SOC Analyst (Cybersecurity)

A blue-team internship focused on SOC workflows: triaging alerts, hunting threats, and communicating clearly with incident stakeholders.

12 weeks

12 projects

$700starting at

Program Overview

The TechPeak Lab SOC Analyst (Cybersecurity) internship simulates life on an entry-level SOC team. Over 12 weeks you will:\n\n- Work from SIEM alerts and raw logs to validate or dismiss incidents.\n- Build repeatable playbooks for common attack patterns.\n- Perform basic threat hunting using log and endpoint data.\n- Produce concise updates and after-action reports.\n\nYour final portfolio will show how you approach noisy data, prioritise risk, and collaborate with the wider security function.

Skills You'll Gain

Alert triage & enrichment

Log analysis

Threat hunting basics

Use case & playbook design

Incident documentation

MITRE ATT&CK mapping

Tools & Technologies

SIEM platform (e.g. Splunk, Sentinel)

Endpoint telemetry

Threat intel feeds

Ticketing systems

MITRE ATT&CK Navigator

Internship Structure

This 12-week internship is structured around hands-on project work. Each week builds upon the previous, introducing new concepts and challenges that mirror real industry scenarios.

You'll work independently on projects, receive structured feedback, and have the opportunity to refine your work based on instructor guidance.

Projects

Week 1 project preview

Build a Basic SIEM Monitoring Lab

Your first week as a SOC analyst intern is about wiring up visibility. You will stand up a lightweight SIEM-style lab, ingest logs, and prove that you can actually see suspicious activity as it happens.

Requirements

- Set up a log collection and analysis stack using Wazuh, ELK, or a similar open-source tool. - Ingest host or application logs from at least one test system (VM, local machine, or lab host). - Simulate a handful of suspicious events (failed logins, privilege changes, simple port scans, etc.). - Create at least two detection rules or saved searches that reliably surface these simulated events. - Document the end-to-end flow from log source → collection → indexing → visualization/detection.

Deliverables

- Step-by-step setup guide (`SETUP.md` or included in `README.md`) with screenshots of your SIEM or monitoring dashboard. - Written description of each simulated attack or suspicious activity and why it matters. - Screenshots or exports of alerts, dashboards, or queries showing your detections firing. - A short incident-style summary for at least one simulated event, written as if you were reporting to a lead analyst.

Week 1

Build a Basic SIEM Monitoring Lab

Enroll to access full projects, weekly briefs, and GitHub submission workflows.

Later weeks

Week 2