SOC AnalystSalaryCareer

SOC Analyst Salary in 2026: Pay by Tier, Country, and How to Earn More

IJB

InfoSec Job Board

July 4, 2026 · 6 min read

SOC analyst is the most common way into cybersecurity, and it is also one of the lowest-paid security roles you will find. That is not a contradiction: the security operations center is where most defenders start, so the tier-1 seat is priced as an entry-level job even though the title carries the word "security." The upside is real, though. Pay climbs quickly as you move from triaging alerts to running investigations, tuning detections, and leading a shift. This guide breaks down what a SOC analyst actually earns in 2026, by tier and by country, and how to move the number up.

What drives SOC analyst pay

Three things move a SOC analyst's salary more than anything else: the tier you sit at, the country and city you work in, and whether you have crossed from "alert triager" into skills the market pays a premium for (detection engineering, incident response, cloud, or automation). Certifications help at the entry end but matter less once you have real investigations under your belt. Shift differentials also count. Many SOCs run 24/7, and night, weekend, and on-call rotations often add 10-15% on top of base.

US pay bands by tier

In the United States, our benchmark for a SOC analyst spans roughly $58k to $92k, and that wide range is really four different jobs stacked under one title:

  • Tier 1 (triage): ~$58k to $68k. Watching the queue, closing false positives, escalating anything real. This is the true entry rung and overlaps heavily with our entry-level roles →.
  • Tier 2 (investigation): ~$70k to $85k. Owning escalated incidents, pivoting across logs, correlating activity, and writing up findings. This is where pay starts to separate from generic IT.
  • Tier 3 (threat hunting / senior): ~$85k to $92k and often beyond. Proactive hunting, malware and forensics work, and mentoring the junior tiers. Many Tier 3 analysts are one step from detection engineering or incident response.
  • SOC lead / manager: above the band, commonly $100k+. Running the shift, owning metrics, and managing the analyst rotation. Comp here shifts toward leadership pay rather than analyst pay.

SOC analyst pay by country

Cybersecurity pay tracks local labor markets, so the same tier-1 job looks very different across borders. These are our benchmark ranges for SOC analyst roles, with rough USD conversions for comparison:

  • United States: $58k to $92k
  • Canada: C$57k to C$99k (~$42k to $72k USD)
  • United Kingdom: £24k to £41k (~$30k to $52k USD)
  • Germany: €35k to €57k (~$38k to $62k USD)
  • Australia: A$79k to A$124k (~$52k to $82k USD)
  • Singapore: S$57k to S$92k (~$42k to $68k USD)
  • Netherlands: €35k to €56k (~$38k to $60k USD)
  • Kenya: KES 1.4M to 2.4M (~$10k to $18k USD)

The US and Australia lead in absolute terms, while emerging markets like Kenya pay far less in dollar terms but are competitive against local cost of living and are growing fast. For a full breakdown across roles, seniority, and certifications, see our cybersecurity salary report →.

Remote vs onsite

SOC work has historically been onsite because of the 24/7 shift model and secure-facility requirements, and defense, finance, and government SOCs still lean that way. But fully remote and hybrid SOC roles have become common, especially at cloud-native companies and managed security service providers (MSSPs). Remote roles typically pay to the hiring company's market rather than yours, which is why a remote US SOC seat can pay well above a local onsite one in a lower-cost country. If location flexibility matters more than squeezing the top of the band, browse remote cybersecurity jobs →.

How to increase your pay

The fastest raises in a SOC come from moving up a tier and from adding skills the market pays for, not from collecting more certificates. Still, at the entry end, certs open doors:

  • CompTIA Security+: the baseline many SOC job postings screen for. It rarely raises pay on its own but often gets you the interview.
  • CompTIA CySA+: the analyst-focused follow-on. It maps directly to Tier 1 to Tier 2 work (behavioral analytics, threat detection) and signals you are ready to escalate past triage.
  • Move into detection engineering: writing and tuning the detections instead of just responding to them is one of the biggest pay jumps available to a SOC analyst. Explore the detection and SOC hub →.
  • Move into incident response: IR pays a clear premium over analyst work. Tier 2 and Tier 3 experience is the natural launchpad, and forensics or malware skills accelerate it.
  • Add cloud and automation: analysts who can investigate in AWS, Azure, and GCP, and who can script and automate triage, are worth measurably more than those who only work a console.

A realistic take

Do not let the numbers discourage you. SOC analyst pay is lower than most security roles because it is the entry tier, but it is the on-ramp that leads to nearly everything else in defensive security. Very few incident responders, detection engineers, threat hunters, or security engineering leaders skipped the SOC. Treat the first year or two as a paid apprenticeship: learn the tooling, get reps on real investigations, pick up CySA+, and move deliberately from Tier 1 toward the work that pays more. Two years of solid SOC experience plus one specialization is often the difference between the bottom and the top of every band above.

Ready to start or level up? Browse open SOC Analyst jobs → and see what companies are actually paying right now.

Related guides

Stay ahead of the curve. Get new infosec jobs in your inbox: