II.
Role overview
Reference · liverole:soc-analyst
SOC Analyst overview
Operates within a Security Operations Center — monitors SIEM alerts, triages security events, investigates incidents, and escalates confirmed threats. Works in tiered shifts (L1/L2/L3).
Attributes
displayName
SOC Analyst
isAgentic
false
requiredCapabilities
[]
requiredDomains
[]
description
Operates within a Security Operations Center — monitors SIEM alerts,
triages security events, investigates incidents, and escalates
confirmed threats. Works in tiered shifts (L1/L2/L3).
Outgoing edges
applies_to1
- domain:cybersecurity·DomainCybersecurity
holds_responsibility2
- responsibility:security-incident-triage·ResponsibilitySecurity incident triage
- responsibility:incident-response·Responsibility
requires_expertise2
- skill-area:security-monitoring-siem·SkillAreaSecurity Monitoring and SIEM
- skill-area:incident-response-forensics·SkillAreaIncident Response and Forensics
Incoming edges
held_by1
- responsibility:security-incident-triage·ResponsibilitySecurity incident triage
involves_role1
- workflow:security-incident-response·WorkflowSecurity Incident Response