NinjaOne Careers

Description

• Monitor security alerts and events across SIEM, EDR, cloud, email, and identity platforms 
• Perform initial triage to assess alert severity, scope, and potential impact
• Differentiate true positives from false positives using playbooks and investigative techniques
• Escalate confirmed or high-risk incidents to Tier 2/DFIR teams with clear, structured documentation
• Collect and preserve artifacts (logs, indicators, timelines) to support investigations
  Follow established runbooks, escalation paths, and SLAs 
• Maintain accurate case notes and ticket updates in the case management system
  Identify recurring alert patterns and contribute to detection tuning and process improvements 
• Maintain awareness of common threat vectors, including phishing, malware, credential abuse, and cloud misconfigurations 
• Participate in shift handoffs to ensure continuity of investigations 
• Other duties as needed

• Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent practical experience)
• 1–3 years of experience in a SOC, NOC, IT security, or related technical role
• Basic understanding of security monitoring and alert triage
• Foundational knowledge of networking (TCP/IP, DNS, HTTP/S)
• Familiarity with Windows and/or macOS operating systems
• Understanding of common attack techniques (phishing, brute force, malware)
• Experience with one or more of the following:
• SIEM platforms (e.g., Splunk, Sentinel, QRadar)
• EDR/XDR tools
• Cloud platforms (AWS, Azure, or GCP)
• Strong written English skills for documentation and escalation
• Ability to work effectively in a remote, distributed team environment
• Willingness to work scheduled shifts aligned with U.S. business hours (including occasional weekends or on-call)