Note: The job is a remote job and is open to candidates in USA. 24-MAG LLC is offering a specialised part-time consulting opportunity for experienced SOC investigation professionals. The role involves reviewing SOC alerts, conducting incident evaluations, and ensuring high-quality security investigations, utilizing hands-on experience with various security tools and methodologies.
Responsibilities
- Review, monitor, and evaluate SOC alerts and investigation outputs based on predefined scenarios and criteria
- Distinguish true positives from false positives by validating alert context, investigative evidence, and supporting signals
- Assess whether security investigation conclusions are correct, incomplete, unsupported, or inaccurate
- Apply consistent investigative judgment while recognizing that more than one valid investigation path may exist for the same alert
- Use Splunk to pivot across logs, entities, timelines, alerts, and investigation artifacts
- Read, understand, and reason about SPL queries in the context of security investigations
- Perform log analysis, entity pivoting, timeline reconstruction, and evidence correlation when required
- Identify relevant signals across SIEM data and explain how evidence supports an investigation conclusion
- Evaluate the correctness, completeness, and quality of SOC investigations produced through structured workflows
- Make clear quality determinations while also producing detailed ground-truth investigations when required
- Review investigation steps, assumptions, supporting evidence, and final conclusions for accuracy and consistency
- Help ensure investigation outputs reflect practical SOC judgment and evidence-based security reasoning
- Maintain clear and accurate documentation of investigative steps, assumptions, evidence, and conclusions
- Provide structured feedback on investigation quality, alert handling, and technical reasoning
- Collaborate with project leads and other security specialists to uphold high-quality investigation standards
- Support or mentor other analysts where applicable, particularly in long-term or lead reviewer roles
Skills
- 3+ years of hands-on experience as a SOC analyst in a production SOC environment
- Strong understanding of alert triage, incident investigation workflows, security evidence, and time-sensitive decision-making
- Mandatory hands-on experience with Splunk, including conducting investigations, reading SPL queries, and pivoting between logs, entities, and timelines
- Proven ability to evaluate SOC investigations and determine whether conclusions are valid, incomplete, or incorrect
- Strong investigative judgment and comfort making clear, evidence-based evaluations
- Fluent English communication skills, with strong written documentation ability
- Ability to work independently in a remote, project-based environment
- A degree in Cybersecurity, Computer Science, Information Security, Information Systems, Digital Forensics, or a related technical field is helpful
- Equivalent professional experience in SOC analysis, incident response, threat detection, or security investigation work is also highly relevant
- Experience with Endpoint Detection & Response tools such as CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, or comparable platforms
- Experience analyzing cloud security logs and signals, including AWS CloudTrail, GuardDuty, Azure Activity Log, Microsoft Defender for Cloud, or GCP Cloud Audit Logs
- Familiarity with Identity & Access Management platforms such as Okta Identity Cloud or Microsoft Entra ID
- Experience with email security tools such as Proofpoint, Mimecast, or similar platforms
- SOC leadership, mentoring, or lead analyst experience
- Basic scripting experience with Python or comparable languages
- Security certifications such as GCIA, GCIH, GCED, Splunk certifications, Security+, CCNA, or cloud security certifications
Benefits
- Flexible, remote consulting work aligned with your SOC investigation and security analysis expertise
- Opportunity to contribute to high-impact security investigation evaluation and ground-truth case review
- Suitable for experienced SOC professionals who enjoy evidence-based investigation, structured review, and technical decision-making
- Project-based work that can align with part-time availability and remote schedules
- Independent contractor engagement
- Fully remote and flexible scheduling
- Part-time, project-based availability
- Payments are made weekly via Stripe or Wise based on services rendered
Company Overview