Remote | SOC Investigation Specialist Talent Network

We are sharing a specialised part-time consulting opportunity for experienced SOC analysts with strong expertise in alert triage, incident investigation, Splunk-based analysis, and evidence-driven security decision-making. This role supports high-growth technology and enterprise partners building next-generation SOC automation and AI-driven investigation systems. Selected professionals will help review and validate SOC investigations, distinguish true positives from false positives, perform end-to-end security analysis when needed, and contribute to improving the quality and reliability of AI-supported security investigation workflows. Key Responsibilities Professionals in this role may contribute to: SOC Alert Review & Investigation Evaluation Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria Distinguish true positives from false positives by validating investigative evidence and alert context Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows Security Investigation & Analysis Perform end-to-end security investigations when required, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation Apply consistent investigative judgment while recognizing that multiple valid investigation paths may exist for the same alert Make clear binary determinations such as accept or pass while also producing detailed ground-truth investigations when required Splunk-Based Investigation Workflows Use Splunk extensively to pivot across logs, entities, and timelines Read, understand, and reason about SPL queries Support high-quality investigation workflows through structured evidence analysis and documentation Documentation & Collaboration Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions Collaborate with program leads and other expert annotators to uphold high-quality investigation and annotation standards Mentor or support other analysts where applicable, particularly in long-term or lead annotator roles Ideal Profile Strong candidates may have: 3+ years of hands-on experience as a SOC analyst in a production SOC environment Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time constraints Mandatory hands-on experience with Splunk, including conducting investigations, reading and reasoning about SPL queries, and pivoting across logs, entities, and timelines Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect Strong investigative judgment and comfort making decisive evaluations Fluent English, written and spoken, with strong documentation and communication skills Preferred qualifications Tier 2 or above SOC experience Experience with Endpoint Detection and Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne Experience analyzing cloud security logs and signals across AWS, Azure, or GCP Familiarity with identity and access management platforms such as Okta Identity Cloud or Microsoft Entra ID Experience with email security tools such as Proofpoint or Mimecast SOC leadership or mentoring experience Basic scripting experience in Python or similar languages Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications Why This Opportunity Work on cutting-edge SOC automation and AI-driven investigation systems Apply real-world SOC expertise to shape how future security teams investigate and respond to threats Take ownership of high-impact investigative evaluations and ground-truth security cases Collaborate with experienced SOC practitioners, security engineers, and AI teams Join Mercor's global network of vetted security professionals Contract Details Independent contractor role Fully remote with flexible scheduling Talent network opportunity Weekly payments via Stripe or Wise Projects may be extended, shortened, or concluded early depending on project needs and performance Work will not involve access to confidential or proprietary information from any employer, client, or institution Please note: We are unable to support H1-B or STEM OPT candidates at this time Location requirements: India, Denmark, Estonia, Finland, Iceland, Ireland, Latvia, Lithuania, Norway, Sweden, Austria, Belgium, France, Germany, Liechtenstein, Luxembourg, Monaco, Netherlands, Switzerland, United Kingdom, Albania, Bosnia and Herzegovina, Croatia, Greece, Italy, Kosovo, Malta, North Macedonia, Portugal, San Marino, Serbia, Slovenia, Spain, Bulgaria, Czech Republic, Hungary, Moldova, Poland, Romania, or Slovakia About the Platform This opportunity is available through a leading AI-driven work platform that connects domain experts with frontier AI research projects. Experts contribute to improving advanced AI systems by providing specialised expertise across security investigations, threat analysis, annotation workflows, and domain-specific evaluation. By submitting this application, you acknowledge that your information may be processed by 24-MAG LLC for recruitment and opportunity matching in accordance with our Privacy Policy: https://www.24-mag.com/privacy-policy