Important things to know
Someone messaged me last week. They said they had been applying to cybersecurity jobs for months, getting nowhere, and they were starting to wonder if they were doing something wrong. I asked them what roles they were applying for. They said they are SOC analysts. I asked what their background looked like. They said they had just finished a general IT course and had CompTIA A+.
That was the problem. Not their drive, not their ability. Just that nobody had sat them down and told them what the path actually looks like.
So let me do that now.
First, understand what a SOC analyst actually is
A Security Operations Centre is basically the nerve centre of an organisation's security. Someone is always watching. Alerts come in, logs are being analysed, and when something looks off, the SOC analyst is the first person in the chain who decides what to do about it.
There are three tiers. Tier 1 is where most people start. You are monitoring dashboards, triaging alerts, escalating what needs escalating. It sounds simple but the pressure is real because you are often the first person to see that something bad might be happening. Tier 2 is where you go deeper into investigations, start doing incident response, and get your hands dirty with malware analysis. Tier 3 is the deep end, threat hunting, forensics, building detection logic, staying ahead of attackers before they even make a move.
You do not start at Tier 3. Nobody does. But Tier 1 is a legitimate, well-paying entry point and it is more accessible than the internet makes it seem.
What employers in the UK, US, and Canada are actually looking for
I will not sugarcoat this part. The job market across all three countries rewards people who can show practical competence, not just certifications on a CV.
When you look at what shows up consistently in SOC analyst job postings, SIEM experience is at the top. Splunk and Microsoft Sentinel dominate. If you have never opened either of them, that needs to change before you start applying. Network fundamentals matter too, understanding how traffic flows, what DNS is doing, how firewalls behave, because without that foundation you will struggle to make sense of what you are seeing in the logs. Knowledge of the MITRE ATT&CK framework is increasingly expected even at entry level. Cloud security basics matter because most organisations live on AWS or Azure now and the attacks follow.
Something I want to say explicitly because it gets glossed over: communication is part of the job description. You will write incident reports. You will brief people who are not technical. You will be on a call at 2am trying to explain to a manager what happened in plain language while simultaneously figuring it out yourself. The people who do well in SOC roles are usually the ones who can hold both of those things at the same time.
A degree helps but it is not a hard requirement anywhere. What employers are really screening for is whether you can do the work.
The certifications that actually move the needle
CompTIA Security+ is your starting point. Full stop. It is widely recognised, it meets US Department of Defense 8570 requirements, and it costs under $400. If you do not have it yet, that is step one.
From there, CompTIA CySA+ is a natural next move because it is specifically focused on threat detection and analysis, which is exactly what SOC work is built around. GIAC GCIH is more advanced and more expensive but it signals to employers that you can handle real incident response, not just answer exam questions about it. If Splunk keeps coming up in the job descriptions in your target market, the Splunk Core Certified User certification is worth your time because it is practical, not theoretical. ISACA launched the CCOA in 2025 and it is specifically designed for SOC roles, worth considering if you want something that maps directly to day-to-day operations.
What the money looks like
I know people want the numbers, so here they are.
In the UK, entry-level SOC analyst salaries typically start between £25,000 and £35,000. Senior roles with strong certifications push toward £60,000 to £75,000. The UK has about 11,200 unfilled cybersecurity positions right now, and the biggest employers are financial services, the NHS, and government. That gap between demand and available talent is a genuinely useful context if you are job hunting there.
In the US, Tier 1 roles start somewhere between $50,000 and $70,000. Tier 2 moves into $70,000 to $95,000. Tier 3 goes well past $120,000 depending on where you are and who you work for. California and New York pay notably more than other states. Holding relevant certifications can realistically add $5,000 to $15,000 to an offer.
In Canada, entry-level roles typically start around CAD $53,000 to $62,000, moving toward CAD $75,000 to $100,000 with experience. Toronto, Ottawa, and Vancouver have the highest concentration of openings. Financial institutions and government agencies are the dominant hirers.
The actual path
People make this more complicated than it needs to be.
Start by building your fundamentals: networking basics, operating system concepts, how common attacks work. You do not need to be an expert before you start. You need enough to hold a conversation and keep learning. Then get CompTIA Security+. Then get hands-on. Set up a home lab, spend real time inside a SIEM, practice analysing logs, simulate what a Tier 1 analyst actually does day to day. When an interviewer asks if you have worked with Splunk, you want the answer to be yes and you want to be able to talk about what you actually did in it. Add CySA+ or a SIEM-specific certification once you have the baseline. Then apply. Do not wait until you feel ready. Apply while you are still building.
The people who make it are almost never the ones who have the perfect background. They are the ones who kept going when it felt slow.
This is exactly where Amdari comes in
Here is the thing about everything I just described. The fundamentals, the hands-on practice, the real environment experience, the chance to actually work on projects before you have a job title. That is Amdari in a sentence. Amdari is a cybersecurity work experience programme. Not a course you watch and forget. An actual work experience structure where you are operating on real projects, working inside teams, building a portfolio that means something when you put it in front of a hiring manager. You get mentorship from practitioners. You get the kind of context you can only get from being in it.
If you are in the UK, the US, or Canada, and you have been wondering why your applications are not landing, the answer is usually not that you are not smart enough or not working hard enough. The answer is that you need the experience, and you need someone to help you build it in a structured way. That is what Amdari exists for. You have a chance to book a free clarity call with one of our coaches here on how to get started.
