Jasper Alblas
TryHackMe: Junior Security Analyst Intro Walkthrough (SOC Level 1)
Welcome to this walkthrough of the Junior Security Analyst Intro Room on TryHackMe. Originally I had planned not to make a walkthrough on this room, but it ended up being the only not I have not written (so far), so I decided to cover this short room as well.
In this room we play through a day in the life of a Junior Security Analyst, their responsibilities and qualifications needed to land a role as an analyst.
Room URL: https://tryhackme.com/r/room/jrsecanalystintrouxo
This room is part of the SOC Level 1 Path.
I am making these walkthroughs to keep myself motivated to learn cyber security, and ensure that I remember the knowledge gained by these challenges on HTB and THM.
Join me on learning cyber security. I will try and explain concepts as I go, to differentiate myself from other walkthroughs.
Now, let’s move on!
Table of Contents
Task 1: Junior Security Analyst Journey
AThe Security Analyst Journey
Welcome to the dynamic world of cybersecurity — where threats evolve daily, every click could hide an attack, and defenders play a crucial role in keeping businesses safe. The TryHackMe Security Analyst Journey introduces you to life as a Junior Security Analyst, also known as a SOC Level 1 Analyst.
Each day begins with scanning cyber news — DDoS attacks breaking records, nation-state campaigns, supply chain compromises, and SaaS breaches leaking sensitive data. As part of the first line of defense, your mission is to make sure your company doesn’t end up in those headlines.
Your daily work in the SOC involves:
- Monitoring and investigating alerts to identify threats early.
- Collaborating with colleagues in 24/7 operations to respond quickly.
- Joining workshops and brainstorms to improve detection and response.
- Constantly learning to stay ahead of new attack techniques.
It’s a challenging but rewarding role — the foundation of any cybersecurity career. This TryHackMe path helps you build the mindset, skills, and hands-on experience needed to become an effective defender.
Questions
Which team do you work with as a Junior Security Analyst?
As a Junior Security Analyst you will work within the SOC team. This stands for the Security Operations Center. More about this soon.
Answer: SOC
Task 2: Security Operations Center (SOC)
A SOC is a Security Operations Center, and it serves as the backbone of an organization’s cybersecurity framework, operating 24/7 to monitor, investigate, prevent, and respond to cyber threats. According to McAfee, SOC teams protect critical assets like intellectual property, personnel data, business systems, and brand integrity, acting as the central hub for coordinated cyber defense.
SOC and Your Team
You are not alone in monitoring the alerts and securing the whole company. A lot of people support you with your job. SOC engineers are configuring the security tools, senior analysts are helping with complex attacks, and a manager is trying to keep everything under control. A Security Operations Center (SOC) is your big team that protects the company, each role in its own way. Now, let’s meet your colleagues!
Will Griffin – Senior Analyst
Will is your closest colleague. He helps you and other Junior analysts when something is unclear and handles complex cases after you do the initial analysis.
Corey Stevens – SOC Engineer
Corey doesn’t have shifts and doesn’t analyze the alerts. Instead, he maintains security tools and configures the alerts to make your analyst’s job easier.
Emily Conway – SOC Manager
Emily tries to keep everything under control. She reports SOC results to the top management and makes sure you aren’t lost in that big new cyber security world.
Daniel Herrera – Incident Responder
You don’t work with Daniel every day, but when he’s online, you know something serious has happened. He is called on demand during major incidents.
Your Daily Duties
Are you inspired by your colleagues’ work and wish to advance to their roles? Cyber security is a broad field, and with time you’ll find the path that excites you most. But before that, you need to gain work experience as a Junior Security Analyst. Along the way, you’ll have many lessons and challenges, where you may:
Go beyond cyber and understand how companies operate from the insid
Detect and prevent a data stealer infection on a coworker’s laptop
Analyze and stop a phishing campaign targeting the finance team
Participate in a bigger incident, such as a full-scale ransomware attack
Team up with your teammates to build detection rules and automations
Questions
Continue to the next task!
Answer: No answer needed
Task 3: A day In the life of a Security Analyst
eing in the defensive frontline is not easy, as you have to constantly learn new things. During a busy 8-hour shift, you might be buried under a mountain of “tickets” – the alerts and tasks that you need to resolve in a timely manner. Still, the job is fun and rewarding, especially after you stop a real threat from damaging your organization. Even better, it is fascinating to know how the attacks you hear about in the news actually happen in the real world.View Site
Now, are you ready to immerse yourself in the role of a Security Analyst?
Click on the green View Site button to open the attached lab.
Navigate to the alert dashboard on the right and answer the questions.
Challenge
It is time to get some practical experience. Press the View Site button and let’s answer the questions together!
Questions
Click on the green View Site button in this task and open the lab.
Make sure you have started the site 🙂
Answer: No answer needed
What was the malicious IP address in the alerts?
You will be met by a page that is meant to look like a SIEM (Security Information and Event Management) system. If you look at the Alert log you will see one entry that is red when you hover over the row, and it also mentions an unauthorized connection attempt. It mentions an IP address so this must be the answer.
Answer: 221.181.185.159
To whom did you escalate the event associated with the malicious IP address?
Click on the row entry and you can move on with the challenge. Press continue untl you are met by an IP Scanner application.
Enter the IP we found in the previous question.
We will get a result that indicates that the IP address is malicious:
Press next, and now you get to decide whom to escalate the event to.
A Sales Executive does not make sense, and a Security Architect does not seem to be the right person either. While I guess you could escalate it to a security consulant, normally you would send it to the SOC Team Lead (Will Griffin), who will decide what to with the event.
Answer: Will Griffin
After blocking the malicious IP address on the firewall, what message did the malicious actor leave for you?
Now all that is left to block the malicious IP address:
Enter the IP, press the button, and you will get the flag:
Answer: THM{UNTIL-WE-MEET-AGAIN}
Congratulations on completing Junior Security Analyst Intro!!!
Congratulations on finishing this walkthrough of the TryHackMe Junior Security Analyst Intro room. This was a quick appetizer on the stuff we will learn on the SOC Level 1 Path.
I hope you enjoyed this walkthrough. Come back soon for more walkthroughs of rooms on TryHackMe and HackTheBox, and other Cybersecurity discussions.
Find my complete list of SOC Level 1 Path walkthroughs here.
Find more of my other walkthroughs here.
Like my articles?
You are welcome to share my article with friends 🙂
I would be even more grateful if you support me by buying me a cup of coffee:
I learned a lot through HackTheBox’s Academy. If you want to sign up, you can get extra cubes, and support me in the process, if you use the following link:
[…] TryHackMe: Junior Security Analyst Intro Walkthrough (SOC Level 1) […]