Detect, triage, and respond to security incidents in real time.
SOC Analysts are the first line of defence in a security operations center. You'll spend your days inside a SIEM, correlating alerts, hunting for indicators of compromise, and escalating real threats to L2 / IR.
Tools in scope
MSSP
Heavy on shift workflows, ticket SLAs, and tier-1/tier-2 handoff.
In-house enterprise
More context on internal apps, business risk, and stakeholder comms.
// Sample question
Walk me through how you'd triage a Splunk alert for a successful login from an impossible-travel location.
Confirm the source and destination IPs and geolocation, check whether the user has an active VPN session, correlate with VPN logs and MFA history, look for downstream behaviour (mailbox-rule changes, OAuth grants), then either close as benign-VPN or escalate to IR with a containment recommendation.
AI-graded, role-specific, feedback on every answer. Free to start.