Find The RightJob.
SOC Analyst
About The Job
Mercor connects elite creative and technical talent with leading AI research labs. Headquartered in San Francisco, our investors include Benchmark , General Catalyst , Peter Thiel , Adam D'Angelo , Larry Summers , and Jack Dorsey .
Position: SOC Investigation Specialist
Type: Contract
Compensation: $70–$95/hour
Location: Remote
Role Responsibilities
Must-Have
Mercor connects elite creative and technical talent with leading AI research labs. Headquartered in San Francisco, our investors include Benchmark , General Catalyst , Peter Thiel , Adam D'Angelo , Larry Summers , and Jack Dorsey .
Position: SOC Investigation Specialist
Type: Contract
Compensation: $70–$95/hour
Location: Remote
Role Responsibilities
- Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria.
- Distinguish true positives from false positives by validating investigative evidence and alert context.
- Perform end-to-end security investigations, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation.
- Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows.
- Use Splunk extensively to pivot across logs, entities, and timelines, including reading and reasoning about SPL queries.
-
Collaborate with program leads and other expert annotators to uphold high-quality investigation and annotation standards.
Must-Have
- 3+ years of hands-on experience as a SOC analyst in a production SOC environment (Tier 2 or above strongly preferred).
- Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time constraints.
- Mandatory hands-on experience with Splunk, including conducting investigations and reasoning about SPL queries.
- Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect.
-
Fluent English (written and spoken) with strong documentation and communication skills.
- Experience with Endpoint Detection & Response (EDR) tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne.
- Experience analyzing cloud security logs and signals: AWS (CloudTrail, GuardDuty), Azure (Activity Log, Defender for Cloud), GCP (Cloud Audit Logs).
- Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID (Azure AD).
- Experience with email security tools like Proofpoint or Mimecast.
- SOC leadership or mentoring experience.
- Basic scripting experience (Python or similar).
-
Security certifications (optional): GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications.
- Upload resume
- AI interview based on your resume
-
Submit form
- For details about the interview process and platform information, please check: https://talent.docs.mercor.com/welcome/welcome
-
For any help or support, reach out to: support@mercor.com
Similar jobs
Trading Technology Associate
Artisan Partners
San Francisco, United States
3 days ago
Risk Analyst
Lockton Companies
San Francisco, United States
4 days ago
Project Manager - Scrum Master
Aditi Consulting
San Francisco, United States
4 days ago
Equity Research Analyst – SEC Filing Specialist
MERCOR
San Francisco, United States
4 days ago
Adversarial AI Offensive Security Engineer
Mercor
San Francisco, United States
4 days ago
Senior Financial Analyst
ALTRUIST
San Francisco, United States
11 days ago
Security Operations Analyst
Astranis
San Francisco, United States
11 days ago
© 2026 Qureos. All rights reserved.