Security Analyst – Splunk & SOC Investigations (Talent Network) | Remote

Crossing Hurdles

Website: crossinghurdles.com
Job details:

Position: SOC Investigation Specialist Talent Network

Type: Talent network

Location: Remote

Commitment: 10–40 hours/week

Role Responsibilities

• Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
• Distinguish true positives from false positives by validating investigative evidence and alert context
• Perform end-to-end security investigations including log analysis, entity pivoting, timeline reconstruction, and evidence correlation
• Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows
• Apply consistent investigative judgment and recognize multiple valid investigation paths
• Make binary determinations while producing detailed ground-truth investigations when required
• Use Splunk to pivot across logs, entities, and timelines and reason about SPL queries
• Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
• Collaborate with program leads and other expert annotators to uphold investigation and annotation standards
• Mentor or support other analysts where applicable

Requirements

• Hands-on experience as a SOC analyst in a production SOC environment
• Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making
• Hands-on experience with Splunk including conducting investigations and reasoning about SPL queries
• Ability to pivot between logs, entities, and timelines
• Proven ability to evaluate SOC investigations and determine validity of conclusions
• Strong investigative judgment and ability to make decisive evaluations
• Fluent English with strong documentation and communication skills
• Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne
• Experience analyzing cloud security logs such as AWS, Azure, or GCP
• Familiarity with Identity & Access Management platforms such as Okta or Microsoft Entra ID
• Experience with email security tools like Proofpoint or Mimecast
• SOC leadership or mentoring experience
• Basic scripting experience (Python or similar)
• Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications

Application Process (Takes 20 Mins)

• Upload resume
• Interview (15 min)
• Submit form

Click on Apply to know more.