Skip to main content
POST ATLAS
RoleCybersecurity

Junior SOC Analyst

Tier-1 alert triage. Close the false positives, escalate the rest, learn the playbooks.

The verdict

The realistic entry into security, with all the SOC warnings applied early. Take it knowing what comes with it.

Pick this if
  • You want into security and don't have an internal mover's advantage
  • You've actually checked you can handle shifts, not just assumed
  • You're targeting detection, IR or threat hunting within two years
  • You can write a clean ticket under pressure
Skip this if
  • You haven't done any structured study, the bar is real even for tier 1
  • You can't bear repetitive triage even in moderation
  • You picture yourself in offensive work, this isn't the right on-ramp
What "doing well" looks like in the seat
  • Your closed tickets stay closed
  • You start spotting the false positives others miss
  • You're volunteering for purple-team exercises and IR shadowing
  • You're studying detection logic, not just consuming alerts
The bit you're probably underestimating

The first eighteen months are unforgiving. Repetitive triage, rotating shifts, and a constant feeling of running just to stay still. The analysts who progress are the ones who treat the seat as a deliberate apprenticeship: study during quiet shifts, volunteer outside the queue, write something every week. The ones who don't end up senior SOC analysts at the same employer five years later, with the same skills and the same sleep deficit.

Tradeoffs at a glance

Hover any chip for the calibrated meaning. Ratings are directional, not absolute.

Promotion ceiling

Promotes to SOC Analyst / Tier-2 in 12–24 months; ceiling depends on detection or IR pivot.

Who actually gets in
  • +Help desk
  • +Desktop support
  • +Self-taught (TryHackMe SOC path)
Common misconceptions
  • That junior SOC means doing exciting investigations. It means triaging Defender alerts on a shift rota.

Where this leads

  • SOC Analyst
  • Detection Engineering
  • DFIR

Certifications people pair with this

Listed because the graph connects them to this role, not because you need all of them. Most practitioners pick one or two.

Pathways that pass through here

The serious next step

You've read about the role. The harder question is whether it's the right one for you.

A Career Verdict is the written, practitioner-authored call on your specific route into and out of this role. Six primitives, same format every time.

Plateau zone
The flat year nobody warns you about, named and timed.
Reality vs Fantasy
Your actual five-year curve against the one you've been sold.
What to sit and what to skip
Each cert on your list: useful, optional, or skip, with reasons.
The call
A single written judgment on whether your plan holds up.
Tradeoff spectrum
What you're giving up for what you're choosing, plotted.
Decisive factors
The two or three things that will actually make or break this.
See what a Career Verdict looks like£25 · one verdict, yours to keep

Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.

All roles