Principal Information Security Analyst

High-Level Overview

Benevity is looking for a Principal Information Security Analyst to join our combined Security and Fraud Operations team. In this senior-level role, you will provide technical leadership and operational oversight across a team of analysts responsible for threat detection, alert triage, incident response, and vulnerability management. You will also play a collaborative role in supporting fraud operations alongside our Senior Fraud Analyst.
This role is ideal for someone with deep hands-on experience in security operations who thrives in leading investigations, refining processes, developing talent, and driving measurable improvements in operational maturity. You will serve as both a senior escalation point and a coach, helping elevate the team’s ability to respond to security and fraud-related threats in a cloud-native environment.

What you'll do:

• Lead daily Security Operations workflows, including triage, escalation, and resolution of alerts from core security tooling such as EDR, WAF, CSPM, and cloud-native platforms
• Drive and oversee the triage, investigation, and resolution of alerts generated across all security tooling, not just those escalated by the MDR provider
• Act as the technical lead and escalation point for Managed Detection and Response (MDR) activities, ensuring timely review and validation of escalated alerts
• Develop and continuously refine incident response processes, detection logic, and triage playbooks to improve clarity and effectiveness
• Oversee the vulnerability management lifecycle, ensuring timely identification, prioritization, remediation tracking, and stakeholder coordination
• Collaborate with GRC, Product Security, DevOps, and Infrastructure teams to improve detection coverage, alert fidelity, and log quality
• Serve as a subject matter expert in cloud-native security operations with strong understanding of containerized and API-driven environments
• Provide oversight and coordination with the Senior Fraud Analyst, including reviewing trends, supporting cross-functional investigations, and aligning response efforts where fraud and cyber threats intersect
• Support the development, tracking, and reporting of KPIs and metrics across both security and fraud operations to measure and improve team performance
• Conduct post-incident reviews and root-cause analysis, driving preventive control enhancements
• Mentor junior and mid-level analysts, providing feedback, coaching, and opportunities for growth

What you'll bring:

• 7+ years of experience in information security or security operations, with at least 2 years in a team lead or senior analyst capacity
• Proven experience triaging and responding to alerts across a broad suite of tools including CSPM, WAF, EDR, and cloud-native logging platforms
• Familiarity with MDR service models and hands-on experience validating escalated alerts
• Exposure to fraud detection tooling or operational workflows, and the ability to provide oversight and collaborative support
• Demonstrated ability to work independently, while recognizing when to seek input or escalate appropriately
• Strong critical thinking and communication skills with the ability to analyze complex data, challenge assumptions, and drive resolution
• Experience developing or refining operational playbooks, triage guides, and incident workflows
• Deep understanding of cloud security best practices, threat detection, and modern attacker tactics, techniques, and procedures
• Familiarity with common security frameworks such as NIST CSF, CIS Controls, and ISO 27001
• A strong sense of ownership and accountability, with the ability to act as a self-starter who can lead initiatives from concept to completion
• Demonstrated ability to collaborate across technical and non-technical teams to drive effective outcomes
• Experience fostering a positive and inclusive team environment, with a focus on team building, talent development, and shared success
• A passion for teaching and mentoring others, helping team members grow their skills and confidence
• Preferred certifications include GCIH, GCFA, OSCP, CISSP, or CFE