SOC Investigation Specialist Talent Network

Mercor is hiring SOC Investigation Specialist on behalf of high-growth technology and enterprise partners building next-generation SOC automation and AI-driven investigation systems. This role is ideal for experienced SOC analysts who can apply real-world investigative judgment to review, validate, and construct high-quality security investigations across SIEM, endpoint, cloud, and identity environments.

Responsibilities

- Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria.


- Distinguish true positives from false positives by validating investigative evidence and alert context.


- Perform end-to-end security investigations when required, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation.


- Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows.


- Apply consistent investigative judgment while recognizing that multiple valid investigation paths may exist for the same alert.


- Make clear binary determinations (e.g., ACCEPT / PASS) while also producing detailed ground-truth investigations when required.


- Use Splunk extensively to pivot across logs, entities, and timelines, including reading and reasoning about SPL queries.


- Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions.


- Collaborate with program leads and other expert annotators to uphold high-quality investigation and annotation standards.


- Mentor or support other analysts where applicable, particularly in long-term or lead annotator roles.

Requirements

- 3+ years of hands-on experience as a SOC analyst in a production SOC environment (Tier 2 or above strongly preferred).


- Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time constraints.


- Mandatory hands-on experience with Splunk , including:


- Conducting investigations using Splunk


- Reading, understanding, and reasoning about SPL queries


- Pivoting between logs, entities, and timelines


- Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect.


- Strong investigative judgment and comfort making decisive evaluations.


- Fluent English (written and spoken) with strong documentation and communication skills.

Nice to Have

- Experience with Endpoint Detection & Response (EDR) tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne.


- Experience analyzing cloud security logs and signals:


- AWS (CloudTrail, GuardDuty)


- Azure (Activity Log, Defender for Cloud)


- GCP (Cloud Audit Logs)


- Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID (Azure AD).


- Experience with email security tools like Proofpoint or Mimecast.


- SOC leadership or mentoring experience.


- Basic scripting experience (Python or similar).


- Security certifications (optional): GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications.

Why Join

- Work on cutting-edge SOC automation and AI-driven investigation systems.


- Apply real-world SOC expertise to shape how future security teams investigate and respond to threats.


- Take ownership of high-impact investigative evaluations and ground-truth security cases.


- Collaborate with experienced SOC practitioners, security engineers, and AI teams.


- Join Mercor's global network of vetted security professionals.