The sustainability of Security Operations Centers depends on their people, yet 71% of practitioners report burnout and 24% plan to exit cybersecurity entirely. Flow theory suggests that when job demands misalign with practitioner capabilities, work becomes overwhelming or tedious rather than engaging. Achieving challenge-skill balance begins at hiring: if job descriptions inaccurately portray requirements, organizations risk recruiting underskilled practitioners who face anxiety or overskilled ones who experience boredom. Yet we lack empirical understanding of what current SOC job descriptions actually specify. We analyzed 106 public SOC job postings from November to December 2024 across 35 organizations in 11 countries, covering Analysts (n=17), Incident Responders (n=38), Threat Hunters (n=39), and SOC Managers (n=12). Using Inductive Content Analysis, we coded certifications, technical skills, soft skills, tasks, and experience requirements. Three patterns emerged: (1) Communication skills dominate (50.9% of postings), exceeding SIEM tools (18.9%) or programming (30.2%), suggesting organizations prioritize collaboration over technical capabilities. (2) Certification expectations vary widely: CISSP leads (22.6%), but 43 distinct credentials appear with no universal standard. (3) Technical requirements show consensus: Python dominates programming (27.4%), Splunk leads SIEM platforms (14.2%), and ISO 27001 (13.2%) and NIST (10.4%) are most cited standards. These findings enable organizations to audit job descriptions against empirical baselines, help practitioners identify valued certifications and skills, and allow researchers to validate whether stated requirements align with actual demands. This establishes the foundation for flow-aligned interview protocols and investigation of how AI reshapes requirements. Dataset and codebook: https://git.tu-berlin.de/wosoc-2026/soc-jd-analysis.

翻译：安全运营中心的可持续性取决于其人员，然而71%的从业者报告存在职业倦怠，24%计划完全退出网络安全领域。心流理论指出，当工作要求与从业者能力不匹配时，工作会变得令人不堪重负或枯燥乏味，而非引人入胜。实现挑战与技能的平衡始于招聘环节：如果职位描述未能准确反映实际要求，组织可能招募到技能不足而面临焦虑的从业者，或技能过高而感到厌倦的从业者。然而，我们目前缺乏对现有SOC职位描述实际内容的实证理解。我们分析了2024年11月至12月期间来自11个国家、35个组织的106份公开SOC职位招聘信息，涵盖分析师（n=17）、事件响应人员（n=38）、威胁猎手（n=39）和SOC经理（n=12）。通过归纳式内容分析法，我们对认证、技术技能、软技能、任务和经验要求进行了编码。分析揭示了三种模式：（1）沟通技能占主导地位（占招聘信息的50.9%），超过了SIEM工具（18.9%）或编程技能（30.2%）的要求，这表明组织优先考虑协作能力而非技术能力。（2）认证要求差异巨大：CISSP最为常见（22.6%），但出现了43种不同的认证资格，缺乏统一标准。（3）技术要求呈现共识：Python在编程语言中占主导（27.4%），Splunk在SIEM平台中领先（14.2%），ISO 27001（13.2%）和NIST（10.4%）是最常引用的标准。这些发现使组织能够依据实证基准审核职位描述，帮助从业者识别有价值的认证和技能，并允许研究人员验证所述要求是否与实际需求相符。这为设计心流导向的面试流程以及研究人工智能如何重塑岗位要求奠定了基础。数据集与编码手册：https://git.tu-berlin.de/wosoc-2026/soc-jd-analysis。