(SCTP) SOC (Security Operations Center) Analyst

SOC Analyst program offers practical and theoretical cyber incident analysis and response knowledge.
More and more organizations are implementing managed security services internally and using MSSPs. Properly trained SOC Analysts give businesses solid cyber defense, fix damages and save costs. SOC Analysts are a critical part of damage mitigation activities, working on the front line of responding to cyber-attacks and incidents. SOC Analysts know how to react efficiently and effectively to security threats and incidents.
Trainees of this program will gain the practical knowledge required for their career in CS while learning the art and science of cybersecurity operations, from the vocabulary and effectiveness of incident handling to the severity of incidents and prioritization.

Course Details

Course Dates:
Commencing 25 November 2024

Closing date: 25 October 2024

Course Duration:
1 Year
Weeknights, 7:00 pm - 10:00pm 
Online virtual sessions


Who Should Attend

The course is designed for individuals who are interested in pursuing careers in cybersecurity or enhancing their existing cybersecurity skill set. 

The program is suitable for professionals across various industries, including but not limited to information technology, finance, healthcare, government, and consulting. The nature of work can range from securing IT infrastructure, analyzing security events, investigating incidents, implementing security measures, conducting vulnerability assessments, or providing cybersecurity consulting services.


Minimum Entry Requirements

It is recommended that students have a basic understanding of computer systems, networks, and operating systems. Familiarity with fundamental IT concepts and terminology will be beneficial for grasping the course material effectively. Additionally, a basic knowledge of programming concepts and scripting languages would be advantageous for certain topics covered in the program.
The SkillsFuture Career Transition Programme (SCTP) supports mid-career individuals in acquiring industry-relevant skills to improve employability and pivot to new sectors or job roles. It is a train-and-place programme that is available on a part-time or full-time format, ranging from three to 12 months.

Similar to existing requirements for other training grants administered by SSG, trainees must fulfill minimum attendance requirements and pass the assessments to qualify for course fee subsidies. Trainees who are unable to meet these requirements, or exit the programme without a valid reason, may be asked to return the course fee subsidy that they have received, including any additional course fee funding support. Under the SCTP scheme, trainees are encouraged to complete all modules to fully benefit from the intent of the programme.

For more information, please refer to the FAQs on SCTP or the SkillsFuture website.

Programme Outline

Learning Objectives

By the end of the program, participants will have acquired these learning outcomes, enabling them to apply their skills and knowledge in various job roles such as security analyst, incident responder, network administrator, forensic investigator, and vulnerability assessment and penetration testing analyst.

•    Understanding of Information Security: Learners will gain a solid understanding of information security principles, the importance of confidentiality, integrity, and availability, and how to apply these principles to protect systems and data.

•    Proficiency in Virtualization Technologies: Participants will acquire practical knowledge of virtualization technologies, including the ability to install and configure virtual environments for testing and experimentation purposes.

•    Mastery of Network Fundamentals: Learners will develop a strong foundation in networking concepts, protocols, and models, and will be able to analyze network traffic using tools like Packet Tracker and Wireshark.

•    Competence in Operating Systems: Participants will gain proficiency in managing Windows operating systems, including user and group management, server roles, and group policy administration. They will also acquire skills in Linux operations, including file system management, package management, and network configuration.

•    Scripting and Automation Skills: The program equips learners with scripting skills using PowerShell, enabling them to automate administrative tasks and perform security-related tasks efficiently.

•    Understanding of Cloud Security: Participants will gain knowledge of cloud computing models, their security considerations, and practical experience with Azure services and tools.

•    Expertise in Security Operations Center (SOC) Services: Learners will acquire knowledge of SOC types, rules, playbooks, and IP investigation techniques using public tools.

•    Proficiency in Incident Response Planning: Participants will develop the skills necessary to create and implement incident response plans, effectively detect and respond to security incidents, and conduct forensic investigations.

•    Ability to Analyze Logs and Perform Investigations: Learners will gain expertise in log analysis, dynamic and static analysis techniques, and endpoint detection and response. They will also acquire skills in vulnerability management and detection.

•    Competence in Security Information and Event Management (SIEM) Systems: Participants will gain practical experience in log collection, analysis, and dashboard creation using SIEM tools like Wazuh.

•    Understanding of Web Application Security and Data Loss Prevention: The program covers topics such as web application firewalls (WAF), Mod Security, data loss prevention techniques, and investigating data leakage incidents.

•    Proficiency in Digital Forensics: Learners will gain knowledge and skills in evidence handling, file system analysis, malware analysis (static and dynamic), memory forensics, network forensics, and forensic reporting.

•    Programming Skills: The program introduces programming concepts, including control flow, functions, and object-oriented programming, providing learners with a solid foundation in programming languages relevant to cyber security.

1. Introduction (Introduction to Security Operation Center Analyst)

Provides an essential foundation for understanding information security. Upon completing, students will have gained a solid understanding of information security principles, including the significance of SOC and the fundamental concepts of Confidentiality, Integrity, and Availability (CIA) to protect sensitive information effectively.

2. Virtualization (Understanding Virtualisation)

Upon completing , students will have acquired comprehensive knowledge of virtualization technologies, gained practical experience in installing VirtualBox, and developed the skills to create and configure VMs efficiently.


3. Networking (Networking Essentials for Security Professionals)
Upon completing , students will gain a comprehensive understanding of networking principles and technologies. They will proficiently work with Wireshark to analyze network traffic, grasp OSI and TCP/IP models, and configure services like DHCP, DNS, HTTP/HTTPS, and FTP. Students will have hands-on experience with Packet Tracker and Wireshark labs for effective network traffic visualization and troubleshooting.
4. Windows (Windows Security Essentials)
Upon completing , students will have a strong grasp of Windows OS, utilities, users and groups management, file formats, and native processes. They will understand server roles, Active Directory, and group policies, gaining hands-on experience with administrative and GPO templates for effective Windows server administration.
5. Windows Scripting (Windows Scripting for Security Automation)
Upon completing , students will have a comprehensive understanding of scripting in Windows environments. They will distinguish between PowerShell and CMD, comprehend administrative privileges, and navigate effectively within PowerShell. Students will learn about PowerShell Cmdlets, Snapins, and Modules, as well as PowerShell Remoting for remote management. They will gain practical knowledge of scripting syntax, variables, data types, and script flow control statements, ensuring their ability to execute scripts securely and perform various administrative tasks using PowerShell.
6. Windows Attacks (Windows Attack Mitigation Strategies)
Students will possess knowledge of various techniques used to exploit Active Directory vulnerabilities. They will understand the concepts and methodologies behind attacks such as Pass the Hash, Pass the Ticket, Password Spraying, Golden Ticket, and DCShadow. With this knowledge, students will be well-equipped to identify and mitigate potential security risks associated with Active Directory systems, ensuring better defense against these targeted attacks.
7. Linux (Linux Security Fundamentals)
The learning outcome of this comprehensive module is to equip students with the necessary knowledge and skills to proficiently manage Linux servers. Upon completing , students will grasp Linux distributions, shell usage, essential commands, file systems, and file manipulation. They'll gain proficiency in remote access through SSH, managing STDIO, and text processing with grep. Additionally, the module covers Linux networking, package management, user and group administration, file permissions, compression, and SSH protocol with emphasis on keys vs passwords for secure authentication.
8. Cloud Environment (Navigating Cloud Security)
The module's learning outcome is to provide students with a comprehensive understanding of cloud computing, covering various cloud models (Public/Private/Hybrid) and types (IaaS/PaaS/SaaS). Upon completion, students will be proficient in using Azure services, managing Virtual Machines, accounts, and subscriptions, and leveraging tools like Azure Portal, PowerShell, and CLI & Cloud Shell. Moreover, they will become familiar with Office 365, Azure Compute, Containers, and Logic Apps, empowering them to confidently navigate and utilize cloud environments for diverse purposes and applications.
9. Security Operation Center (SOC) (Demystifying Security Operation Centers)
Module provides students with a comprehensive understanding of SOC's importance, data enrichment, incident response, and attack investigations. Upon completion, students will be proficient in SOC services, types, rules, and playbooks, IP investigations, MITRE Attack tactics, sandbox solutions, and incident response planning following NIST 800-61 guidelines. Practical lab exercises cover Denial of Service, phishing, malware, ransomware, and RAT investigations.
10. Malware Analysis (Malware Analysis: Unraveling Cyber Threats)

Module focuses on providing students with an in-depth understanding of log analysis and both dynamic and static analysis techniques. Upon completing this module, students will have a comprehensive knowledge of various log types, including OS, application, and audit logs, and the skills to collect and investigate logs effectively. Practical lab exercises will involve Apache logs investigation and attack identification. Additionally, students will learn the differences between dynamic and static analysis, and they will gain hands-on experience using tools like PeStudio, Red Line, IDA for file analysis, and Sysinternals tools such as Process Explorer, Process Monitor, and TCPView. They will also conduct lab exercises involving Sysinternals investigation and PML file investigation to analyze ransomware.

11. SIEM (SIEM for Security Intelligence)

Module covers SIEM fundamentals, Wazuh installation, and Rule Creation & Fine Tuning. Students will learn about SIEM types, data collection (Syslog, CEF, API), Wazuh Architecture, and Configuration, with labs for Log Collection and Kibana Query Language. They'll gain expertise in Rule Definition, Creation, and utilizing Dashboards, including a Mitre Attack Dashboard for multiple attacks.


12. Proactive Technologies (Proactive Security Technologies)
Module introduces students to Web Application Firewall (WAF) and Data Loss Prevention (DLP). Upon completing this module, students will gain a comprehensive understanding of WAF and its use, specifically focusing on Mod Security. They will also learn about Data Loss Prevention, exploring data leakage channels and data classification. Practical lab exercises will involve investigating an infected endpoint that sent data outside, reinforcing their ability to apply proactive measures and technologies to secure web applications and prevent data loss effectively.
13. Forensics (Forensic Investigations)
Upon completing this module, students will understand the concept of digital forensics, the importance of evidence, and the evidence life cycle. They will gain expertise in handling files and file systems, identifying common artifacts in digital forensics, and analyzing malware statically and dynamically. Students will learn about different persistence mechanisms, MITRE Attack tactics, LOLBINS, memory forensics with Volatility, disk and filesystem analysis, network forensics, and packet analysis. Practical aspects include creating a forensic report, using forensic hardware, hardware write/blockers, processing a scene, and utilizing forensic software. Additionally, students will develop skills in file signature analysis and email analysis to carry out comprehensive digital investigations effectively.
14. Python Programming (Python Programming for Security Analysts)
Upon completing this module, students will be familiar with programming concepts, how code works, and using an integrated development environment (IDE) for Python development. They will have a strong grasp of basic and advanced data types, control flow, loops, and the concept of modules and imports. Additionally, students will gain practical experience in writing functions, exploring Object-Oriented Programming (OOP) principles, and understanding Functional Programming and Lambda functions for efficient Python coding.

Course Fees and Funding

Full course fee inclusive of prevailing GST

You pay

SkillsFuture Course Fee subsidy (70%)

  • For Singapore Citizens < 40 years old 
  • For Permanent Residents

You pay

Mid-Career Enhanced Subsidy (90%)

  • For Singapore Citizens ≥ 40 years old

You pay

Additional Funding Support (95%)
Additional Funding Support (AFS)- Eligible Singapore Citizens that meet at least one of the following eligibility criteria can enjoy subsidies up to 95% of the course fee:

  • Long-term unemployed individuals (unemployed for six months or more); or
  • Individuals in need of financial assistance – ComCare Short-to-Medium Term Assistance (SMTA) recipients or Workfare Income Supplement (WIS) recipients; or
  • Persons with Disabilities

You pay

The above module fee payable is inclusive of 9% GST. 

Sign Up for (SCTP) SOC (Security Operations Center) Analyst Now

Policies and Financing Options

SSG Funding Terms and Conditions

Use of Personal Details

In consideration of the subsidy provided by SkillsFuture Singapore Agency (“SSG”) through the SUTD Academy for the Course,

I consent to:

The collection, use and disclosure to relevant third parties of my personal data by the SUTD Academy including but not limited to personal particulars, attendance records, assessment/performance records, for the following purposes:

  1. Reporting of national statistics and conducting of holistic continuing education training research and analysis;

  2. Facilitate the conduct of the relevant surveys and audits in relation to the Course;

  3. General administration of the Course including but not limited to processing of the subsidy provided by SSG;

  4. Publicity and marketing of the Course or other Courses to be provided by SSG or SUTD Academy; and

  5. SSG or its Appointed Auditors or Nominated Representatives to directly contact Course Participant to obtain information deemed necessary for the purposes of conducting effectiveness survey or audits in relation to the Course.

SUTD will have to claim the full course fee from participant who is unable to fulfil the SSG funding requirements stated below.

I agree to:

  1. Attend and complete all lectures, class exercises, workshops and assessments;

  2. Complete the Course feedback at the end of the Course;

  3. Complete the post Course survey sent about 3 to 6 months after class attendance; and

  4. Sign up for a personal email account.

SUTD Privacy Statement

For more information on SUTD's privacy statement, please visit https://sutd.edu.sg/Privacy-Statement.

SUTD Terms and Conditions

Methods of Payment

Learn more about the available payment modes.

Cancellation & Refund Policy

  1. If a written notification is sent to sutd_academy@sutd.edu.sg within 24 hours after course registration deadline there will be no cancellation charges. A full refund will be made. 

  2. No refund is provided if written notification is more than 24 hours after course registration deadline. SUTD Academy reserves the rights to collect the full fee amount from the participant.

Replacement Policy

Companies may replace participants who have signed up for the course by giving a 3-working day notice before the course commencement date to sutd_academy@sutd.edu.sg. Terms and conditions apply.

Registration Policy

  1. Course may be cancelled due to insufficient participants. SUTD Academy will not be responsible or liable in any way for any claims, damages, losses, expenses, costs or liabilities whatsoever (including, without limitation, any direct or indirect damages for loss of profits, business interruption or loss of information) resulting or arising directly or indirectly from any course cancellation.

  2. Course enrolment is based on a first-come, first-served basis.

  3. SUTD Academy reserves the right to change or cancel any course or instructor due to unforeseen circumstances. 

Types of Funding

The SCTP courses are kept affordable through these SkillsFuture course fee funding:

  • Baseline subsidy of up to 70% of course fees

  • Enhanced funding subsidy of up to 90% of course fees for Singapore Citizens aged 40 years old and above under SkillsFuture Mid-Career Enhanced Subsidy
  • Post-Secondary Education Account ("PSEA") - eligible for all Singaporeans. Check your eligibility and balance by contacting MOE at contact@moe.edu.sg

  • Additional course fee funding support of up to 95% of course fees for jobseekers with greater needs. Individuals must be Singapore Citizens and meet one of following eligibility criteria:

    1. Long-term unemployed individuals (unemployed for six months or more); or

    2. Individuals in need of financial assistance – ComCare, Short-to-Medium Term Assistance (SMTA) recipients or Workfare Income Supplement (WIS) recipients; or

    3. Persons with Disabilities