Responsibilities
• Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
• Distinguish true positives from false positives by validating investigative evidence and alert context
• Perform end-to-end security investigations, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation
• Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows
• Use Splunk extensively to pivot across logs, entities, and timelines, including reading and reasoning about SPL queries
• Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
• Collaborate with program leads and other expert annotators to uphold high-quality investigation standards

Requirements
• 3+ years hands-on experience as a SOC analyst in a production SOC environment (Tier 2 or above preferred)
• Strong understanding of alert triage, incident investigation workflows, and evidence-based decision making
• Mandatory hands-on experience with Splunk, including conducting investigations and reading SPL queries
• Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect
• Strong investigative judgment and comfort in making decisive evaluations
• Fluent English with strong documentation and communication skills

Nice to Have
• Experience with EDR tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne
• Experience analyzing cloud security logs from AWS, Azure, or GCP
• Familiarity with Identity and Access Management platforms such as Okta or Microsoft Entra ID
• Experience with email security tools like Proofpoint or Mimecast
• SOC leadership or mentoring experience
• Basic scripting experience in Python or similar
• Security certifications such as GCIA, GCIH, GCED, Splunk certifications, or Security+

How to Apply
Click "Apply" to be taken to the Mercor website. This is a flexible remote contract role. Please note that this role cannot support H1B or STEM OPT candidates. Applying through our link supports WFH Bulletin as a referral partner, but you are welcome to apply directly if you prefer.