Security Analyst (Security Operations)
Nscale · Seattle, WA · 1 wk ago
HybridInformation Technology$100k–$130k/yrFull-time
About the role
We are hiring Security Analysts to run the daily security operations work that keeps Nscale protected. This is a hands-on analyst role, one level below Staff, working across alert triage, incident investigation, escalation, evidence collection, response coordination, vulnerability follow-up, and operational reporting. The role connects closely with Incident Response, Cyber Defence, Enterprise Security, IT, Platform Engineering, identity, endpoint, vulnerability management, network security, GRC, and platform teams.
What you'll be doing
- Security alert triage and investigation
- Triage daily security alerts across endpoint, identity, SaaS, cloud, network, email, and infrastructure telemetry.
- Investigate suspicious activity, including user behavior, device activity, login events, access changes, exposed assets, and potential data leakage.
- Separate signal from noise and make clear judgments on when to keep investigating, when to escalate, and when to ask for help.
- Incident response and escalation
- Escalate confirmed or high-risk events to Incident Response, Cyber Defence, Enterprise Security, IT, Platform Engineering, or other owners.
- Execute documented response actions such as host isolation requests, account review, access disablement recommendations, malicious domain blocking requests, evidence capture, and case routing.
- Build incident timelines, collect evidence, and write clear handoff notes.
- Support post-incident reviews, including missed opportunities in prevention, detection, response, and remediation.
- Operational reporting and continuous improvement
- Produce daily and weekly operational reporting covering alert volumes, true positives, escalations, open cases, recurring issues, and response SLAs.
- Improve runbooks, investigation guides, alert tuning feedback, and automation opportunities.
- Identify recurring false positives, missing context, or weak handoff points and propose fixes.
- Follow up on vulnerabilities and exposures where daily operations identifies active risk, missing ownership, or overdue remediation.
About You
- 3+ years in security operations, incident response, threat monitoring, SOC analysis, detection triage, cloud security operations, or related roles.
- Experience investigating alerts from endpoint, identity, SaaS, cloud, email, network, or application telemetry.
- Understanding of common attacker techniques such as phishing, credential theft, suspicious login behavior, malware execution, command and control, privilege misuse, data exfiltration, and cloud misconfiguration.
- Ability to write clear investigation notes, timelines, case summaries, and escalation handoffs.
- Familiarity with incident response basics: severity, containment, eradication, recovery, evidence handling, and post-incident review.
- Familiarity with query languages, logs, dashboards, case management systems, or security analytics tools.
- Strong judgment on when to keep investigating, when to escalate, and when to ask for help.
- Ability to work calmly during high-pressure security events.
- Experience in a high-growth technology, cloud, infrastructure, AI, regulated, or customer-trust-sensitive environment is a plus.
- Experience improving runbooks, automating repetitive tasks, reducing alert noise, threat hunting, MITRE ATT&CK, detection logic, or incident readiness exercises is a plus.
What we can offer you
- Hightly competitive US compensation package (base + bonus + equity), with performance reviews every 12 months.
- Join one of the fastest-growing AI infrastructure companies — your chance to directly shape how global AI capacity is planned and deployed.
- Expect a dynamic progression plan tailored to your ambitions. Grow by leading critical cross-functional initiatives and shaping capital strategy — always with our full support.
- Human-First Flexibility: We treat you as humans first.
Equal Opportunities Statement
We strongly encourage applications from people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from lower socio-economic backgrounds.
Apply for this job
* indicates a required field