NinjaOne Careers

Description

• Full-time position 
• Onsite work model 
• Initially follow a Monday–Friday, 5-day work week, and will later transition to a shift schedule (Sunday–Wednesday or Wednesday–Saturday) from 7:00 AM to 6:00 PM. 

• Monitor security alerts, events, and logs from multiple sources (SIEM, IDS/IPS, EDR, cloud security tools, firewalls, etc.) for potential security threats or anomalous activity. 
• Perform first-level triage of security alerts, classify incidents based on severity and criticality, and escalate to engineers of relevant departments as needed. 
• Investigate suspicious activities, malware detections, phishing attempts, data loss alerts, or account compromise indicators. 
• Execute standard operating procedures (SOPs) for incident response, containment, and remediation at the L1 level. 
• Create, update, and track incident tickets to closure, ensuring timely communication with stakeholders and compliance with defined SLAs. 
• Collaborate with IT, engineering, and security teams to validate alerts, mitigate risks, and enforce security controls. 
• Conduct daily health checks of security monitoring systems and tools to ensure data is collected and processed accurately. 
• Assist with vulnerability triage by reviewing scan results and escalating to appropriate teams for remediation. 
• Generate and deliver reports on security incidents, trends, and SOC metrics for management review. 
• Stay current with emerging cybersecurity threats, tactics, techniques, and procedures (TTPs) through ongoing research and training. 
• Contribute to improving SOC workflows, runbooks, and detection use cases for greater operational efficiency. 
• Support awareness efforts by documenting and sharing lessons learned from incidents. 

• Diploma or Degree in Computer Science, Cybersecurity, or a related field. 
• Minimum 2 years of experience in IT support, SOC, or related security operations environment. 
• Familiarity with SIEM platforms (e.g., Splunk, Sentinel, Chronicle, etc) and security monitoring tools (e.g., EDR, IDS/IPS, DLP, CASB, CNAPP, CSPM, etc). 
• Basic understanding of networking concepts, firewalls, cloud infrastructure (AWS/GCP), and endpoint security. 
• Strong problem-solving, analytical, and investigative skills. 
• Ability to differentiate between false positives and true security incidents. 
• Knowledge of common attack vectors, MITRE ATT&CK framework, and incident response best practices. 
• Strong sense of accountability and urgency in responding to security threats. 
• Ability to work on rotational shifts and flexible hours, including nights and weekends. 
• Clear communicator, confident, self-sufficient, and disciplined in following processes. 
• Knowledge of scripting or automation (Python, PowerShell, etc.) is a plus. 
• Security certifications such as CompTIA Security+, CySA+, CC, or equivalent are advantageous. 
• Open and candid in discussing security incidents, potential improvements, and solutions. 
• A passion for cybersecurity, continuous learning, and adopting SOC/SIEM best practices.  

• We are a collaborative, kind, and curious community 
• We prioritise your work/life balance offering a hybrid work environment and free in-office lunches throughout the week 
• We reward your work with opportunity for growth and advancement 
• Grow personally and together with one of the fastest growing companies globally 
• Develop your skills through our renowned training platform 
• Receive competitive compensation  
• Collaborate with an amazing international workforce