SOC Analyst for AI-Driven Investigation Systems

As a SOC Investigation Specialist, you will play a critical role in enhancing the capabilities of next-generation SOC automation and AI-driven investigation systems. This position is designed for seasoned SOC analysts who possess the ability to apply real-world investigative judgment to conduct thorough security investigations across various environments, including SIEM, endpoint, cloud, and identity.

• Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria.
• Distinguish true positives from false positives by validating investigative evidence and alert context.
• Perform end-to-end security investigations when necessary, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation.
• Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows.
• Apply consistent investigative judgment while recognizing that multiple valid investigation paths may exist for the same alert.
• Make clear binary determinations (e.g., ACCEPT / PASS) while also producing detailed ground-truth investigations when required.
• Utilize Splunk extensively to pivot across logs, entities, and timelines, including reading and reasoning about SPL queries.
• Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions.
• Collaborate with program leads and other expert annotators to uphold high-quality investigation and annotation standards.
• Mentor or support other analysts where applicable, particularly in long-term or lead annotator roles.

• 3+ years of hands-on experience as a SOC analyst in a production SOC environment (Tier 2 or above strongly preferred).
• Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time constraints.
• Mandatory hands-on experience with Splunk, including conducting investigations, reading and reasoning about SPL queries, and pivoting between logs, entities, and timelines.
• Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect.
• Strong investigative judgment and comfort making decisive evaluations.
• Fluent English (written and spoken) with strong documentation and communication skills.

• Experience with Endpoint Detection & Response (EDR) tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne.
• Experience analyzing cloud security logs and signals from AWS (CloudTrail, GuardDuty), Azure (Activity Log, Defender for Cloud), and GCP (Cloud Audit Logs).
• Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID (Azure AD).
• Experience with email security tools like Proofpoint or Mimecast.
• SOC leadership or mentoring experience.
• Basic scripting experience (Python or similar).
• Security certifications (optional): GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications.

This is a remote, hourly position.

The hourly compensation ranges from $70 to $95.

Applicants must have the right to work in the applicable location without sponsorship.