Cybersecurity Analyst & Splunk & SOC Investigations

Type: Talent network

Location: Remote

Commitment: 10–40 hours/week Role Responsibilities • Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria • Distinguish true positives from false positives by validating investigative evidence and alert context • Perform end-to-end security investigations including log analysis, entity pivoting, timeline reconstruction, and evidence correlation • Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows • Apply consistent investigative judgment and recognize multiple valid investigation paths • Make binary determinations while producing detailed ground-truth investigations when required • Use Splunk to pivot across logs, entities, and timelines and reason about SPL queries • Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions • Collaborate with program leads and other expert annotators to uphold investigation and annotation standards • Mentor or support other analysts where applicable Requirements • Hands‑on experience as a SOC analyst in a production SOC environment • Strong understanding of alert triage, incident investigation workflows, and evidence‑based decision‑making • Hands‑on experience with Splunk including conducting investigations and reasoning about SPL queries • Ability to pivot between logs, entities, and timelines • Proven ability to evaluate SOC investigations and determine validity of conclusions • Strong investigative judgment and ability to make decisive evaluations • Fluent English with strong documentation and communication skills • Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne • Experience analyzing cloud security logs such as AWS, Azure, or GCP • Familiarity with Identity & Access Management platforms such as Okta or Microsoft Entra ID • Experience with email security tools like Proofpoint or Mimecast • SOC leadership or mentoring experience • Basic scripting experience (Python or similar) • Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications