Security Analyst III

As a Security Analyst III, you will take alerts or indicators of compromise at any stage of the kill chain and map out full compromises. With minimal direction, you will lead complex investigations, recognize patterns quickly, and adapt when things get complicated.

Path Overview

📚
7
Modules
⏱️
~40
Hours
Sign in to track your progress
What employers look for
  • Lead investigations into complex, multi-stage intrusions with minimal guidance
  • Write advanced KQL detections and proactive hunting queries
  • Investigate cloud environments (Azure, M365) for identity compromise and lateral movement
  • Analyse ICS/OT environments and supply-chain attack scenarios
  • Map attacker activity to MITRE ATT&CK and produce TTP-based reporting

Curriculum

1
Titan Shield: A showcase of Microsoft Defender XDR
~1.0 hrsEasy
Start
2
KQL 201: An Intermediary Course on KQL
~1.0 hrsModerate
Start
3
Critical Compromise In Chicago - ICS
~1.0 hrsModerate
Start
4
KQL 301
~1.0 hrsChallenging
Start
5
AzureCrest - The full version
~1.0 hrsModerate
Start
6
World Domination Nation
~1.0 hrsHard
Start
7
Sunlands: A Tough Space Investigation
~1.0 hrsHard
Start

Explore Other Paths

View All Paths
Security Analyst I

6 modules

As a Junior Security Analyst, you will learn how to identify basic signs of compromise and turn investigative questions into basic queries. We will walk you through every step of the investigation, teaching you how to form a hypothesis, follow evidence, and think through an attack systematically.

Security Analyst II

7 modules

As a Security Analyst II, you will begin to apply common external datasets and tools to enhance your investigations. You will start running investigations with less guidance, connecting evidence across systems and making your own calls about when to dig deeper versus when to move on.

Security Analyst IV

7 modules

As a Security Analyst III, you will thread the needle in complex and subtle investigations. With little to no guidance, you will handle cases like the senior-most member of a SOC team, defining how novel threats are approached and setting the investigative standard for everyone around you.

Loading...