10 Practical SOC Analyst Projects to Upgrade Your CV in 2026

Mar 5
4 min read

Do you want to become a SOC Analyst but don't know which projects to undertake? This article summarizes 10 hands-on SOC Analyst projects, ranging from SIEM and Incident Response to Threat Hunting, to help you enhance your skills and boost your job application resume.

Why are SOC Analyst projects more important than certificates?

In the field of Cybersecurity, particularly within SOC (Security Operations Center) environments, relying solely on theoretical knowledge or possessing multiple certifications is insufficient to meet real-world job requirements. Employers are not only interested in what you have learned, but more importantly, how you have handled specific security situations.

Through projects, employers can evaluate how you analyze alerts, investigate incidents, track root causes, and understand the nature of attack techniques. A well-executed and well-presented project demonstrates that you don't just know the tools; you truly think and act like a SOC Analyst.

Performing SOC Analyst projects allows employers to assess candidates from more perspectives - Source: AI.

What criteria make a good SOC Analyst project?

A SOC Analyst project is highly rated when it can fully demonstrate the mindset of a true analyst:

Alert and log analysis: Don't just view the alert; understand why it appeared.
Root cause investigation: Determine which behavior triggered the alert and whether it's a real attack or a false positive.
MITRE ATT&CK Mapping: Link observed behaviors to attacker techniques and tactics.
Incident Documentation & Reporting: Clearly present findings, impact levels, and remediation steps.

If your project demonstrates these four elements, your capabilities will certainly be highly valued by employers.

*4 criteria that help the SOC Analyst project receive a high rating - Image source: AI*

10 Real-World Projects to Help You Secure Your First SOC Analyst Job

If you are aiming to become a Tier 1 or Tier 2 SOC (Security Operations Center) Specialist, start these 10 real-world projects immediately to prove your practical capabilities.

1. Building a SIEM Monitoring and Threat Detection System

Instead of just learning theory, build your own Lab using Splunk or the ELK Stack. Feed real log data into the system and set up custom rules. The goal is to accurately detect Brute force attacks, PowerShell abuse behaviors, or unusual login signs from strange IP ranges.

*SIEM Monitoring & Threat Detection System - Image Source: AI*

2. Phishing Incident Simulation and Response

Phishing remains the most common attack vector. This project requires you to recreate a scenario from the initial deceptive email entry to malware execution. You need to investigate logs, identify the infection vector, isolate the threat, and most importantly, write a standard Incident Report.

3. IDS Deployment and Packet Analysis

Install and configure intrusion detection systems like Snort or Suricata. Then, use Wireshark to analyze PCAP files. Correlating alerts with real attack traffic and mapping them to the MITRE ATT&CK matrix will make your CV extremely impressive.

*Deploying IDS and Packet Analysis - Image source: AI*

4. Cloud Security Monitoring

With the shift toward the Cloud, skills in monitoring AWS CloudTrail or Azure logs are a massive plus. Try simulating IAM (Identity and Access Management) privilege abuse and analyzing suspicious activities. This is a skill highly sought after by modern Managed SOC service teams.

5. In-depth Endpoint Monitoring with Sysmon and Wazuh

Endpoints are the "front lines" of every attack. Deploy data collection from workstations via Sysmon and integrate it into Wazuh. Focus on detecting techniques such as:

Credential dumping.
Establishing Persistence.
Unusual processes running from temporary directories.

*Implementing data collection from workstations via Sysmon and integrating it into Wazuh - Image source: AI*

6. Threat Hunting on Real Data

Don't wait for alerts to appear. Perform proactive Threat Hunting on Windows or Zeek logs. Use query languages like SPL (Splunk) or KQL (Azure) to build attack timelines and search for traces that automated tools might miss.

7. Security Automation with Scripting

A good SOC Analyst knows how to optimize workflows. Write scripts (Python or Bash) to automate IOC enrichment, log parsing, or alert triage. This is a miniature model of professional SOAR systems.

8. Honeypot Deployment and Threat Intelligence Exploitation

Set up a "Honeypot" trap to attract attackers. From the collected data (IPs, techniques, malware), analyze and write a threat brief. This shows you have a proactive defensive mindset.

Thiết lập bẫy Honeypot và từ những dữ liệu thu được hãy chủ động phân tích, viết tóm tắt về mối đe dọa — Set up a honeypot and proactively analyze the collected data to write a threat summary - Image source: AI

9. Deep Research on Threat Intelligence and APTs

Choose an Advanced Persistent Threat (APT) group or a new malware strain to research. Map their techniques (TTPs) and learn how threat intelligence sources support early detection in corporate environments. You can refer to reports from IPSIP's Cybersecurity Assessment Services for a more realistic view.

10. Phishing Email and Malware Analysis (Sandbox)

Finally, practice malware analysis skills in a safe environment (Sandbox). Extract Indicators of Compromise (IOCs) such as Domains, IPs, and file hashes, and document the analysis process like a true Tier 1 Analyst.

SOC experience doesn't come from reading books; it comes from hours of scrutinizing logs and investigating in the real world. If, during an interview, you can clearly explain: What did you detect? Why was it important? And how did you handle it? - then the door to the cybersecurity industry will always be wide open for you.

Which SOC project in this list will you start with first? Share it with IPSIP Vietnam!

Reference source: 10 projects for SOC Analyst job - Cyber Warriors.