Agentic AI Atlas

II.

Role JSON

role:soc-analyst

Structured · live

SOC Analyst json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · role/roles/roles-expanded-2.yamlCluster · role

Record JSON

{
  "id": "role:soc-analyst",
  "_kind": "Role",
  "_file": "role/roles/roles-expanded-2.yaml",
  "_cluster": "role",
  "attributes": {
    "displayName": "SOC Analyst",
    "isAgentic": false,
    "requiredCapabilities": [],
    "requiredDomains": [],
    "description": "Operates within a Security Operations Center — monitors SIEM alerts,\ntriages security events, investigates incidents, and escalates\nconfirmed threats. Works in tiered shifts (L1/L2/L3).\n"
  },
  "outgoingEdges": [
    {
      "from": "role:soc-analyst",
      "to": "responsibility:security-incident-triage",
      "kind": "holds_responsibility"
    },
    {
      "from": "role:soc-analyst",
      "to": "responsibility:incident-response",
      "kind": "holds_responsibility"
    },
    {
      "from": "role:soc-analyst",
      "to": "skill-area:security-monitoring-siem",
      "kind": "requires_expertise",
      "attributes": {}
    },
    {
      "from": "role:soc-analyst",
      "to": "skill-area:incident-response-forensics",
      "kind": "requires_expertise",
      "attributes": {}
    },
    {
      "from": "role:soc-analyst",
      "to": "domain:cybersecurity",
      "kind": "applies_to",
      "attributes": {}
    }
  ],
  "incomingEdges": [
    {
      "from": "responsibility:security-incident-triage",
      "to": "role:soc-analyst",
      "kind": "held_by",
      "attributes": {}
    },
    {
      "from": "workflow:security-incident-response",
      "to": "role:soc-analyst",
      "kind": "involves_role",
      "attributes": {}
    }
  ]
}