Mercor Logo

SOC Analyst - Remote

Remote
vor 3 Tagen
Berlin
Stellenbeschreibung

About The Job

Mercor connects elite creative and technical talent with leading AI research labs. Headquartered in San Francisco, our investors include Benchmark , General Catalyst , Peter Thiel , Adam D'Angelo , Larry Summers , and Jack Dorsey .

Position: SOC Investigation Specialist

  • Type: Contract
  • Compensation: $70--$95/hour
  • Location: Remote

Role Responsibilities

  • Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria.
  • Distinguish true positives from false positives by validating investigative evidence and alert context.
  • Perform end-to-end security investigations, including log analysis, entity pivoting, timeline reconstruction, and evidence correlation.
  • Assess the correctness, completeness, and quality of SOC investigations produced by automated or human workflows.
  • Use Splunk extensively to pivot across logs, entities, and timelines, including reading and reasoning about SPL queries.
  • Collaborate with program leads and other expert annotators to uphold high-quality investigation and annotation standards.

Qualifications

Must-Have

  • 3 years of hands-on experience as a SOC analyst in a production SOC environment (Tier 2 or above strongly preferred).
  • Strong understanding of alert triage, incident investigation workflows, and evidence-based decision-making under time constraints.
  • Mandatory hands-on experience with Splunk, including conducting investigations and reasoning about SPL queries.
  • Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect.
  • Fluent English (written and spoken) with strong documentation and communication skills.

Preferred

  • Experience with Endpoint Detection & Response (EDR) tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, or SentinelOne.
  • Experience analyzing cloud security logs and signals: AWS (CloudTrail, GuardDuty), Azure (Activity Log, Defender for Cloud), GCP (Cloud Audit Logs).
  • Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID (Azure AD).
  • Experience with email security tools like Proofpoint or Mimecast.
  • SOC leadership or mentoring experience.
  • Basic scripting experience (Python or similar).
  • Security certifications (optional): GCIA, GCIH, GCED, Splunk certifications, Security , CCNA, or cloud security certifications.

Application Process (Takes 20--30 mins to complete)

  • Upload resume
  • AI interview based on your resume
  • Submit form

Resources & Support

  • For details about the interview process and platform information, please check: https://talent.docs.mercor.com/welcome/welcome
  • For any help or support, reach out to: support@mercor.com

PS: Our team reviews applications daily. Please complete your AI interview and application steps to be considered for this opportunity.