SOC Splunk Analyst Evening / Overnight / Weekend Shifts

TOSS C3 just won a significant state government Security Operations Center contract in Massachusetts, built around a large enterprise Splunk environment. We are staffing a 24/7 SOC team and are hiring for shift coverage roles immediately. Start is June 2026. This is not a casual engagement. This is a real, active government SOC supporting critical state infrastructure. The work is serious and the expectations are high. If that sounds like your environment, keep reading. AVAILABLE SHIFT TRACKS We are hiring across three shift tracks. When you apply, tell us which fits your availability: Track A: Weekdays Overnight Shift (6 PM to 6 AM, Monday - Thursday) Real-time alert triage, investigation, and escalation to on-call state personnel according to strict SLOs. Track B: Weekends Overnight Shift & Holiday Coverage (6 PM to 6 AM, Friday - Sunday) Lead investigator role for after-hours high-priority incidents and proactive threat hunting. Requires senior-level experience. Track C: Weekend Days and Holiday Coverage (6 AM to 6 PM, Saturday - Sunday) Continuous monitoring and initial alert qualification. Ensures no gaps in 24/7 coverage. HARD REQUIREMENTS — READ BEFORE APPLYING These are non-negotiable. If any of these are a problem, please do not apply. 1. US-Based Work Only All work must be performed from within the United States at all times. A single login from outside the US -- including while traveling -- is a breach of federal and state contract law. No exceptions. 2. Federal Background Checks Every team member must pass CJIS (Criminal Justice Information Services) and IRS Publication 1075 background checks before starting. You must be prepared for full federal-level screening and disclosure. 3. Ongoing Shift Availability These are not one-time gigs. We need reliable, consistent coverage on the schedule you commit to. If your availability changes month to month this is not the right fit. WHAT YOU WILL BE DOING - Monitor a large enterprise Splunk Enterprise Security environment for active threats - Triage, investigate, and escalate security alerts according to documented SLOs - Document every action in ServiceNow -- if it is not logged, it did not happen - Execute shift handoffs with written summaries so the next analyst knows exactly what is warm - Follow established runbooks and escalate immediately when automation fails - Maintain vigilance and accuracy across the full length of your shift WHAT WE ARE LOOKING FOR For Evening and Weekend Tracks: - 2 to 5 years of SOC or security operations experience - Hands-on Splunk experience -- alert triage, search queries, dashboard navigation - Security+ or CySA+ preferred - Strong documentation discipline -- ServiceNow experience is a plus - Calm and methodical under pressure For Overnight Track (senior role): - 7+ years in SOC operations - Deep experience with threat hunting and ransomware attack chain analysis - CISSP, GIAC, or equivalent certification preferred - Proven ability to lead investigations independently with minimal supervision All Tracks: - Ability to distinguish True Positives from False Positives quickly and accurately - Understanding of escalation protocols and why the 15-minute window matters - Professional communication with state agency contacts -- assertive without being aggressive - High personal discipline and focus during solo overnight or low-activity periods --- HOW TO APPLY Submit a proposal that includes: 1. Which shift track you are applying for (A, B, or C) 2. A brief description of your Splunk and SOC experience and the tools you have worked with 3. Confirmation that you are US-based and prepared for CJIS and IRS 1075 background checks 4. Your availability to start in June 2026 Proposals that do not address all four points will not be reviewed. Apply To This Job