Security Analyst (Security Operations)

NscaleHouston, NY
Hybrid

About The Position

We are hiring Security Analysts to run the daily security operations work that keeps Nscale protected. This is a hands-on analyst role, one level below Staff, working across alert triage, incident investigation, escalation, evidence collection, response coordination, vulnerability follow-up, and operational reporting. The role connects closely with Incident Response, Cyber Defence, Enterprise Security, IT, Platform Engineering, identity, endpoint, vulnerability management, network security, GRC, and platform teams. Security operations is where controls become real. This role helps ensure security events are investigated consistently, incidents are escalated quickly, and daily operational risks do not get lost in the noise. The right person will be curious, calm under pressure, technically practical, and comfortable working across endpoint, identity, SaaS, cloud, network, and production access signals.

Requirements

  • 3+ years in security operations, incident response, threat monitoring, SOC analysis, detection triage, cloud security operations, or related roles.
  • Experience investigating alerts from endpoint, identity, SaaS, cloud, email, network, or application telemetry.
  • Understanding of common attacker techniques such as phishing, credential theft, suspicious login behavior, malware execution, command and control, privilege misuse, data exfiltration, and cloud misconfiguration.
  • Ability to write clear investigation notes, timelines, case summaries, and escalation handoffs.
  • Familiarity with incident response basics: severity, containment, eradication, recovery, evidence handling, and post-incident review.
  • Comfort using query languages, logs, dashboards, case management systems, or security analytics tools.
  • Strong judgment on when to keep investigating, when to escalate, and when to ask for help.
  • Ability to work calmly during high-pressure security events.

Nice To Haves

  • Experience in a high-growth technology, cloud, infrastructure, AI, regulated, or customer-trust-sensitive environment is a plus.
  • Experience improving runbooks, automating repetitive tasks, reducing alert noise, threat hunting, MITRE ATT&CK, detection logic, or incident readiness exercises is a plus.

Responsibilities

  • Triage daily security alerts across endpoint, identity, SaaS, cloud, network, email, and infrastructure telemetry.
  • Investigate suspicious activity, including user behavior, device activity, login events, access changes, exposed assets, and potential data leakage.
  • Separate signal from noise and make clear judgments on when to keep investigating, when to escalate, and when to ask for help.
  • Escalate confirmed or high-risk events to Incident Response, Cyber Defence, Enterprise Security, IT, Platform Engineering, or other owners.
  • Execute documented response actions such as host isolation requests, account review, access disablement recommendations, malicious domain blocking requests, evidence capture, and case routing.
  • Build incident timelines, collect evidence, and write clear handoff notes.
  • Support post-incident reviews, including missed opportunities in prevention, detection, response, and remediation.
  • Produce daily and weekly operational reporting covering alert volumes, true positives, escalations, open cases, recurring issues, and response SLAs.
  • Improve runbooks, investigation guides, alert tuning feedback, and automation opportunities.
  • Identify recurring false positives, missing context, or weak handoff points and propose fixes.
  • Follow up on vulnerabilities and exposures where daily operations identifies active risk, missing ownership, or overdue remediation.
  • Learn Nscale’s security operations workflows, escalation paths, severity model, key systems, and evidence standards.
  • Build fluency across the core telemetry sources used for endpoint, identity, SaaS, cloud, and infrastructure investigations.
  • Triage and document daily alerts with clear findings, confidence level, and recommended next action.
  • Improve at least three runbooks or investigation guides based on real operational friction.
  • Support at least one tabletop, incident review, or readiness exercise.
  • Contribute to a weekly security operations report that leadership can use to understand risk, workload, and operational quality.

Benefits

  • Highly competitive US compensation package (base + bonus + equity)
  • performance reviews every 12 months
  • dynamic progression plan tailored to your ambitions
  • flexible workplace
  • medical
  • dental
  • vision
  • flexible paid time off
  • parental leave
  • retirement plan participation
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service