Certified SOC Analyst (CSA)

The Certified SOC Analyst (CSA) is an entry-level certification designed to prepare individuals for roles in a Security Operations Center (SOC). The program focuses on developing the skills necessary to monitor, detect, and respond to cybersecurity incidents. It provides a strong foundation in SOC operations, log management, SIEM deployment, and threat intelligence. The course is lab-intensive and emphasizes real-world scenarios to help learners become effective front-line defenders against cyber threats.

Who It’s For:
This course is ideal for aspiring and current Tier I and Tier II SOC analysts, cybersecurity professionals, network administrators, and IT staff looking to transition into security operations. It is also suitable for federal employees and contractors seeking to build or enhance their SOC capabilities.

What You’ll Learn:
Participants will gain hands-on experience in security operations, incident detection, log correlation, and threat intelligence. The course also covers collaboration with CSIRT teams and the use of SIEM tools for enhanced threat detection.

Course Outline:

Security Operations and Management
Understanding Cyber Threats, IoCs, and Attack Methodology
Incidents, Events, and Logging
Incident Detection with Security Information and Event Management (SIEM)
Enhanced Incident Detection with Threat Intelligence
Incident Response

Why It’s Valuable for Federal Employees and Contractors:
The CSA certification aligns with the NICE Cybersecurity Workforce Framework and supports federal cybersecurity initiatives by preparing professionals to serve as the first line of defense in SOC environments. It enhances the ability to detect and respond to threats in real time, which is critical for protecting government networks and infrastructure.

Delivery Formats:
The CSA program is available in multiple formats: In-Person Training, Online Self-Paced, and Online Instructor-Led.

Course Overview

Overall Proficiency Level

2 - Intermediate

Course Prerequisites

none

Training Purpose

Skill Development

Specific Audience

All

Delivery Method

Online, Instructor-Led

Online, Self-Paced

Online, Instructor-Led
Online, Self-Paced

Learning Objectives

Understand SOC operations and security monitoring processes
Identify and analyze cyber threats, IoCs, and attack vectors
Manage and correlate logs from various sources
Deploy and operate SIEM tools for incident detection
Use threat intelligence to enhance detection capabilities
Respond to security incidents and escalate as needed
Collaborate with incident response and forensic teams
Maintain documentation and reporting standards
Improve SOC efficiency through automation and best practices
Prepare for Tier I and Tier II SOC analyst roles

Framework Connections

Protection and Defense

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Work Roles

Defensive Cybersecurity

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date: June 6, 2025