Consider this your chance to answer, "Why should you hire me to protect your organization?" Tailor this section to match the employer's needs outlined in the job description.
• Use value-oriented language. Focus on how you can strengthen the potential employer's security posture, mentioning specific metrics like incidents handled, detection improvements, or response time reductions.

Once you've completed the core sections of your resume, you can use Rezi AI Resume Summary Generator to automatically create a powerful summary, tailored to the job you're applying for. All you need to do is add the position and skills you want to highlight. The AI writer will do the rest.

More information here: How to Write a Job-Winning Resume Summary (with Examples)

For finishing touches, make sure your resume looks professional

• Use a clean and tidy resume format. Ensure your SOC Analyst resume is easily readable, with a professional font, consistent formatting, and clear section headings. Avoid overloading it with dense text or fancy design elements that could distract from the content and confuse resume screening software.
• Aim for a balance between detail and conciseness. If you're a junior or entry-level candidate, keep your resume to a single page. Experienced SOC Analysts can extend their resumes to two pages, but still need to make sure every word conveys value.

Learn more about proper resume formatting here: How to Format a Resume & What Standard Resume Format to Use

What Makes SOC Analyst Resumes Different

In short: the emphasis on threat detection capability, technical depth, and the ability to stay calm and effective under pressure.

This is also what many SOC Analysts get wrong on their resumes. Hiring managers in cybersecurity aren't impressed by a laundry list of tools you've logged into. They need to see how you think through problems, how quickly and accurately you triage threats, and how your work directly reduced risk for the organization.

Focus on detection and response outcomes

SOC Analysts are judged by their ability to find real threats in a sea of noise. Your resume needs to prove you can do exactly that — not just that you monitored a dashboard.

What it means for you:

• Quantify your detection and response work wherever possible. Metrics like alert volume triaged per shift, mean time to detect (MTTD), mean time to respond (MTTR), false positive reduction percentages, and number of confirmed incidents investigated are all powerful.
• Describe specific types of threats you've handled — phishing campaigns, ransomware attempts, lateral movement, data exfiltration — to show breadth and depth of experience.

Focus on tools and technical proficiency

Unlike many other roles, SOC positions require demonstrable hands-on experience with specific security tools. Recruiters and hiring managers will scan for these.

What it means for you:

• Name the exact tools you've used — don't just say "SIEM experience." Say "Splunk" or "Microsoft Sentinel" or "IBM QRadar." The same goes for EDR, SOAR, threat intelligence platforms, and ticketing systems.
• Go beyond just listing tools. Describe what you did with them: wrote custom detection rules in Splunk, built automated playbooks in XSOAR, or conducted packet analysis with Wireshark to identify C2 traffic.

Focus on frameworks and analytical methodology

Security hiring managers want to know that you have a structured approach to threat analysis, not just instinct. Frameworks signal maturity.

What this means for you:

• Reference frameworks like MITRE ATT&CK, the Cyber Kill Chain, or NIST 800-61 in the context of your actual work. For example, "Mapped detected threats to MITRE ATT&CK techniques to improve detection rule coverage across 12 tactic categories."
• Describe your investigation process — how you correlated events, what data sources you pulled from, and how you determined severity and scope. This shows hiring managers you don't just follow playbooks blindly.

Focus on certifications — they carry serious weight

In cybersecurity, certifications are often baseline requirements rather than nice-to-haves. Many job postings won't even consider candidates without specific certs.

What this means for you:

• Give certifications prominent placement on your resume. If the job posting mentions CompTIA Security+, CySA+, GCIH, or CISSP, make sure these are immediately visible — not buried at the bottom.
• If you're early in your career, certifications can compensate for limited work experience. Even in-progress certifications are worth listing (e.g., "GCIH — expected completion June 2026").

Focus on continuous learning and adaptability

The threat landscape changes constantly. Hiring managers want analysts who actively keep up, not ones who stopped learning after their last certification.

What this means for you:

• Include evidence of ongoing professional development — recent training courses, CTF participation, security conference attendance, or contributions to threat intelligence communities.
• If you've adapted to new tools, new threat types, or organizational changes (like migrating from one SIEM to another), call that out. It shows flexibility and a growth mindset — two things every SOC leader values.

Bonus Resources for SOC Analysts

This isn't going to be a game-changer if you need a resume right now. But —

I want you to treat your career holistically. These resources will help you sharpen your security operations skills, add real substance to your future resumes, and keep you current with a threat landscape that never stops evolving.

Professional associations and networks

(ISC)²

The organization behind the CISSP certification, (ISC)² offers a wealth of resources, events, and community forums for cybersecurity professionals at all levels. Their Certified in Cybersecurity (CC) entry-level certification is a great starting point for aspiring SOC Analysts.

ISACA

Known for certifications like CISM and CISA, ISACA provides professional development, research, and community resources focused on information security governance, risk management, and audit — all valuable context for SOC professionals.

Information Systems Security Association (ISSA)

ISSA is a community of security professionals offering networking, educational forums, and publications. Local chapter involvement is especially valuable for building connections in your geographic area.

Online learning and hands-on platforms

SANS Institute

SANS is the gold standard for cybersecurity training. Their courses like SEC504 (Hacker Tools, Techniques, and Incident Handling) and SEC511 (Continuous Monitoring and Security Operations) are directly relevant to SOC Analysts, and GIAC certifications from SANS carry tremendous industry weight.

TryHackMe & Hack The Box

Both platforms offer hands-on cybersecurity labs and challenges. TryHackMe is particularly beginner-friendly with structured SOC Analyst learning paths, while Hack The Box provides more advanced challenges. Both are excellent for building practical skills and demonstrating initiative on your resume.

Cybrary

Cybrary offers free and premium cybersecurity courses, including SOC Analyst-specific career paths. It's a solid resource for structured learning, especially if you're breaking into the field or transitioning from another IT discipline.

Publications and threat intelligence

Dark Reading

One of the most widely read cybersecurity news sites, Dark Reading covers the latest vulnerabilities, breaches, threat research, and industry trends — essential reading for staying current in security operations.

MITRE ATT&CK

More than just a framework, the ATT&CK knowledge base is an essential reference for understanding adversary tactics and techniques. Familiarizing yourself deeply with ATT&CK will improve both your daily SOC work and how you articulate your expertise on your resume.

SANS Reading Room

A massive library of research papers written by security professionals on topics ranging from incident response to threat hunting to SOC operations. Great for deepening your knowledge and finding inspiration for your own professional development.

Tools and community resources

Sigma Rules (GitHub)

Sigma is an open standard for SIEM detection rules. Contributing to or studying Sigma rules is an excellent way to improve your detection engineering skills and demonstrate community involvement on your resume.

SOC Prime

SOC Prime's Threat Detection Marketplace offers community-driven detection content mapped to MITRE ATT&CK. It's a valuable resource for staying on top of the latest detection techniques and understanding how top analysts approach threat detection.

Summary

Here's what you need to know about writing a SOC Analyst resume:

• Structure your SOC Analyst resume with essential sections in this order: Header, Resume Summary or Objective, Work Experience, Education, Skills, and Certifications. If relevant, add extra sections like Lab Projects, CTF Achievements, or Conference Participation.
• Include a professional header with your name, contact information, and professional title (e.g., SOC Analyst, Security Operations Analyst).
• Describe your work history in reverse-chronological order, emphasizing threat detection, incident response, and quantifiable outcomes like MTTR improvements or alert accuracy rates.
• In the education section, list your highest degree at the top. Give security certifications prominent placement — either in the education section or under a dedicated heading.
• Highlight a mix of security tools, frameworks, and soft skills, tailoring them to the job description.
• Name specific tools (Splunk, CrowdStrike, etc.) and frameworks (MITRE ATT&CK, NIST) rather than using vague terms like "SIEM experience."
• Use additional sections to showcase hands-on projects, certifications, and commitment to continuous learning.
• Once done writing the resume, compile the key information into a brief, impact-oriented resume summary at the top.
• Make your resume professional in appearance, aim for conciseness without sacrificing technical depth.
• Showcase your analytical thinking, detection capabilities, and measurable contributions to security operations.

Thanks for reading! Got any questions? Feel free to reach out to me on LinkedIn. (Or check out the FAQs first — maybe your question is answered there.)

FAQ

What keywords should I use on my SOC Analyst resume?

Use specific security terminologies and tool names relevant to your experience, such as SIEM, EDR, Splunk, CrowdStrike, incident response, threat hunting, MITRE ATT&CK, log analysis, and malware analysis. Include certifications like CompTIA Security+, CySA+, GCIH, or CISSP if you hold them. Mirror the exact language used in the job posting — if they say "security event monitoring," use that phrase rather than a synonym.

I'm transitioning from IT support or system administration into a SOC role. How should I approach my resume?

Focus on transferable skills like troubleshooting, log analysis, networking knowledge, and system administration. Highlight any security-adjacent work you've done — firewall management, access control, patching, or even identifying suspicious activity informally. Add any security certifications you've earned (even CompTIA Security+ makes a difference), and list hands-on projects from platforms like TryHackMe or home lab setups to show practical security skills.

What's the most common mistake on SOC Analyst resumes?

Listing every security tool you've ever heard of without context. Hiring managers can tell when you're padding your resume with tool names you've barely touched. Instead, for each tool you list, make sure your work experience section contains at least one bullet point describing how you actually used it. "Developed 40+ custom Splunk correlation rules that improved phishing detection by 25%" is infinitely more powerful than just writing "Splunk."

Should I include my home lab or CTF experience on my resume?

Absolutely — especially if you're early in your career or transitioning into cybersecurity. A well-documented home lab (e.g., setting up a SIEM, ingesting logs, simulating attacks) shows initiative and hands-on skills that many candidates lack. CTF rankings or achievements from platforms like TryHackMe or Hack The Box demonstrate practical problem-solving. Just describe them professionally — treat them like real projects.

How important are certifications for SOC Analyst resumes?

Very. Many SOC roles have certification requirements baked directly into the job posting, especially in government or defense-adjacent positions (think DoD 8570/8140 compliance). CompTIA Security+ is often the minimum. CySA+, GCIH, GCIA, and CISSP carry progressively more weight. If a cert is in progress, list it with an expected completion date — it's better than omitting it entirely.

Which resume format is best for SOC Analyst resumes?

The reverse-chronological format works best for SOC Analyst resumes. It highlights your career progression and makes it easy for hiring managers to see your growth from Tier 1 monitoring to more advanced investigation and response roles. If you're brand new to the field with no relevant work experience, a hybrid format that leads with a skills section followed by projects and education can work — but switch to reverse-chronological as soon as you have real SOC experience.

How technical should my resume be if a non-technical recruiter screens it first?

Strike a balance. Use industry-standard tool names and acronyms (these are what ATS systems and recruiters are scanning for), but pair technical details with plain-language outcomes. For instance, "Conducted packet analysis using Wireshark to identify command-and-control traffic, leading to containment of a compromised endpoint within 45 minutes" is both technically specific and understandable. The tool name satisfies the ATS; the outcome satisfies the human reader.

‍