Security Automation and AI-Driven Investigations Specialist

• Role: SOC Investigation Specialist (Remote)
• Location: 100% Remote (Global)
• Compensation: USD 70-95 per hour

Role Overview

One of our clients is seeking experienced SOC Investigation Specialists to support next-generation SOC automation and AI-driven security investigation systems. This role is ideal for skilled SOC analysts who can apply real-world investigative judgment to validate, review, and construct high-quality security investigations across SIEM, endpoint, cloud, and identity environments.

Key Responsibilities

• Review, monitor, and evaluate SOC alerts and investigation outputs based on defined scenarios and criteria.
• Distinguish true positives from false positives by validating evidence and alert context.
• Conduct end-to-end security investigations, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation.
• Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows.
• Apply consistent investigative judgment while recognizing multiple valid investigation paths.
• Make clear binary determinations (e.g., ACCEPT / PASS) and provide detailed ground-truth documentation when required.
• Utilize Splunk to pivot across logs, entities, and timelines, reading and reasoning about SPL queries.
• Maintain accurate and detailed documentation of investigative steps, assumptions, and conclusions.
• Collaborate with program leads and other analysts to uphold high-quality investigation standards.
• Mentor or support other analysts as applicable.

Required Qualifications

• 3+ years of hands-on SOC analyst experience in a production SOC environment (Tier 2 or above preferred).
• Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time pressure.
• Hands-on experience with Splunk, including:
• Conducting investigations
• Reading and reasoning about SPL queries
• Pivoting between logs, entities, and timelines
• Proven ability to evaluate SOC investigations for accuracy and completeness.
• Excellent investigative judgment and decisiveness.
• Fluent English (written and spoken) with strong documentation skills.

Preferred Qualifications

• Experience with Endpoint Detection & Response (EDR) tools such as CrowdStrike, Microsoft Defender for Endpoint, or SentinelOne.
• Familiarity with cloud security logs and platforms (AWS, Azure, GCP).
• Knowledge of Identity & Access Management systems (Okta, Microsoft Entra ID/Azure AD).
• Experience with email security tools like Proofpoint or Mimecast.
• SOC leadership or mentoring experience.
• Basic scripting skills (Python or similar).

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Relevant security certifications (e.g., GCIA, GCIH, GCED, Splunk certs, Security+, CCNA, cloud security certifications).

Why Join

• Work on advanced SOC automation and AI-driven security investigation systems.
• Apply your SOC expertise to shape the future of threat investigation and response.
• Take ownership of high-impact investigations and ground-truth security cases.
• Collaborate with expert security practitioners, engineers, and AI teams.
• Join a global network of vetted security professionals.

Contract & Engagement Details

• Independent contractor role
• Fully remote with flexible scheduling
• Projects may be extended, shortened, or concluded early depending on needs and performance
• Weekly payments via Stripe or Wise
• This role does not support H1-B or STEM OPT candidates at this time

All qualified applicants will be considered without regard to legally protected characteristics. Reasonable accommodations are available upon request.

APPLY NOW!