SOC Analyst - Remote

About the job

Mercor connects elite creative and technical talent with leading AI research labs. Headquartered in San Francisco, our investors include Benchmark , General Catalyst , Peter Thiel , Adam D'Angelo , Larry Summers , and Jack Dorsey .

Position: SOC Investigation Specialist

Type: Contract

Compensation: $70–$95/hour

Location: Remote

Role Responsibilities

• Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria.
• Distinguish true positives from false positives by validating investigative evidence and alert context.
• Perform end-to-end security investigations, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation.
• Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows.
• Use Splunk extensively to pivot across logs, entities, and timelines, including reading and reasoning about SPL queries .
• Collaborate with program leads and other expert annotators to uphold high-quality investigation and annotation standards.

Qualifications

Must-Have

• 3+ years of hands-on experience as a SOC analyst in a production SOC environment (Tier 2 or above strongly preferred).
• Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time constraints.
• Mandatory hands-on experience with Splunk , including conducting investigations and reasoning about SPL queries .
• Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect.
• Fluent English (written and spoken) with strong documentation and communication skills.

Preferred

• Experience with Endpoint Detection & Response (EDR) tools such as CrowdStrike Falcon , Microsoft Defender for Endpoint , or SentinelOne .
• Experience analyzing cloud security logs and signals: AWS (CloudTrail, GuardDuty), Azure (Activity Log, Defender for Cloud), GCP (Cloud Audit Logs).
• Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID (Azure AD) .
• Experience with email security tools like Proofpoint or Mimecast .
• SOC leadership or mentoring experience.
• Basic scripting experience ( Python or similar).
• Security certifications (optional): GCIA , GCIH , GCED , Splunk certifications , Security+ , CCNA , or cloud security certifications.

Application Process (Takes 20–30 mins to complete)

• Upload resume
• AI interview based on your resume
• Submit form

Resources & Support

• For details about the interview process and platform information, please check:
• For any help or support, reach out to: [email protected]

PS: Our team reviews applications daily. Please complete your AI interview and application steps to be considered for this opportunity.