QLM EXPERIENCE RESIDENCY

SOC Analyst Level 1

Demonstrate Level 1 security operations readiness: triage alerts, evaluate evidence, decide escalation, preserve artifacts, and communicate incident status.

0/15 scenarios

1

Alert Triage Fundamentals

Evaluating SIEM alerts to distinguish real threats from noise.

2

Identity and Access Investigation

Investigating compromised credentials, privilege abuse, and service account misuse.

3

Endpoint and Network Containment

Detecting and containing threats across endpoints and network segments.

4

Evidence Preservation and Incident Discipline

Preserving forensic evidence, reconstructing timelines, and supporting regulatory response.

5

Communication and Postmortem

Communicating incident status to executives and conducting blameless postmortems.