All Jobs Vacancy

Cybersecurity Analyst – Splunk & SOC Investigations (Talent Network) | Remote

Posted 5 days ago by Crossing Hurdles

Summary: The SOC Investigation Specialist role involves reviewing and evaluating SOC alerts and investigations, distinguishing true positives from false positives, and conducting end-to-end security investigations. The position requires hands-on experience with Splunk and a strong understanding of incident investigation workflows. The specialist will also mentor other analysts and maintain documentation of investigative processes. This role is remote and requires a commitment of 10 to 40 hours per week.

Key Responsibilities:

  • Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
  • Distinguish true positives from false positives by validating investigative evidence and alert context
  • Perform end-to-end security investigations including log analysis, entity pivoting, timeline reconstruction, and evidence correlation
  • Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows
  • Apply consistent investigative judgment and recognize multiple valid investigation paths
  • Make binary determinations while producing detailed ground-truth investigations when required
  • Use Splunk to pivot across logs, entities, and timelines and reason about SPL queries
  • Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
  • Collaborate with program leads and other expert annotators to uphold investigation and annotation standards
  • Mentor or support other analysts where applicable

Key Skills:

  • Hands-on experience as a SOC analyst in a production SOC environment
  • Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making
  • Hands-on experience with Splunk including conducting investigations and reasoning about SPL queries
  • Ability to pivot between logs, entities, and timelines
  • Proven ability to evaluate SOC investigations and determine validity of conclusions
  • Strong investigative judgment and ability to make decisive evaluations
  • Fluent English with strong documentation and communication skills
  • Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne
  • Experience analyzing cloud security logs such as AWS, Azure, or GCP
  • Familiarity with Identity & Access Management platforms such as Okta or Microsoft Entra ID
  • Experience with email security tools like Proofpoint or Mimecast
  • SOC leadership or mentoring experience
  • Basic scripting experience (Python or similar)
  • Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications

Salary (Rate): undetermined

City: undetermined

Country: United Kingdom

Working Arrangements: remote

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Position: SOC Investigation Specialist Talent Network

Type: Talent network

Location: Remote

Commitment: 10 40 hours/week

Role Responsibilities

  • Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
  • Distinguish true positives from false positives by validating investigative evidence and alert context
  • Perform end-to-end security investigations including log analysis, entity pivoting, timeline reconstruction, and evidence correlation
  • Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows
  • Apply consistent investigative judgment and recognize multiple valid investigation paths
  • Make binary determinations while producing detailed ground-truth investigations when required
  • Use Splunk to pivot across logs, entities, and timelines and reason about SPL queries
  • Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
  • Collaborate with program leads and other expert annotators to uphold investigation and annotation standards
  • Mentor or support other analysts where applicable

Requirements

  • Hands-on experience as a SOC analyst in a production SOC environment
  • Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making
  • Hands-on experience with Splunk including conducting investigations and reasoning about SPL queries
  • Ability to pivot between logs, entities, and timelines
  • Proven ability to evaluate SOC investigations and determine validity of conclusions
  • Strong investigative judgment and ability to make decisive evaluations
  • Fluent English with strong documentation and communication skills
  • Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne
  • Experience analyzing cloud security logs such as AWS, Azure, or GCP
  • Familiarity with Identity & Access Management platforms such as Okta or Microsoft Entra ID
  • Experience with email security tools like Proofpoint or Mimecast
  • SOC leadership or mentoring experience
  • Basic scripting experience (Python or similar)
  • Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications

Application Process (Takes 20 Mins)

  • Upload resume
  • Interview (15 min)
  • Submit form
Rate:
£0/year
Location:
United Kingdom
IR35 Status:
Undetermined
Remote Status:
Remote
Industry:
IT
Seniority Level:
Not Specified

Take-Home Pay

Not Available

Visit calculators for additional details

Create a free account to view the take-home pay for this contract

Share job