Security · Growing
Security Analyst: Skills, Projects & Interview Questions (2026)
Monitor, detect and respond to security threats across the organization.
What a Security Analyst actually does
Monitoring, detecting and responding to threats; tuning detections.
Top hiring companies: Deloitte, PwC, Accenture, IBM, Wipro, TCS.
Top industries: Finance, IT Services, Government, Healthcare, Telecom.
Skills you need to become a Security Analyst
| Skill | Importance | Learning hours | Interview weight |
|---|---|---|---|
| Security Fundamentals | 10/10 | ~40h | High |
| Networking | 9/10 | ~40h | High |
| SIEM (Splunk/Sentinel) | 9/10 | ~40h | High |
| Threat Detection | 9/10 | ~40h | High |
| Incident Response | 9/10 | ~30h | High |
| Log Analysis | 8/10 | ~30h | High |
| Vulnerability Assessment | 8/10 | ~30h | High |
| Security Frameworks (NIST/MITRE) | 8/10 | ~30h | Medium |
| Cloud Security Basics | 8/10 | ~30h | Medium |
| Scripting | 7/10 | ~30h | Medium |
Core tools: Splunk, Microsoft Sentinel, Wireshark, Nessus, CrowdStrike, MITRE ATT&CK.
Security Analyst learning roadmap
Beginner · 2-3 months
Foundations & core tooling
Build: Analyze logs in a SIEM and build one detection rule.
Intermediate · 3-4 months
Applied, real-world builds
Build: Run threat detection + incident triage on simulated alerts with MITRE mapping.
Advanced · 3-4 months
Production, scale & specialization
Build: Build a SOC use-case library with detections, response playbooks and metrics.
10 Security Analyst portfolio projects
Log Analysis Lab
BeginnerAnalyze logs and spot anomalies.
Skills: Log Analysis, SIEM
SIEM Dashboard
BeginnerBuild a SIEM monitoring dashboard.
Skills: SIEM, Threat Detection
Detection Rule Set
IntermediateCreate detections mapped to MITRE.
Skills: SIEM, Threat Detection
Alert Triage Workflow
IntermediateTriage and investigate simulated alerts.
Skills: Incident Response, Threat Detection
Phishing Investigation
IntermediateInvestigate a phishing scenario.
Skills: Incident Response, Log Analysis
Vulnerability Report
IntermediateAssess and prioritize vulnerabilities.
Skills: Vulnerability Assessment, Security
MITRE Coverage Map
IntermediateMap detections to ATT&CK and find gaps.
Skills: Security Frameworks, SIEM
Cloud Log Monitoring
IntermediateMonitor cloud logs for threats.
Skills: Cloud Security, SIEM
SOC Use-case Library
AdvancedDetections, playbooks and metrics.
Skills: SIEM, Incident Response
Threat Hunt
AdvancedProactive threat hunt with hypotheses.
Skills: Threat Detection, SIEM
Common Security Analyst interview questions
How do you respond to a security incident?Medium
What they're testing: Triage, contain, eradicate, recover, learn
What is HTTPS/TLS doing under the hood?Medium
What they're testing: Encryption, identity, integrity
How do you reduce false positives?Medium
What they're testing: Tuning, baselining, context enrichment
Difference between vulnerability scan and pen test.Medium
What they're testing: Automated detection vs manual exploitation
What is defense in depth?Medium
What they're testing: Layered, redundant controls
Explain a firewall and common ports.Easy
What they're testing: Filter traffic; 80/443/22 etc.
Walk through triaging a security alert.Medium
What they're testing: Validate, scope, prioritize, escalate
How do you prioritize findings for remediation?Medium
What they're testing: Severity, exploitability, business impact
How do you secure secrets and credentials?Medium
What they're testing: Vaults, rotation, least privilege
Explain the TCP/IP model.Medium
What they're testing: Layered data transmission
How do you use MITRE ATT&CK in detection?Medium
What they're testing: Map techniques to detections/coverage
What goes into a good pen-test report?Medium
What they're testing: Findings, evidence, risk, remediation
Certifications for Security Analysts
- CompTIA Security+CompTIA · Very High value
- CompTIA CySA+CompTIA · High value
- Certified Ethical Hacker (CEH)EC-Council · High value
Security Analyst career path
Security Analyst -> Senior Analyst -> Security Engineer / SOC Lead
Related roles: Cyber Security Engineer, Cloud Engineer
Frequently asked questions
What skills do you need to become a Security Analyst?
Core skills include Security Fundamentals, Networking, SIEM (Splunk/Sentinel), Threat Detection, Incident Response. Show detections mapped to MITRE and a clear triage process.
What projects should a Security Analyst build for a portfolio?
Strong starter projects: Log Analysis Lab; SIEM Dashboard; Detection Rule Set; Alert Triage Workflow.
How long does it take to become job-ready as a Security Analyst?
A focused plan runs roughly 2-3 months for fundamentals, then applied projects. Difficulty rating: 5/10.
What is the career path for a Security Analyst?
Security Analyst -> Senior Analyst -> Security Engineer / SOC Lead
Ready to become a Security Analyst?
PrepNPlaced turns this guide into action — a day-by-day roadmap, ATS-ready resume, and real interview practice.
Start free →