SOC Analyst - Remote

Overview

The Tier 1 Security Operations Center (SOC) Analyst plays a critical role within NinjaOne’s Information Security organization, supporting the detection and response to security threats across the company. This is a hands-on, operations-focused position responsible for monitoring, triaging, and escalating security alerts across cloud, endpoint, identity, and SaaS environments. You will work closely with senior analysts and incident responders to investigate alerts, document findings, and support ongoing security operations. This role is ideal for early-career security professionals looking to build practical experience in a modern, cloud-centric SOC while developing strong analytical and investigative skills.

In Short

• Monitor security alerts and events across SIEM, EDR, cloud, email, and identity platforms.
• Perform initial triage to assess alert severity, scope, and potential impact.
• Differentiates true positives from false positives using playbooks and investigative techniques.
• Escalate confirmed or high-risk incidents to Tier 2/DFIR teams with clear, structured documentation.
• Collect and preserve artifacts (logs, indicators, timelines) to support investigations.
• Maintain accurate case notes and ticket updates in the case management system.
• Identify recurring alert patterns and contribute to detection tuning and process improvements.
• Maintain awareness of common threat vectors, including phishing, malware, credential abuse, and cloud misconfigurations.
• Participate in shift handoffs to ensure continuity of investigations.
• Other duties as needed.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent practical experience).
• 1–3 years of experience in a SOC, NOC, IT security, or related technical role.
• Basic understanding of security monitoring and alert triage.
• Foundational knowledge of networking (TCP/IP, DNS, HTTP/S).
• Familiarity with Windows and/or macOS operating systems.
• Understanding of common attack techniques (phishing, brute force, malware).
• Experience with one or more of the following: SIEM platforms (e.g., Splunk, Sentinel, QRadar), EDR/XDR tools, Cloud platforms (AWS, Azure, or GCP).
• Strong written English skills for documentation and escalation.
• Ability to work effectively in a remote, distributed team environment.
• Willingness to work scheduled shifts aligned with U.S. business hours (including occasional weekends or on-call).

Benefits

• Flexible working hours with home office options.
• Opportunities for personal growth and development.
• Access to a renowned training platform.
• Competitive compensation.
• Collaboration with an amazing international workforce.