Security Analyst (Security Operations)

NscaleSeattle, WA
$100,000 - $130,000

About The Position

Nscale is seeking Security Analysts to manage daily security operations and protect the company's infrastructure. This is a hands-on role, one level below Staff, involving alert triage, incident investigation, escalation, evidence collection, response coordination, vulnerability follow-up, and operational reporting. The role requires close collaboration with various teams including Incident Response, Cyber Defence, Enterprise Security, IT, Platform Engineering, identity, endpoint, vulnerability management, network security, GRC, and platform teams. Security operations is crucial for making security controls effective. This position ensures security events are investigated consistently, incidents are escalated promptly, and daily operational risks are managed effectively. The ideal candidate will be curious, calm under pressure, technically proficient, and comfortable analyzing signals from endpoint, identity, SaaS, cloud, network, and production access. Key responsibilities include triaging and investigating security alerts across various telemetry sources, separating signal from noise, and making clear judgments on investigation paths. The role involves escalating confirmed or high-risk events to appropriate teams and executing documented response actions. Building incident timelines, collecting evidence, and writing clear handoff notes are also part of the duties. The analyst will support post-incident reviews to identify areas for improvement in prevention, detection, response, and remediation. Furthermore, the role entails producing daily and weekly operational reports on alert volumes, true positives, escalations, and response SLAs. Continuous improvement is a key aspect, including enhancing runbooks, investigation guides, alert tuning feedback, and identifying automation opportunities. The analyst will also follow up on vulnerabilities and exposures identified during daily operations.

Requirements

  • 3+ years in security operations, incident response, threat monitoring, SOC analysis, detection triage, cloud security operations, or related roles.
  • Experience investigating alerts from endpoint, identity, SaaS, cloud, email, network, or application telemetry.
  • Understanding of common attacker techniques such as phishing, credential theft, suspicious login behavior, malware execution, command and control, privilege misuse, data exfiltration, and cloud misconfiguration.
  • Ability to write clear investigation notes, timelines, case summaries, and escalation handoffs.
  • Familiarity with incident response basics: severity, containment, eradication, recovery, evidence handling, and post-incident review.
  • Comfort using query languages, logs, dashboards, case management systems, or security analytics tools.
  • Strong judgment on when to keep investigating, when to escalate, and when to ask for help.
  • Ability to work calmly during high-pressure security events.

Nice To Haves

  • Experience in a high-growth technology, cloud, infrastructure, AI, regulated, or customer-trust-sensitive environment is a plus.
  • Experience improving runbooks, automating repetitive tasks, reducing alert noise, threat hunting, MITRE ATT&CK, detection logic, or incident readiness exercises is a plus.

Responsibilities

  • Triage daily security alerts across endpoint, identity, SaaS, cloud, network, email, and infrastructure telemetry.
  • Investigate suspicious activity, including user behavior, device activity, login events, access changes, exposed assets, and potential data leakage.
  • Separate signal from noise and make clear judgments on when to keep investigating, when to escalate, and when to ask for help.
  • Escalate confirmed or high-risk events to Incident Response, Cyber Defence, Enterprise Security, IT, Platform Engineering, or other owners.
  • Execute documented response actions such as host isolation requests, account review, access disablement recommendations, malicious domain blocking requests, evidence capture, and case routing.
  • Build incident timelines, collect evidence, and write clear handoff notes.
  • Support post-incident reviews, including missed opportunities in prevention, detection, response, and remediation.
  • Produce daily and weekly operational reporting covering alert volumes, true positives, escalations, open cases, recurring issues, and response SLAs.
  • Improve runbooks, investigation guides, alert tuning feedback, and automation opportunities.
  • Identify recurring false positives, missing context, or weak handoff points and propose fixes.
  • Follow up on vulnerabilities and exposures where daily operations identifies active risk, missing ownership, or overdue remediation.

Benefits

  • Highly competitive US compensation package (base + bonus + equity)
  • Performance reviews every 12 months
  • Flexible paid time off
  • Parental leave
  • Retirement plan participation
  • Medical
  • Dental
  • Vision
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service