Principal Information Security Analyst

Meet Benevity

Benevity is the way the world does good, providing companies (and their employees) with technology to take social action on the issues they care about. Through giving, volunteering, grantmaking, employee resource groups and micro-actions, we help most of the Fortune 100 brands build better cultures and use their power for good. We’re also one of the first B Corporations in Canada, meaning we’re as committed to purpose as we are to profits. We have people working all over the world, including Canada, Spain, Switzerland, the United Kingdom, the United States and more!

High Level Role Overview

Benevity is looking for a Principal Information Security Analyst to join our Security Operations team. In this senior-level role, you will provide technical leadership and operational oversight across a team of analysts responsible for threat detection, alert triage, incident response, and vulnerability management.

This role is ideal for someone with deep hands-on experience in security operations who is also energized by the opportunity to work alongside AI. We are actively integrating AI tools into our SecOps practice to accelerate triage, investigation, detection engineering, and analyst productivity, and this role will play a meaningful part in shaping how we do that. You should be comfortable navigating AI tools, building your own skills with them, identifying practical use cases, and partnering with the team to put them into production.

You will serve as both a senior escalation point and a coach, helping elevate the team's ability to respond to threats in a cloud-native environment while modernizing how the work gets done.

What you'll do:

• Lead daily Security Operations workflows, including triage, escalation, and resolution of alerts from core security tooling such as EDR, WAF, CSPM, SIEM, and cloud-native platforms

• Lead and coordinate security incident response across the full lifecycle, from detection and containment through eradication, recovery, and lessons learned, serving as incident commander for significant events

• Drive and oversee the triage, investigation, and resolution of alerts generated across all security tooling, not just those escalated by the MDR provider

• Act as the technical lead and escalation point for Managed Detection and Response (MDR) activities, ensuring timely review and validation of escalated alerts

• Identify, evaluate, and operationalize AI-assisted approaches to SecOps work, including AI-augmented triage, investigation, summarization, detection engineering, and reporting

• Build your own fluency with AI tooling and help the broader team develop the same skills, sharing patterns that work and being honest about ones that don't

• Apply a healthy degree of skepticism to AI outputs, validating findings and helping the team understand where AI assists the work and where human judgment still owns the decision

• Develop and continuously refine incident response processes, detection logic, and triage playbooks to improve clarity and effectiveness

• Oversee the vulnerability management lifecycle, ensuring timely identification, prioritization, remediation tracking, and stakeholder coordination

• Collaborate with GRC, Product Security, DevOps, and Infrastructure teams to improve detection coverage, alert fidelity, and log quality

• Partner with our Senior Fraud Analyst on cross-functional investigations where fraud and cyber threats intersect, contributing SecOps expertise without owning the fraud function day-to-day

• Serve as a subject matter expert in cloud-native security operations with strong understanding of containerized and API-driven environments

• Support the development, tracking, and reporting of KPIs and metrics to measure and improve team performance

• Conduct post-incident reviews and root-cause analysis, driving preventive control enhancements

• Mentor junior and mid-level analysts, providing feedback, coaching, and opportunities for growth

What you'll bring:

• 7+ years of experience in information security or security operations, with at least 2 years in a team lead or senior analyst capacity

• Proven experience triaging and responding to alerts across a broad suite of tools including CSPM, WAF, EDR, SIEM, and cloud-native logging platforms

• Familiarity with MDR service models and hands-on experience validating escalated alerts

• Hands-on experience leading security incident response, including acting as incident commander, coordinating cross-functional responders, managing communications, and producing post-incident artifacts

• Practical experience using AI tools in a security or technical context, with a clear point of view on where they add value, where they fall short, and how to get them production-ready

• Curiosity and willingness to keep building AI skills as the tooling evolves, and an interest in helping teammates do the same

• Awareness of the security considerations that come with using AI tools in a SecOps environment (data handling, prompt hygiene, output validation)

• Demonstrated ability to work independently, while recognizing when to seek input or escalate appropriately

• Strong critical thinking and communication skills with the ability to analyze complex data, challenge assumptions, and drive resolution

• Experience developing or refining operational playbooks, triage guides, and incident workflows

• Deep understanding of cloud security best practices, threat detection, and modern attacker tactics, techniques, and procedures

• Familiarity with common security frameworks such as NIST CSF, CIS Controls, and ISO 27001

• A strong sense of ownership and accountability, with the ability to act as a self-starter who can lead initiatives from concept to completion

• Demonstrated ability to collaborate across technical and non-technical teams to drive effective outcomes

• Experience fostering a positive and inclusive team environment, with a focus on team building, talent development, and shared success

• A passion for teaching and mentoring others, helping team members grow their skills and confidence

• Preferred certifications include GCIH, GCFA, OSCP, or CISSP

Discover your purpose at work

We’re not employees, we’re Benevity-ites. From all locations, backgrounds and walks of life, who deserve more …

Innovative work. Growth opportunities. Caring co-workers. And a chance to do work that fills us with a sense of purpose.

If the idea of working on tech that helps people do good in the world lights you up ... If you want a career where you’re valued for who you are and challenged to see who you can become …

It’s time to join Benevity. We’re so excited to meet you.

Where We Work

At Benevity, we embrace a flexible hybrid approach to where we work that empowers our people in a way that supports great work, strong relationships, and personal well-being. For those located near one of our offices, while there’s no set requirement for in-office time, we do value the moments when coming together in person helps us build connection and collaboration. Whether it’s for onboarding, project work, or a chance to align and bond as a team, we trust our people to make thoughtful decisions about when showing up in person matters most.

Join a company where DEIB isn’t a buzzword

Diversity, equity, inclusion and belonging are part of Benevity’s DNA. You’ll see the impact of our massive investment in DEIB daily — from our well-supported employee resources groups to the exceptional diversity on our leadership and tech teams.

We know that diverse backgrounds, experiences, skills and passions are what move our business and our people forward, so we're committed to creating a culture of belonging with equal opportunities for everyone to shine.

That starts with a fair and accessible hiring process. If you want to feel seen, heard and celebrated, you belong at Benevity.

Candidates with disabilities who may require accommodations throughout the hiring or assessment process are encouraged to reach out to [email protected].