Position: SOC Investigation Specialist Talent Network Type: Talent network Location: Remote Commitment: 10–40 hours/week
Role Responsibilities Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria Distinguish true positives from false positives by validating investigative evidence and alert context Perform end-to-end security investigations including log analysis, entity pivoting, timeline reconstruction, and evidence correlation Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows Apply consistent investigative judgment and recognize multiple valid investigation paths Make binary determinations while producing detailed ground-truth investigations when required Use Splunk to pivot across logs, entities, and timelines and reason about SPL queries Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions Collaborate with program leads and other expert annotators to uphold investigation and annotation standards Mentor or support other analysts where applicable
Requirements Hands-on experience as a SOC analyst in a production SOC environment Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making Hands-on experience with Splunk including conducting investigations and reasoning about SPL queries Ability to pivot between logs, entities, and timelines Proven ability to evaluate SOC investigations and determine validity of conclusions Strong investigative judgment and ability to make decisive evaluations Fluent English with strong documentation and communication skills Experience with Endpoint Detection & Response tools such as Crowd Strike Falcon, Microsoft Defender for Endpoint, or Sentinel One Experience analyzing cloud security logs such as AWS, Azure, or GCPFamiliarity with Identity & Access Management platforms such as Okta or Microsoft Entra IDExperience with email security tools like Proofpoint or Mimecast SOC leadership or mentoring experience Basic scripting experience (Python or similar) Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications
Application Process (Takes 20 Mins) Upload resume Interview (15 min) Submit form

Skills: Python, AWS, Azure, communication skills, Splunk, GCP, Proofpoint