---
url: "https://xcademia.com/courses/xsoc-xcademia-soc-analyst-practitioner"
title: "XSOC: Xcademia SOC Analyst Practitioner"
description: "Earn XSOC through a 6-day SOC programme. MITRE ATT&CK v14, NCSC CAF, GovAssure. Practitioner-assessed. No MCQs. UK instructor-led. Direct Award eligible."
publishedAt: "2026-04-20T05:22:14.865099+00:00"
updatedAt: "2026-04-21T04:24:46.429977+00:00"
type: course
code: "CYB-0326"
level: Expert
duration_days: "6"
track: "SOC Analyst & Threat Hunting"
category: "Cybersecurity & Ethical Hacking"
credential_tier: tier3
price_gbp: "5995"
---

# XSOC: Xcademia SOC Analyst Practitioner

> The XSOC Certification Programme is the practitioner standard for SOC analysts who detect, investigate, and proactively hunt advanced threats across enterprise environments using SIEM, EDR, and cyber threat intelligence. Assessed on Day 6 through a supervised live threat hunt producing a professional intelligence report. No MCQs. No exam pressure. No question bank.

## Overview

Modern security operations demand more than alert triage and runbook execution. Threat actors blend into normal traffic, adapt their techniques constantly, and evade signature-based detection. The SOC analyst who follows only a playbook is perpetually behind. XSOC is built for professionals who want to operate at the front edge of detection, hunting proactively, engineering better alerts, and producing intelligence that informs strategic decisions.

Across six instructor-led days, participants build capability across the complete SOC lifecycle: platform operations across Splunk, Microsoft Sentinel, and Elastic, detection engineering with Sigma and YARA, alert triage and investigation workflows, endpoint and cloud telemetry analysis, threat hunting methodology, and cyber threat intelligence integration. Every session uses real adversary behaviour drawn from current threat actor profiles and MITRE ATT&CK v14.

On Day 6, participants lead a live supervised hunt exercise against a simulated enterprise environment seeded with real threat actor behaviour. The senior practitioner observes methodology and assesses the intelligence report submitted. Certificate and Practitioner Assessment Report issued together. Aligned with MITRE ATT&CK v14, NCSC CAF Objective C, NIST CSF 2.0 Detect, UK DDaT Cyber Security job family, GovAssure, SOC-CMM, NIS2, and DORA.

## Prerequisites

- Minimum 12 months in a SOC, security operations, or IT infrastructure role with hands-on security exposure
- Working knowledge of at least one SIEM platform: Splunk, Microsoft Sentinel, or Elastic
- Basic understanding of TCP/IP networking, Windows and Linux operating systems

## What you will learn

- Design and implement detection rules aligned to MITRE ATT&CK v14 using Sigma, YARA, and native SIEM query languages across Splunk, Sentinel, and Elastic
- Analyse endpoint, network, and cloud telemetry to identify indicators of compromise and adversary behaviour patterns from current threat actor profiles
- Lead hypothesis-driven threat hunting operations from scoping through evidence collection to documented intelligence findings
- Manage investigation workflows across L1 to L3 SOC tiers with professional documentation and escalation standards
- Integrate cyber threat intelligence from MISP, OpenCTI, and commercial feeds into detection engineering and SOC operations
- Produce professional intelligence reports and executive briefings aligned to NIS2, DORA, and NCSC CAF regulatory requirements

## Skills you will gain

- SIEM platform operations
- Sigma rule authoring
- YARA development
- MITRE ATT&CK v14 detection mapping
- Threat hunting methodology
- EDR telemetry analysis
- Alert triage and escalation
- Cloud log analysis
- .  Cyber threat intelligence integration
- Detection-as-code
- SOC metrics and KPIs
- Intelligence report writing

## Career progression

- SOC Analyst L2/L3
- Detection Engineer
- Threat Hunter
- Security Operations Lead
- Cyber Threat Analyst
- MSSP Analyst

## Framework alignment

- MITRE ATT&CK v14
- NCSC CAF
- NIST CSF 2.0
- UK DDaT Framework
- GovAssure
- SOC-CMM
- NIS2 Article 6 and 23
- DORA Article 10

## Curriculum

1. **Module 1**
2. **Module 2**
3. **Module 3**

## Exam & certification

You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.

## Delivery options

- **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
- **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more.
- **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning.
- **Blended** — Combine online and in-person learning for maximum flexibility and impact.

## Frequently asked questions

**How does XSOC compare to EC-Council CSA and CompTIA CySA+?**

Both CSA and CySA+ are multiple choice exams. XSOC is six instructor-led days ending in a supervised live threat hunt and intelligence report on Day 6. Participants demonstrate actual detection and hunting capability across three SIEM platforms rather than answering test questions. The Practitioner Assessment Report documents what was demonstrated and who verified it.

**Which SIEM platforms does the programme cover?**

The programme covers Splunk (SPL), Microsoft Sentinel (KQL), and Elastic (Lucene/DSL) across Days 1 and 2. Participants develop cross-platform query literacy throughout the programme. For the Day 6 hunt exercise, participants choose their primary platform but are expected to demonstrate cross-platform awareness.

**How does XSOC align to UK government and NHS procurement?**

XSOC is aligned to NCSC CAF Objective C, GovAssure detection requirements, and the UK DDaT Cyber Security job family. For public sector security operations teams, this alignment directly supports Direct Award procurement justification and NCSC framework-based capability requirements.

**What does the Day 6 capstone hunt exercise involve?**

Participants receive access to a simulated enterprise SIEM environment containing telemetry from a completed multi-stage attack. They independently identify the attack, map it to MITRE ATT&CK v14, determine the scope of compromise, and produce a structured intelligence report. The senior practitioner observes methodology in real time and assesses both the hunt process and the intelligence report quality.

**What salary and career impact does XSOC have in the UK market?**

SOC Analyst L2/L3 roles in the UK earn £45,000 to £80,000. Detection Engineers and Threat Hunters command £60,000 to £100,000 and above. The Practitioner Assessment Report gives XSOC holders documented evidence of hunting and detection capability that distinguishes them clearly from candidates holding only MCQ certifications.

## Course at a glance

| Field | Value |
| --- | --- |
| Code | CYB-0326 |
| Duration | 6 days |
| Level | Expert |
| Track | SOC Analyst & Threat Hunting |
| Category | Cybersecurity & Ethical Hacking |
| Credential tier | tier3 |
| Price (GBP) | £5995 |

---

## About this content

This Markdown course profile is the citation-grade twin of [XSOC: Xcademia SOC Analyst Practitioner](https://xcademia.com/courses/xsoc-xcademia-soc-analyst-practitioner). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite.

When citing or quoting, please attribute *Xcademia* and link back to the source URL above.

- Source: https://xcademia.com/courses/xsoc-xcademia-soc-analyst-practitioner
- Publisher: Xcademia — https://xcademia.com
- Catalogue index: https://xcademia.com/llms-full.txt