SOC Level 2
- • Jun 22–24, 2026 · Live Remote Online
- • Sep 21–23, 2026 · Live Remote Online
- • Dec 7–9, 2026 · Live Remote Online
Contact IT Dojo for current pricing, available dates, and a custom quote tailored to your team or organization.
Course Duration
3 days
Audience
Employees of federal, state and local governments; and businesses working with the government.
Prerequisites
Strongly recommended to have completed SOC Level 1 (or equivalent). Prerequisites include: networking fundamentals, operating system fundamentals, security operations fundamentals, network traffic analysis, endpoint security monitoring, log analysis and SIEM, and basic digital forensics exposure.
Course Description
Security Operations (SOC) Level 2 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. Building on the foundational skills from SOC Level 1, this course focuses on developing an effective investigative methodology and mastering the responsibilities of an incident responder and threat hunter. Through hands-on labs and realistic scenarios, you will investigate sophisticated threats across enterprise environments, applying advanced techniques aligned with the MITRE ATT&CK framework. The curriculum emphasizes proactive threat hunting as part of a continuous detection and response cycle. By the end of the course, you will be equipped with the mindset, tools, and methodologies needed to confidently investigate incidents, trace root causes, and respond effectively to advanced adversaries. This course includes an Exam Voucher for TCM Security's Practical SOC Analyst Professional (PSAP) certification. Each exam voucher includes 1 exam attempt and is valid for 12 months from the course completion date or certification release date.
Learning Objectives
- Develop a robust investigator's mindset to approach incidents methodically
- Learn industry-standard methodologies and tools for detecting, hunting, and responding to cyber threats across enterprise environments
- Gain experience performing incident response and threat hunting at scale
- Investigate and identify advanced adversary tactics following the MITRE ATT&CK framework, including execution artifacts, lateral movement, credential theft, living-off-the-land techniques, persistence, defense evasion, command and control, and more
- Perform effective attack timeline analysis and guide incident response and remediation efforts
- Investigate the root cause of security incidents by uncovering the entry point
Course Outline
Day 1 – Threat Hunting Fundamentals
- Understanding the modern adversary
- Introduction to incident response and incident decision making
- Introduction to threat hunting: teams, data sources, and maturity models
- Cyber threat intelligence
- Exploring the MITRE ATT&CK Navigator
- Structured and unstructured threat hunting
- Data transformation techniques in the command-line, PowerShell, and Splunk
- Searching, aggregations, statistics, and visualizations
Day 2 – Anomaly Detection and Adversary Tactics
- Understanding and categorizing anomalies: masquerading, ambiguous identifiers, frequency and volume anomalies
- Temporal, location, environmental, structural, and format anomalies
- Absence and suppression anomalies and entropy analysis
- Dissecting threat reports and threat hunting labs
- Tracing an attack chain
- Hunting execution, malicious process trees, and persistence
- Hunting defense evasion, command and control, and lateral movement
Day 3 – Enterprise Collection and Forensics
- Collection at scale: WMI, PowerShell remoting, and remote collection frameworks
- Triage artifact collection with KAPE
- Incident response with Velociraptor
- Windows memory structures and the Volatility framework
- Process analysis, command line analysis, and network analysis
- Registry analysis
Frequently Asked Questions
What does the SOC Level 2 course cover?
Security Operations (SOC) Level 2 is an advanced course designed to elevate your ability to detect, investigate, and respond to complex cyber threats at scale. IT Dojo delivers it as live instructor-led training for government and business professionals.
How long is IT Dojo's SOC Level 2 training?
SOC Level 2 is a 3 days course. It is available as live remote online instruction or on-site at your facility.
Is this course available as live remote online training?
Yes. IT Dojo offers SOC Level 2 as live remote online training led in real time by a certified instructor. On-site delivery at your government facility or contractor location is also available.
Who should attend this course?
Intermediate and advanced SOC analysts, incident responders, and threat hunters who have completed SOC Level 1 training or have equivalent foundational experience in security operations.
Does SOC Level 2 prepare students for a certification?
Yes. SOC Level 2 maps to the PSAP – Practical SOC Analyst Professional credential. IT Dojo's instructor-led training is built to prepare students for the exam.
Does IT Dojo offer this training on-site at government or DoD facilities?
Yes. IT Dojo delivers SOC Level 2 on-site at government agencies, DoD commands, military installations, and contractor facilities. On-site training is ideal for teams and can be customized to your organization's workflows. Contact IT Dojo to schedule.
How do I register for this course?
IT Dojo training is employer sponsored. Your organization registers and pays for seats. To schedule SOC Level 2 for your team, contact IT Dojo via the Request Training form or call 757-216-3656.