Remote | SOC Investigation Analyst — $50-$70/hour

We are sharing a specialised part-time consulting opportunity for experienced SOC investigation professionals with strong backgrounds in alert triage, incident investigation, Splunk-based log analysis, evidence correlation, timeline reconstruction, and security investigation quality review.

This role supports current and upcoming remote consulting opportunities focused on SOC investigation evaluation, alert validation, security evidence review, investigation workflow assessment, and high-quality technical documentation. Selected professionals may apply hands-on experience across SIEM, endpoint, cloud, and identity environments to review, validate, and construct accurate security investigations based on real-world scenarios.

Key Responsibilities

Professionals in this role may contribute to:

SOC Alert Review & Investigation Evaluation

• Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
• Distinguish true positives from false positives by validating alert context, investigative evidence, and supporting signals
• Assess whether security investigation conclusions are correct, incomplete, unsupported, or inaccurate
• Apply consistent investigative judgment while recognizing that more than one valid investigation path may exist for the same alert

Splunk-Based Investigation & Log Analysis

• Use Splunk to pivot across logs, entities, timelines, alerts, and investigation artifacts
• Read, understand, and reason about SPL queries in the context of security investigations
• Perform log analysis, entity pivoting, timeline reconstruction, and evidence correlation when required
• Identify relevant signals across SIEM data and explain how evidence supports an investigation conclusion

Security Evidence & Ground-Truth Review

• Evaluate the correctness, completeness, and quality of SOC investigations produced through structured workflows
• Make clear quality determinations while also producing detailed ground-truth investigations when required
• Review investigation steps, assumptions, supporting evidence, and final conclusions for accuracy and consistency
• Help ensure investigation outputs reflect practical SOC judgment and evidence-based security reasoning

Documentation & Quality Standards

• Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
• Provide structured feedback on investigation quality, alert handling, and technical reasoning
• Collaborate with project leads and other security specialists to uphold high-quality investigation standards
• Support or mentor other analysts where applicable, particularly in long-term or lead reviewer roles

Ideal Profile

Strong candidates may have:

• 3+ years of hands-on experience as a SOC analyst in a production SOC environment
• Tier 2 or higher SOC analyst experience is strongly preferred
• Strong understanding of alert triage, incident investigation workflows, security evidence, and time-sensitive decision-making
• Mandatory hands-on experience with Splunk, including conducting investigations, reading SPL queries, and pivoting between logs, entities, and timelines
• Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect
• Strong investigative judgment and comfort making clear, evidence-based evaluations
• Fluent English communication skills, with strong written documentation ability
• Ability to work independently in a remote, project-based environment

Educational Background

• A degree in Cybersecurity, Computer Science, Information Security, Information Systems, Digital Forensics, or a related technical field is helpful
• Equivalent professional experience in SOC analysis, incident response, threat detection, or security investigation work is also highly relevant

Nice to Have

• Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or comparable platforms
• Experience analyzing cloud security logs and signals, including AWS CloudTrail, GuardDuty, Azure Activity Log, Microsoft Defender for Cloud, or GCP Cloud Audit Logs
• Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID
• Experience with email security tools such as Proofpoint, Mimecast, or similar platforms
• SOC leadership, mentoring, or lead analyst experience
• Basic scripting experience with Python or comparable languages
• Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications

Why This Opportunity

• Flexible, remote consulting work aligned with your SOC investigation and security analysis expertise
• Opportunity to contribute to high-impact security investigation evaluation and ground-truth case review
• Suitable for experienced SOC professionals who enjoy evidence-based investigation, structured review, and technical decision-making
• Project-based work that can align with part-time availability and remote schedules

Contract Details

• Independent contractor engagement
• Fully remote and flexible scheduling
• Part-time, project-based availability
• Expected commitment may vary by project, with many opportunities ranging from approximately 15–30 hours per week
• Competitive hourly compensation in the range of $50–$70/hour, depending on project scope, experience, and fit
• Payments are made weekly via Stripe or Wise based on services rendered
• Projects may be extended, shortened, adjusted, or concluded based on project needs and performance
• Eligible locations include Albania, Austria, Belgium, Bosnia and Herzegovina, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, India, Ireland, Italy, Kosovo, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Monaco, Netherlands, North Macedonia, Norway, Poland, Portugal, Romania, San Marino, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom
• Candidates requiring H1-B or STEM OPT sponsorship support are not eligible at this time
• Work must not involve sharing confidential or proprietary information from any employer, client, or institution

About the Platform

This opportunity is available through 24-MAG LLC. We connect experienced professionals with remote consulting opportunities across technical, evaluation, and project-based workstreams.

By submitting this application, you acknowledge that your information may be processed by 24-MAG LLC for recruitment and opportunity matching in accordance with our Privacy Policy: .