Remote | SOC Investigation Analyst — $50–$70/hour

About The Position

Requirements

• 3+ years of hands-on experience as a SOC analyst in a production SOC environment
• Tier 2 or higher SOC analyst experience is strongly preferred
• Strong understanding of alert triage, incident investigation workflows, security evidence, and time-sensitive decision-making
• Mandatory hands-on experience with Splunk, including conducting investigations, reading SPL queries, and pivoting between logs, entities, and timelines
• Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect
• Strong investigative judgment and comfort making clear, evidence-based evaluations
• Fluent English communication skills, with strong written documentation ability
• Ability to work independently in a remote, project-based environment
• A degree in Cybersecurity, Computer Science, Information Security, Information Systems, Digital Forensics, or a related technical field is helpful
• Equivalent professional experience in SOC analysis, incident response, threat detection, or security investigation work is also highly relevant

Nice To Haves

• Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or comparable platforms
• Experience analyzing cloud security logs and signals, including AWS CloudTrail, GuardDuty, Azure Activity Log, Microsoft Defender for Cloud, or GCP Cloud Audit Logs
• Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID
• Experience with email security tools such as Proofpoint, Mimecast, or similar platforms
• SOC leadership, mentoring, or lead analyst experience
• Basic scripting experience with Python or comparable languages
• Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications

Responsibilities

• Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
• Distinguish true positives from false positives by validating alert context, investigative evidence, and supporting signals
• Assess whether security investigation conclusions are correct, incomplete, unsupported, or inaccurate
• Apply consistent investigative judgment while recognizing that more than one valid investigation path may exist for the same alert
• Use Splunk to pivot across logs, entities, timelines, alerts, and investigation artifacts
• Read, understand, and reason about SPL queries in the context of security investigations
• Perform log analysis, entity pivoting, timeline reconstruction, and evidence correlation when required
• Identify relevant signals across SIEM data and explain how evidence supports an investigation conclusion
• Evaluate the correctness, completeness, and quality of SOC investigations produced through structured workflows
• Make clear quality determinations while also producing detailed ground-truth investigations when required
• Review investigation steps, assumptions, supporting evidence, and final conclusions for accuracy and consistency
• Help ensure investigation outputs reflect practical SOC judgment and evidence-based security reasoning
• Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
• Provide structured feedback on investigation quality, alert handling, and technical reasoning
• Collaborate with project leads and other security specialists to uphold high-quality investigation standards
• Support or mentor other analysts where applicable, particularly in long-term or lead reviewer roles

Benefits

• Flexible, remote consulting work aligned with your SOC investigation and security analysis expertise
• Opportunity to contribute to high-impact security investigation evaluation and ground-truth case review
• Suitable for experienced SOC professionals who enjoy evidence-based investigation, structured review, and technical decision-making
• Project-based work that can align with part-time availability and remote schedules
• Independent contractor engagement
• Fully remote and flexible scheduling
• Part-time, project-based availability
• Competitive hourly compensation in the range of $50–$70/hour, depending on project scope, experience, and fit
• Payments are made weekly via Stripe or Wise based on services rendered