Security Operations Certified - Level 1

eSOC Certification

eSOC is a practical, role-aligned Blue Team certification that validates foundational skills required to operate effectively as a Tier 1 Security Operations Center (SOC) analyst.

Buy eSOC + Prep Start Training

The Exam

INE Security’s Security Operations Certified – Level 1 (eSOC) Certification evaluates a candidate’s ability to perform real-world SOC tasks, including alert triage, log analysis, incident detection, escalation, and documentation.

About the Certification Exam

The eSOC certification covers the end-to-end fundamentals of modern security operations, including SOC structure, logging and SIEM analysis, incident triage and response, case management, threat intelligence, and AI-aware SOC practices.

SOC Foundations

Logging & SIEM Analysis

Incident Detection & Response

SOC Tools & Workflow Integration

This certification exam emphasizes operational readiness over theory. Candidates are tested not only on knowledge, but on their ability to think like a SOC analyst—correlating evidence, validating alerts, prioritizing incidents, and producing escalation-ready documentation.

Domains + Objectives

The eSOC evaluates an individual’s readiness for foundational SOC roles across multiple operational domains.

SOC Foundations & Analyst Readiness

Explain the purpose and structure of a Security Operations Center, common SOC roles, and escalation paths. Apply foundational security concepts, frameworks, and professional analyst practices.

Logging, SIEM & Alert Analysis

Identify and analyze common log sources, investigate alerts using SIEM techniques, correlate events across data sources, and assess alert quality to reduce false positives.

Incident Detection, Triage & Response

Classify alerts, determine severity, differentiate true and false positives, identify common incident types, and execute appropriate Tier 1 response actions using documented playbooks.

SOC Tools, Enrichment & Workflow Integration

Use SIEM, EDR, SOAR, and ticketing tools to investigate alerts, enrich data, and integrate findings into structured investigative workflows.

Case Management, Ticketing & Reporting

Create accurate SOC tickets, document investigations clearly, communicate findings effectively, and prepare escalation-ready reports for downstream teams.

Applied SOC Analysis Scenarios

Analyze phishing emails, endpoint activity, and network traffic to detect malware, command-and-control activity, and potential data exfiltration.

Threat Intelligence & AI-Augmented SOC Operations

Apply threat intelligence to enrich investigations and understand how AI is used in modern SOCs—while recognizing its limitations and the need for human judgment.

Who It’s For

The eSOC certification is designed for individuals entering or transitioning into cybersecurity roles focused on defensive operations.

Get eSOC Certified

To take the eSOC exam, you’ll need both an INE subscription and an exam voucher.

New to INE? Get started with one of these options:

Get a Free Voucher

INE Premium subscription

The INE Premium subscription offers the eSOC Learning Path, built specifically to prepare candidates for Tier 1 SOC roles. The learning path combines expert-led instruction with hands-on labs covering SIEM analysis, incident triage, logging, and SOC workflows. Upon completion, candidates are ready to attempt the eSOC exam with confidence.

Get Started

eSOC Voucher Included

eSOC + Prep Bundle

Get 3 months of access to all INE training to prepare you for the eSOC certification and beyond.

Buy My Voucher

Already a Subscriber?

The Security Operations Certified – Level 1 exam voucher can only be purchased with an INE Premium Subscription. If you already have a subscription, you can buy your voucher when eSOC releases on March 3. Candidates are strongly encouraged to complete the eSOC Learning Path before attempting the exam.

The Process

Whether you are attempting the eSOC certification exam independently or after completing the recommended learning path, the process is simple.

Shop Certification Vouchers

To earn the eSOC Certification:

1. Purchase a certification exam voucher

Purchase an exam voucher to begin the certification process. Log in to the certification portal to manage your exam and related materials.

2. Begin the certification process

Exam vouchers expire 180 days after purchase. You must complete the exam within this timeframe. If you do not pass on the first attempt, one free retake is included and must be completed within 14 days. Both attempts must occur before the voucher expiration date.

3. Take your exam

Follow the exam instructions and complete the certification within the allotted time. If technical issues occur during the exam, contact support@ine.com for assistance.

4. Receive your results

Results are auto-graded and typically delivered within a few hours of exam completion. The eSOC score report provides performance metrics across each exam domain to support targeted skill improvement.

All passing credentials are valid for three years from the date awarded. Maintain your certification through INE’s flexible renewal options to stay current with evolving SOC practices.