New · Cohort 3Engineering Analytics Cohort 3 goes live 25 July — only 30 seatsRegister Now

Security · Growing

Security Analyst: Skills, Projects & Interview Questions (2026)

Monitor, detect and respond to security threats across the organization.

Demand 8/102026 outlook 8/10Difficulty 5/10High remote730 LPA (indicative)

What a Security Analyst actually does

Monitoring, detecting and responding to threats; tuning detections.

Top hiring companies: Deloitte, PwC, Accenture, IBM, Wipro, TCS.

Top industries: Finance, IT Services, Government, Healthcare, Telecom.

Skills you need to become a Security Analyst

SkillImportance
Security Fundamentals10/10
Networking9/10
SIEM (Splunk/Sentinel)9/10
Threat Detection9/10
Incident Response9/10
Log Analysis8/10
Vulnerability Assessment8/10
Security Frameworks (NIST/MITRE)8/10
Cloud Security Basics8/10
Scripting7/10

Core tools: Splunk, Microsoft Sentinel, Wireshark, Nessus, CrowdStrike, MITRE ATT&CK.

Security Analyst learning roadmap

Beginner · 2-3 months

Foundations & core tooling

Build: Analyze logs in a SIEM and build one detection rule.

Intermediate · 3-4 months

Applied, real-world builds

Build: Run threat detection + incident triage on simulated alerts with MITRE mapping.

Advanced · 3-4 months

Production, scale & specialization

Build: Build a SOC use-case library with detections, response playbooks and metrics.

Get a day-by-day Security Analyst study plan →

10 Security Analyst portfolio projects

Log Analysis Lab

Beginner

Analyze logs and spot anomalies.

Skills: Log Analysis, SIEM

SIEM Dashboard

Beginner

Build a SIEM monitoring dashboard.

Skills: SIEM, Threat Detection

Detection Rule Set

Intermediate

Create detections mapped to MITRE.

Skills: SIEM, Threat Detection

Alert Triage Workflow

Intermediate

Triage and investigate simulated alerts.

Skills: Incident Response, Threat Detection

Phishing Investigation

Intermediate

Investigate a phishing scenario.

Skills: Incident Response, Log Analysis

Vulnerability Report

Intermediate

Assess and prioritize vulnerabilities.

Skills: Vulnerability Assessment, Security

MITRE Coverage Map

Intermediate

Map detections to ATT&CK and find gaps.

Skills: Security Frameworks, SIEM

Cloud Log Monitoring

Intermediate

Monitor cloud logs for threats.

Skills: Cloud Security, SIEM

SOC Use-case Library

Advanced

Detections, playbooks and metrics.

Skills: SIEM, Incident Response

Threat Hunt

Advanced

Proactive threat hunt with hypotheses.

Skills: Threat Detection, SIEM

Common Security Analyst interview questions

How do you respond to a security incident?Medium

What they're testing: Triage, contain, eradicate, recover, learn

What is HTTPS/TLS doing under the hood?Medium

What they're testing: Encryption, identity, integrity

How do you reduce false positives?Medium

What they're testing: Tuning, baselining, context enrichment

Difference between vulnerability scan and pen test.Medium

What they're testing: Automated detection vs manual exploitation

What is defense in depth?Medium

What they're testing: Layered, redundant controls

Explain a firewall and common ports.Easy

What they're testing: Filter traffic; 80/443/22 etc.

Walk through triaging a security alert.Medium

What they're testing: Validate, scope, prioritize, escalate

How do you prioritize findings for remediation?Medium

What they're testing: Severity, exploitability, business impact

How do you secure secrets and credentials?Medium

What they're testing: Vaults, rotation, least privilege

Explain the TCP/IP model.Medium

What they're testing: Layered data transmission

How do you use MITRE ATT&CK in detection?Medium

What they're testing: Map techniques to detections/coverage

What goes into a good pen-test report?Medium

What they're testing: Findings, evidence, risk, remediation

Practice the full Security Analyst question bank →

Certifications for Security Analysts

  • CompTIA Security+CompTIA · Very High value
  • CompTIA CySA+CompTIA · High value
  • Certified Ethical Hacker (CEH)EC-Council · High value

Security Analyst career path

Security Analyst -> Senior Analyst -> Security Engineer / SOC Lead

Related roles: Cyber Security Engineer, Cloud Engineer

Frequently asked questions

What skills do you need to become a Security Analyst?

Core skills include Security Fundamentals, Networking, SIEM (Splunk/Sentinel), Threat Detection, Incident Response. Show detections mapped to MITRE and a clear triage process.

What projects should a Security Analyst build for a portfolio?

Strong starter projects: Log Analysis Lab; SIEM Dashboard; Detection Rule Set; Alert Triage Workflow.

How long does it take to become job-ready as a Security Analyst?

A focused plan runs roughly 2-3 months for fundamentals, then applied projects. Difficulty rating: 5/10.

What is the career path for a Security Analyst?

Security Analyst -> Senior Analyst -> Security Engineer / SOC Lead

Ready to become a Security Analyst?

PrepNPlaced turns this guide into action — a day-by-day roadmap, ATS-ready resume, and real interview practice.

Start free →