Associate Security Operations Analyst

Role Purpose & Context

Role Summary

The Associate Security Operations Analyst is here to help us spot and deal with security threats as they pop up, following clear instructions. Day-to-day, you'll be looking at alerts, figuring out if they're real problems or just noise, and then escalating them to someone more senior if needed. You're basically our first line of defence, working within the Security Operations Centre (SOC) team to make sure we catch things early. This role sits right at the heart of our security operations, taking raw security data and turning it into actionable insights for the wider security team. You'll be working closely with other analysts, learning from them, and making sure our initial responses are quick and accurate. When you do this job well, we catch threats before they become big headaches, keeping our data and systems secure. If things go wrong, though, we could miss a critical attack, leading to data breaches or system downtime – and nobody wants that. The tricky part is sifting through a mountain of alerts, many of which are false alarms, to find the one that truly matters. The reward? You'll be learning incredibly valuable skills, contributing directly to the company's protection, and seeing real-time how cyber defence works.

Reporting Structure

• Reports to: Security Analyst (L2)
• Direct reports:
• Matrix relationships: Junior SOC Analyst, Entry-Level Cyber Security Analyst, Security Trainee,

Key Stakeholders

Internal:

• Security Operations Team (SOC)
• IT Helpdesk
• Infrastructure Team
• Application Owners
• Network Operations Team

External:

• None (this is an internal-facing role at this level)

Organisational Impact

Scope: This role is absolutely critical for the initial detection and triage of security incidents. Your quick and accurate work means we can identify potential threats early, reducing the 'dwell time' of attackers in our systems. Essentially, you're stopping small issues from becoming major, costly problems for the entire business. You're the eyes and ears, helping to maintain our overall security posture.

Performance Metrics

Quantitative Metrics

1. Metric: Mean Time to Acknowledge (MTTA)
2. Desc: How quickly you pick up and start looking at a new security alert after it comes in.
3. Target: Less than 15 minutes for critical alerts
4. Freq: Daily, reviewed weekly
5. Example: An urgent alert comes in at 10:00 AM, and you've assigned it to yourself and started initial triage by 10:12 AM – that's a pass.
6. Metric: Alert Triage Accuracy
7. Desc: How accurately you classify an alert as a true positive (a real threat) or a false positive (a benign event).
8. Target: Over 98% accurate classification
9. Freq: Weekly, through peer review
10. Example: Out of 50 alerts triaged, you correctly identify 49 as true/false positives, and only one is misclassified. That's good going.
11. Metric: Tickets Closed per Shift
12. Desc: The number of security incident tickets you manage to close or escalate within a typical shift, meeting team baselines.
13. Target: Meets or exceeds team baseline (e.g., 20-30 tickets per 8-hour shift)
14. Freq: Daily, reviewed weekly
15. Example: If the team average is 25 tickets, you consistently hit around that number, showing you're keeping up with the workload.
16. Metric: Vulnerability Scan Report Generation
17. Desc: The timely and accurate generation of vulnerability scan reports for asset owners.
18. Target: 100% of scheduled reports generated on time
19. Freq: Weekly/Monthly, depending on scan schedule
20. Example: You're responsible for the weekly report for the Marketing team's web servers, and it's always in their inbox by Friday afternoon.

Qualitative Metrics

1. Metric: Adherence to Playbooks and Procedures
2. Desc: How well you follow the documented steps for handling different types of security incidents and tasks.
3. Evidence: Your incident notes clearly show you've followed the runbook. Senior analysts rarely need to correct your process. You ask questions if a step isn't clear, rather than guessing.
4. Metric: Clear and Concise Documentation
5. Desc: The quality of your notes, summaries, and initial reports for incidents and tasks.
6. Evidence: Your colleagues can easily understand your incident logs. Escalations include all the necessary information for the next person to pick it up without chasing you for details. You use templates correctly.
7. Metric: Effective Escalation
8. Desc: Knowing when to escalate an incident to a more senior analyst or another team, and doing so with all the relevant context.
9. Evidence: Senior analysts receive escalations with enough information to act immediately. You rarely escalate something that could have been handled at your level, and you rarely hold onto something that should have been escalated sooner.
10. Metric: Proactive Learning and Growth
11. Desc: Your initiative in learning new tools, techniques, and security concepts.
12. Evidence: You ask thoughtful questions during debriefs. You complete assigned training modules on time. You show interest in understanding 'why' an alert fired, not just 'what' it was. You'll often be found reading up on a new threat in your downtime.

Primary Traits

• Trait: Forensic Mindset (Problem-solver)
• Manifestation: You're the sort who loves digging into a puzzle, following every little breadcrumb. When an alert fires, you don't just close it; you want to know *why* it fired, and what else might be going on. You'll methodically trace an IP address, then a file hash, then a process ID, documenting every single step. You won't jump to conclusions, even when everyone else is panicking.
• Benefit: An alert is just a symptom, isn't it? We need people who can go beyond closing a ticket and actually figure out the full story of what happened. This trait lets you get to the root cause of a problem, not just patch over the surface, which is absolutely vital for stopping attackers from coming back.
• Trait: Unwavering Precision (Precise)
• Manifestation: You'll instinctively check that IP address three times before hitting 'block'. You're the one who spots the tiny typo in a malicious domain name that others miss. When you write an incident report, it's clear, unambiguous, and has all the right timestamps. You know a misplaced decimal or a wrong character can cause a massive headache, so you're meticulous.
• Benefit: Honestly, a mistake in security can have huge consequences. Blocking the wrong IP could take down a critical business service. A poorly written report means the next analyst won't know what to do, or we might miss a crucial detail that leads to a re-infection. We need people who are naturally precise, because the stakes are genuinely high.
• Trait: Relentless Curiosity (Self-directed)
• Manifestation: You're always tinkering, always reading up on the latest nasties, even outside of work. You'll ask 'why' an alert fired, not just 'what' it is. You're keen to learn new features in our security tools and you're not afraid to poke around (carefully, of course!) to understand how things work. You're not just waiting for tasks; you're looking for things to learn and improve.
• Benefit: The truth is, the threat landscape changes every single day. If you're not driven to learn and keep up on your own, you'll be out of date within a year. This curiosity is what separates someone who just closes tickets from a true defender who's always looking to get better and proactively protect the organisation.

Supporting Traits

• Trait: Healthy Skepticism
• Desc: You trust, but you always verify. You'll assume a system might be compromised until you've got solid evidence it's clean.
• Trait: Calm Under Pressure
• Desc: When a critical alert fires at 3 AM, you can think clearly, follow the playbook, and not panic. You're the steady hand.
• Trait: Articulate Communicator
• Desc: You can explain a technical alert to a non-technical colleague without making them glaze over or causing unnecessary alarm. Clear and simple, that's the goal.
• Trait: Collaborative
• Desc: You understand that security isn't a solo sport. You'll work well with the IT team, the developers, and other business units to get things sorted.

Primary Motivators

1. Motivator: Continuous Learning & Skill Development
2. Daily: You'll be exposed to new threats, tools, and techniques constantly. Every alert is a learning opportunity. You'll spend time in training, reading threat intelligence, and getting hands-on with our security platforms.
3. Motivator: Making a Tangible Impact
4. Daily: Your work directly contributes to protecting the company. When you successfully triage an alert or help remediate a vulnerability, you're actively making us safer. You'll see the direct results of your efforts.
5. Motivator: Solving Puzzles & Investigations
6. Daily: A big part of the job is investigating alerts – piecing together clues from different systems to understand what happened. If you enjoy detective work and figuring out complex problems, you'll love this.

Potential Demotivators

Let's be real, this job isn't always glamorous. You'll spend a fair bit of time sifting through what feels like endless noise, only for it to be Marketing's new email tool causing a fuss. The 'urgent' request that disrupted your Thursday might get deprioritised on Friday because something else blew up. You'll follow playbooks to the letter, and sometimes, frankly, it can feel a bit repetitive. If you need to see every piece of work make it to a grand, strategic conclusion, you might struggle here.

Common Frustrations

1. The 'Sea of Red': Drowning in thousands of low-priority vulnerability scanner results and trying to convince overworked system admins to patch a 'medium' finding.
2. Chasing Ghosts: Spending hours investigating a sophisticated alert only to discover it was a benign script run by the DevOps team who forgot to notify the SOC.
3. Alert Fatigue: The mental exhaustion from dealing with a high volume of low-fidelity alerts, making it hard to spot the real threats.
4. Tool Sprawl: Juggling six different security consoles with different UIs and query languages just to investigate a single alert.
5. The Asset Inventory Lie: Trying to protect assets that aren't properly documented or whose owners left the company six months ago.

What Role Doesn't Offer

1. High-level strategic decision-making (that comes later).
2. Complete autonomy over projects (you'll have clear guidance).
3. A quiet, predictable routine (expect the unexpected).
4. Immediate impact on organisational-wide security policy (you're executing, not defining).

ADHD Positives

1. The fast-paced, alert-driven nature of the SOC can be engaging and provide constant novelty, which can be great for those with ADHD.
2. Hyperfocus can be a superpower during incident investigations, allowing you to dive deep into complex data for extended periods.
3. The clear, structured playbooks and procedures provide a helpful framework for tasks, reducing ambiguity.

ADHD Challenges and Accommodations

1. The high volume of alerts can sometimes lead to overwhelm or difficulty prioritising without clear guidance. We can help with structured prioritisation tools and regular check-ins.
2. Maintaining focus on repetitive tasks (like routine report generation) might be challenging. We can look at automating some of these or rotating responsibilities.
3. Documentation, while critical, might feel tedious. We use templates and AI assistance to make this less burdensome.

Dyslexia Positives

1. Strong visual-spatial reasoning, often associated with dyslexia, can be excellent for understanding network diagrams, attack chains, and data flows.
2. The ability to see the 'big picture' can help in connecting disparate pieces of evidence during an investigation, even if individual words are tricky.
3. Many security tools are highly visual, using dashboards and graphs, which can be very accessible.

Dyslexia Challenges and Accommodations

1. Reading and writing detailed incident reports or complex technical documentation can be time-consuming. We encourage the use of dictation software, grammar checkers, and provide templates.
2. Parsing dense log data or threat intelligence reports might require extra effort. We can use tools for summarisation and offer screen readers or text-to-speech options.
3. Query languages (like SPL/KQL) can be syntax-heavy. We provide comprehensive examples, reference sheets, and pair programming for learning.

Autism Positives

1. A strong aptitude for logical, systematic thinking is highly valued in security analysis, especially when following incident response playbooks.
2. The ability to focus intently on details and patterns is crucial for spotting anomalies in logs and identifying indicators of compromise.
3. Clear, structured processes and defined tasks within the SOC environment can provide a sense of predictability and comfort.

Autism Challenges and Accommodations

1. Unexpected critical incidents can disrupt routine, which might be unsettling. We provide clear escalation paths and debriefs to manage these situations.
2. Navigating social nuances in team collaboration or stakeholder communication might be challenging. We promote direct, clear communication and provide communication templates.
3. Sensory input in a busy SOC environment (e.g., multiple screens, alerts, conversations) could be overwhelming. We offer noise-cancelling headphones and options for quieter work zones.

Key Responsibilities

Experience Levels Responsibilities

1. Level: Associate Security Operations Analyst (L1)
2. Responsibilities: Execute basic queries in Splunk or Microsoft Sentinel to investigate initial alerts. You'll be using pre-defined playbooks and search templates, not building complex ones from scratch.
3. Triage incoming security alerts from various sources (SIEM, EDR, email) – that means figuring out if it's a real problem or just a false alarm, and then categorising it correctly.
4. Investigate basic EDR (CrowdStrike Falcon or SentinelOne) alerts, following documented procedures to understand what happened on an endpoint. This might involve isolating a host or pulling a suspicious file for analysis.
5. Run pre-configured vulnerability scans using tools like Tenable.sc or Nessus. Once the scan finishes, you'll generate the reports and create tickets for the IT or patching teams to go fix things.
6. Consume threat intelligence feeds from platforms like MISP or Anomali ThreatStream. Your job here is to search our internal logs and security tools for any indicators of compromise (IOCs) mentioned in those reports.
7. Execute existing Python or PowerShell scripts for data gathering or repetitive tasks. You won't be writing new scripts, but you might make minor, guided modifications to existing ones.
8. Review and triage cloud security findings from AWS Security Hub or Azure Security Center, following runbooks to help remediate basic misconfigurations (e.g., a publicly accessible S3 bucket).
9. Document all your findings, actions taken, and escalations clearly and concisely in our incident management system. Yes, it's tedious, but future-you (and your colleagues) will be grateful.
10. Supervision: You'll have daily check-ins with a Security Analyst (L2) or Senior Security Analyst (L3). Most of your tasks will be paired work initially, and all your decisions and completed tasks will be reviewed before they're finalised. Think of it as having a mentor right there with you, guiding you through everything.
11. Decision: Honestly, you won't be making independent decisions here. Your role is to execute assigned work by following established procedures and playbooks. Any situation that falls outside of a clear runbook, or requires a judgment call, needs to be escalated immediately to your supervisor. No client contact without explicit approval.
12. Success: You're successful when you consistently follow playbooks, accurately triage alerts, document your work clearly, and know when to ask for help or escalate. Learning quickly and showing initiative in understanding the 'why' behind tasks will also be key.

Decision-Making Authority

• Type: Alert Triage & Classification
• Entry: Follows documented playbooks; escalates anything ambiguous or high-severity immediately. All classifications are reviewed.
• Mid: Independently classifies routine alerts; consults on ambiguous cases; escalates high-severity incidents with initial analysis.
• Senior: Defines and refines triage playbooks; makes independent decisions on complex alerts; provides guidance on escalations.
• Type: Incident Containment Actions
• Entry: Executes pre-approved containment steps from a playbook (e.g., isolating a host) under direct supervision. Any deviation requires immediate escalation.
• Mid: Independently executes standard containment actions; proposes non-standard actions for review.
• Senior: Designs and approves containment strategies; authorises non-standard actions; leads containment efforts for major incidents.
• Type: Vulnerability Remediation Prioritisation
• Entry: Generates reports and creates tickets based on pre-defined severity. No prioritisation decisions.
• Mid: Prioritises 'medium' and 'low' vulnerabilities based on asset criticality and business context, with manager review. Escalates 'critical' and 'high' findings for immediate action.
• Senior: Defines the vulnerability prioritisation framework; debates risk acceptance with asset owners; makes final recommendations on remediation timelines.

Competency Requirements

Foundation Skills (Transferable)

These are the core human skills that will make you effective in this role. They're not just 'nice-to-haves'; they're absolutely essential for navigating the complexities of cyber security and working well within a team.

• Category: Communication
• Skills: Clear and Concise Reporting: Can write incident notes and initial reports that are easy for others to understand, without jargon where possible, and with all the necessary details.
• Active Listening: Can listen carefully to a problem description from a colleague or a system alert, asking clarifying questions to get to the heart of the issue.
• Effective Escalation: Knows when and how to hand over an issue to a more senior person, providing all the critical information they need to take over without delay.
• Category: Problem-Solving
• Skills: Logical Deduction: Can follow a step-by-step process to investigate an alert, using evidence to rule out possibilities and narrow down the cause.
• Root Cause Identification (basic): Can, with guidance, trace an issue back to its origin, rather than just treating the symptoms.
• Pattern Recognition: Can spot unusual activities or recurring themes in logs or alerts that might indicate a larger problem.
• Category: Adaptability & Resilience
• Skills: Learning Agility: Can quickly pick up new tools, processes, and threat intelligence as the security landscape constantly shifts.
• Stress Tolerance: Can remain calm and focused when dealing with high-priority incidents or a sudden influx of alerts.
• Dealing with Ambiguity: Can operate effectively even when information is incomplete, knowing when to seek clarification or escalate.
• Category: Attention to Detail
• Skills: Meticulous Data Review: Can spot tiny discrepancies, typos, or single-character differences in logs, IP addresses, or file hashes that could be crucial.
• Procedure Adherence: Can follow complex, multi-step playbooks precisely, ensuring no critical steps are missed during an incident response.
• Thorough Documentation: Can record all actions, observations, and decisions accurately and completely, creating a reliable audit trail.

Functional Skills (Role-Specific Technical)

These are the specific technical skills and knowledge you'll need to hit the ground running, or at least learn very quickly, in this role. We're looking for a solid foundation, not necessarily an expert at this level.

Technical Competencies

• Skill: MITRE ATT&CK Framework (Basic Understanding)
• Desc: You'll need to understand what MITRE ATT&CK is and how it helps us classify attacker tactics and techniques. You'll use it to map observed behaviours during an investigation, helping to identify what an attacker is trying to do.
• Level: Basic: Can identify common tactics and techniques when presented with examples; understands the structure of the framework.
• Skill: Incident Response Lifecycle (PICERL - Foundational)
• Desc: You'll learn and apply the basics of the Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned model. For you, this means following the 'Identification' and 'Containment' steps within our playbooks.
• Level: Basic: Can follow documented steps for initial incident identification and containment; understands the overall flow.
• Skill: Log Analysis & Correlation (Basic)
• Desc: The ability to sift through different types of logs (firewall, proxy, endpoint) to find relevant information. You'll be using pre-built queries and learning to spot unusual entries.
• Level: Basic: Can execute basic search queries in a SIEM; can identify key fields in common log types (e.g., source IP, destination IP, username).
• Skill: Digital Forensics Fundamentals (Concepts)
• Desc: Understanding core concepts like 'order of volatility' (what evidence disappears first) and 'chain of custody' (how to handle evidence legally). You won't be doing deep forensics, but you'll need to know how to preserve evidence.
• Level: Basic: Understands the importance of evidence preservation; knows basic concepts of host and memory forensics.

Digital Tools

• Tool: Splunk / Microsoft Sentinel (SIEM)
• Level: Basic
• Usage: Executing pre-defined SPL/KQL queries to investigate alerts, navigating dashboards, and triaging security events.
• Tool: CrowdStrike Falcon / SentinelOne (EDR/XDR)
• Level: Basic
• Usage: Investigating endpoint alerts, isolating compromised hosts, and collecting suspicious files for further analysis, all under guidance.
• Tool: Tenable.sc / Nessus (Vulnerability Management)
• Level: Basic
• Usage: Running pre-configured vulnerability scans, generating reports, and creating tickets for remediation teams.
• Tool: MISP / Anomali ThreatStream (Threat Intelligence)
• Level: Basic
• Usage: Consuming threat intelligence feeds and searching for indicators of compromise (IOCs) within our internal security tools and logs.
• Tool: Python / PowerShell (Scripting)
• Level: Basic
• Usage: Executing existing scripts for data gathering or automating repetitive tasks, potentially making minor modifications with supervision.
• Tool: AWS Security Hub / Azure Security Center (Cloud Security)
• Level: Basic
• Usage: Reviewing and triaging cloud security findings, following runbooks to remediate basic misconfigurations.

Industry Knowledge

• Area: Networking Fundamentals
• Desc: You'll need a solid grasp of basic networking concepts: TCP/IP, common ports and protocols, firewalls, and how networks are structured. This helps you understand network-based attacks.
• Area: Operating Systems (Windows/Linux)
• Desc: A good understanding of how Windows and Linux operating systems work, including file systems, processes, and common commands. This is crucial for endpoint investigations.
• Area: Cyber Security Principles
• Desc: Basic knowledge of common cyber security threats (e.g., phishing, malware, ransomware), vulnerabilities, and defence mechanisms.

Regulatory Compliance Regulations

• Reg: GDPR (General Data Protection Regulation)
• Usage: Understand the importance of protecting personal data and how security incidents can impact GDPR compliance. You'll know to flag incidents involving personal data.
• Reg: PCI-DSS (Payment Card Industry Data Security Standard)
• Usage: If applicable to our business, you'll understand that incidents involving cardholder data are high priority and require specific handling procedures.

Essential Prerequisites

• A foundational understanding of IT systems and networks, perhaps from an IT support role or relevant studies.
• The ability to follow complex instructions accurately and meticulously.
• A genuine eagerness to learn and develop a career in cyber security.
• Strong problem-solving skills, even if it's just following a logical path to a solution.
• Excellent written and verbal communication skills in English, for clear documentation and escalation.

Career Pathway Context

We're looking for someone who's keen to build a career in security. This role is designed to give you a solid foundation, so while prior security experience is a bonus, a strong technical aptitude and a thirst for knowledge are what truly matter. Think of it as your security apprenticeship.

Qualifications & Credentials

Emerging Foundation Skills

• Skill: Prompt Engineering & LLM Integration (Basic)
• Why: Honestly, competitors are already using tools like ChatGPT and Claude to draft reports in minutes that used to take hours. Analysts who figure this out will outproduce their peers. This isn't just a 'nice-to-have' anymore; it's becoming a core productivity skill.
• Concepts: [{'concept_name': 'Effective Prompting', 'description': 'Learning how to ask LLMs the right questions to get useful, accurate security-related summaries or code snippets.'}, {'concept_name': 'Context Windows', 'description': "Understanding how much information an AI can 'remember' at once and how to manage it for complex tasks."}, {'concept_name': 'Output Validation', 'description': "Knowing that AI can 'hallucinate' and always double-checking its outputs for accuracy, especially in security."}, {'concept_name': 'Data Privacy with LLMs', 'description': 'Understanding what data can and cannot be fed into public or private LLMs to avoid accidental leaks.'}]
• Prepare: This week: Set up a personal account with a major LLM (e.g., ChatGPT, Claude) and start using it for simple tasks like email drafting or summarising articles.
• This month: Experiment with prompting for security-related tasks, like summarising a threat intelligence report or drafting a basic incident communication.
• Month 2: Explore how to integrate AI directly into your workflow for documentation or initial alert enrichment (e.g., asking for an IP's reputation).
• Month 3: Share one 'AI win' with your team – how AI saved you time on a specific task.
• QuickWin: Start using Claude or ChatGPT to draft email summaries, initial incident notes, or even just to explain complex technical concepts to you. No approval needed, immediate benefit.

Advancing Technical Skills

• Skill: Advanced SIEM Querying & Rule Tuning
• Why: You'll need to move beyond basic playbook queries. As threats evolve, so do the ways we detect them. Being able to write more complex, high-fidelity detection rules means catching more sophisticated attacks and reducing false positives.
• Concepts: [{'concept_name': 'Correlation Searches', 'description': 'Combining events from different log sources to identify a multi-stage attack.'}, {'concept_name': 'Statistical Analysis in SIEM', 'description': 'Using SIEM features to detect anomalies based on baselines and statistical deviations.'}, {'concept_name': 'Threat Modelling for Detection', 'description': 'Thinking like an attacker to anticipate how they might bypass current detections and then building new ones.'}]
• Prepare: This quarter: Take an online course on advanced Splunk SPL or Microsoft Sentinel KQL.
• Next quarter: Work with a Senior Analyst to help tune an existing detection rule, understanding the logic behind it.
• Month 6: Propose a minor modification to an existing playbook based on a new query you've learned.
• Month 9: Start experimenting with writing your own basic correlation searches in a test environment.
• QuickWin: Ask your mentor to walk you through a complex SIEM query they've written and explain each part. Try to replicate it with different parameters.
• Skill: Basic Cloud-Native Security Analysis
• Why: More and more of our infrastructure is moving to the cloud. Understanding how to investigate security incidents using cloud-native tools (not just our SIEM) will become essential. It's a different beast than on-premise security.
• Concepts: [{'concept_name': 'Cloud Logging Services', 'description': 'Understanding AWS CloudTrail, GuardDuty, Azure Activity Logs, and how to query them.'}, {'concept_name': 'Cloud Identity & Access Management (IAM)', 'description': 'How permissions work in the cloud and how to spot suspicious privilege escalations.'}, {'concept_name': 'Serverless Security', 'description': 'Understanding the unique security considerations for functions like AWS Lambda or Azure Functions.'}]
• Prepare: This quarter: Complete an introductory course on AWS or Azure security fundamentals.
• Next quarter: Get hands-on with querying CloudTrail/Activity Logs for suspicious activity.
• Month 6: Shadow a Senior Analyst during a cloud security incident investigation.
• Month 9: Propose a new detection rule for a common cloud misconfiguration.
• QuickWin: Explore the AWS Security Hub or Azure Security Center console in your spare time. Click around, see what findings it shows, and try to understand them.

Education Requirements

• Level: Minimum
• Req: A-Levels or a College Diploma (Level 3-4 OFQUAL equivalent) in a technical subject (e.g., IT, Computer Science, Networking).
• Alts: Alternatively, demonstrable equivalent experience (e.g., 2+ years in an IT Helpdesk or Network Support role) or completion of a recognised cyber security bootcamp.
• Level: Preferred
• Req: A Bachelor's degree (Level 6 OFQUAL equivalent) in Cyber Security, Computer Science, or a related technical field.
• Alts: Relevant industry certifications combined with a strong portfolio of personal security projects.

Experience Requirements

You'll need 0-2 years of experience in a technical role. This could be anything from an IT Helpdesk position where you've troubleshooted network issues, to a support role where you've dealt with basic system administration. We're looking for someone with a foundational understanding of how computers and networks actually work, and a genuine interest in security. Internships in a security team absolutely count!

Preferred Certifications

• Cert: CompTIA Security+
• Prod: CompTIA
• Usage: This certification shows you've got a solid grasp of fundamental security concepts, network security, threats, and vulnerabilities. It's a great baseline for a SOC analyst.
• Cert: CompTIA CySA+
• Prod: CompTIA
• Usage: This one focuses more on the analytical skills needed for security operations, including threat detection, analysis, and response. It's a step up from Security+ and highly relevant.
• Cert: Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
• Prod: Microsoft
• Usage: If you're keen on cloud security, this shows a basic understanding of Microsoft's security offerings, which is increasingly important.

Recommended Activities

• Participate in online security challenges or 'Capture The Flag' (CTF) events to practice your analytical skills.
• Follow reputable cyber security blogs and threat intelligence feeds to stay current with the latest threats.
• Engage with security communities online (e.g., Reddit's r/cybersecurity, LinkedIn groups) to learn from others.
• Attend free webinars or virtual conferences on security topics to broaden your knowledge.

Career Progression Pathways

Entry Paths to This Role

• Path: IT Helpdesk / Support Specialist
• Time: 1-2 years
• Path: University Graduate (Cyber Security/Comp Sci)
• Time: 0-1 year (post-degree)
• Path: Security Internship / Apprenticeship
• Time: 6-12 months

Career Progression From This Role

• Pathway: Security Analyst (L2)
• Time: 2-3 years in the Associate role

Long Term Vision Potential Roles

• Title: Senior Security Analyst (L3)
• Time: 5-8 years total experience
• Title: Lead Analyst / Staff Threat Hunter (L4)
• Time: 8-12 years total experience
• Title: Manager, Security Operations (SOC) (L5)
• Time: 12-16 years total experience

How Zavmo Delivers This Role's Development

DISCOVER Phase: Skills Gap Analysis

Zavmo maps your current competencies against all requirements in this job description through conversational assessment. We evaluate your foundation skills (communication, strategic thinking), functional skills (CRM expertise, negotiation), and readiness for career progression.

Output: Personalised skills gap heat map showing strengths and priorities, estimated time to competency, neurodiversity accommodations.

DISCUSS Phase: Personalised Learning Pathway

Based on your DISCOVER results, Zavmo creates a personalised learning plan prioritised by impact: foundation skills first, then functional skills. We adapt to your learning style, pace, and neurodiversity needs (ADHD, dyslexia, autism).

Output: Week-by-week schedule, each module linked to specific job responsibilities, checkpoints and milestones.

DELIVER Phase: Conversational Learning

Learn through conversation, not boring modules. Zavmo uses 10 conversation types (Socratic dialogue, role-play, coaching, case studies) to build competence. Practice difficult QBR presentations, negotiate tough renewals, and handle churn conversations in a safe AI environment before facing real clients.

Example: "For 'Stakeholder Mapping', Zavmo will guide you through analysing a complex enterprise account, identifying key decision-makers, and building an engagement strategy."

DEMONSTRATE Phase: Competency Assessment

Zavmo automatically builds your evidence portfolio as you learn. Every conversation, practice scenario, and application example is captured and mapped to NOS performance criteria. When ready, your portfolio supports OFQUAL qualification claims and demonstrates competence to employers.

Output: Competency matrix, evidence portfolio (downloadable), qualification readiness, career progression score.