Security Operations Centre (SOC) Analyst
Hands-on SOC training covering Windows infrastructure, network defence, SIEM tools, threat hunting, and incident response — built for analysts who need to operate in a live security operations environment.
Build real SOC skills in five days
This programme develops the practical skills required to operate inside a security operations centre. Over five intensive days, you work through the full SOC analyst workflow: configuring and monitoring a Windows domain environment, deploying network defences, investigating alerts in a SIEM, and running a structured incident response. Every session is lab-based, so you leave with hands-on experience rather than theory alone.
The curriculum is structured around three chapters that mirror how a SOC operates — from the infrastructure layer through to detection and response.
What you will learn
By the end of the programme, you will be able to:
- Manage Windows Server infrastructure, configure Sysmon event logging, and administer Active Directory and Group Policy for a domain environment.
- Deploy and operate network defences including pfSense firewalls and Snort IDS/IPS, and analyse traffic with Wireshark.
- Use SIEM platforms — ELK and Splunk — to ingest logs, build queries, configure alerts, and monitor events in real time.
- Conduct threat hunting using log analysis, advanced filtering, and the MITRE ATT&CK framework to identify adversarial behaviour.
- Run incident response investigations using IR playbooks, YARA signatures, and structured cyber incident analysis.
How you will learn
Training is delivered in a classroom environment with a maximum class size of 30 participants per trainer. Each day runs for eight hours of guided, hands-on lab work. All tools and lab environments are provided — you do not need to bring any specialised setup. The five-day format is intensive by design: concentrated practice builds retention faster than extended part-time study for candidates who can commit a full working week.
Who this is for
This course is designed for:
- IT professionals and system administrators moving into security operations roles
- Junior SOC analysts looking to formalise and deepen their technical skills
- Security staff who need to understand the detection and response workflow end-to-end
A working knowledge of networking and Windows administration is recommended. The course is not designed for complete beginners to IT.
Entry requirements
Participants should have:
- Basic understanding of networking concepts (TCP/IP, DNS, routing)
- Familiarity with Windows operating systems and administration
- Willingness to engage in intensive, lab-heavy practical work
There is no formal academic entry requirement. Suitability is assessed at enrolment.
What you will cover
Module 01 Chapter 1 — Windows Domain, Firewalls & IDS/IPS
- Windows Server: installation, configuration, and managing features
- Windows events and Sysmon configuration
- Active Directory Domain Services (AD DS): installation and configuration
- Domain protocols and Group Policy management
- Traffic analysis with Wireshark
- pfSense: installation, firewall rules, NAT rules, packages, and real-time monitoring
- Snort IDS/IPS: rules structure, configuration, NAT feature, and advanced rules
Module 02 Chapter 2 — SOC Environment: ELK & Splunk
- ELK stack: monitoring events, search methods, custom queries, and alerts
- Splunk: event monitoring and alert configuration
- Centralised log ingestion and index management
- Building dashboards for real-time SOC visibility
Module 03 Chapter 3 — SIEM, Threat Hunting, MITRE ATT&CK, YARA & Incident Response
- Log analysis: analysing logs and advanced filtering techniques
- MITRE ATT&CK framework: threat hunting via events and creating hunting rules
- Sysmon: XML settings and in-depth event analysis
- YARA: rules structure and threat hunting with custom signatures
- Incident response: IR playbooks and investigating suspicious files
- Cyber incident analysis: end-to-end case investigation
Fees and funding
| SG Citizen 40 and above | SG Citizen 21–39 or PR | Self-funded / Standard | |
|---|---|---|---|
| Course fee, before funding | S$19,500 | S$19,500 | S$19,500 |
| SkillsFuture funding | Up to 90% | Up to 70% | — |
| Nett fee, before GST | S$1,950 | S$5,850 | S$19,500 |
| 9% GST on nett fee | S$175.50 | S$526.50 | S$1,755 |
| Total payable | S$2,125.50 | S$6,376.50 | S$21,255 |
SkillsFuture Credits (up to S$500), UTAP (S$200–S$500) and PSEA may be used to offset the nett fee payable. Fees include 9% GST where shown. Figures are indicative — confirm your eligibility and the latest fees before enrolment.
Frequently asked questions
Who should attend this course?
This course is suited to IT professionals, system administrators, and security staff who are moving into or already working in a security operations centre. Some familiarity with networking and Windows administration is recommended.
What prior knowledge do I need?
Participants are expected to have a basic understanding of networking concepts and Windows operating systems. Experience with Linux is helpful but not mandatory. The course is practical and builds skills progressively over the five days.
Is SkillsFuture funding available?
Yes. Singapore Citizens aged 40 and above may receive up to 90% SkillsFuture funding, and Singapore Citizens aged 21 to 39 or Permanent Residents may receive up to 70%. SkillsFuture Credits (up to S$500), UTAP, and PSEA may be used to offset the remaining nett fee.
What tools will I work with during the course?
You will work hands-on with Windows Server and Active Directory, Sysmon, pfSense, Snort, Wireshark, the ELK stack, Splunk, YARA, and industry frameworks including MITRE ATT&CK. All lab environments are provided.
Will I receive a certificate upon completion?
Participants who meet the attendance requirements receive a certificate of completion from CFCI, co-issued with Ngee Ann Polytechnic.
Ready to secure your future?
Join a free info session to meet the team, walk through the curriculum and find the right path for you. No IT background needed.