Position Overview:

The Principal Security Operations Analyst plays a pivotal role in Diligent’s high-impact Security Operations team, dedicated to protecting our people, sites, and assets across the globe.

Our mission is clear — to safeguard the confidentiality, integrity, and availability of customer, employee, and business information. As part of Diligent’s first line of defense, Security Operations stands at the forefront, preventing, detecting, and responding to cyber threats that challenge our systems and data every day.

In this role, you’ll be a driving force behind the evolution of Diligent’s threat detection and response capabilities. You’ll lead complex investigations, shape our incident response strategy, and drive proactive initiatives like threat hunting, behavioral analytics, and continuous monitoring across our global technology landscape. This is your opportunity to make a measurable impact — strengthening Diligent’s security posture and helping us stay one step ahead of the threat landscape.

Key Responsibilities

• Independently drive end-to-end investigation and incident response for complex incidents (including collaboration, documentation, collaboration, and driving next steps and lessons learned).
• Oversee and advise investigation and incident response led by other team members.
• Lead engagement with Managed Detection and Response providers to monitor for and investigate security alerts for threats to the confidentiality and integrity of key systems and data.
• Utilize threat intelligence sources to enhance detection capabilities and conduct proactive threat hunting.
• Lead initiatives to evaluate current and prospective security tools to enhance the Diligent's overall security readiness.
• Collaborate effectively with cross-functional teams and stakeholders across the globe.
• Lead complex, enterprise-wide initiatives to design and implement security measures to enhance Diligent’s security posture.
• Set technical direction for the team and serve as our highest point of technical escalation.
• Mentor staff, lead team and cross-functional interviews, and provide meaningful feedback.
• Contribute directly to establishing and implementing strategy for the threat detection and response programs.
• Consistently influence guidelines and operating practices of the team​.

Required Experience/Skills

• 12+ years of information security experience or the equivalent combination of education, technical training, or work experience.
• 5+ years leading complex security investigations and commanding security incidents, especially as part of a dedicated Incident Response team.
• Strong interpersonal skills with the ability to easily and effectively interact with and support both technical and non-technical staff, at all levels, in both written and verbal forms.
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• Thrives in complex situations requiring one to react quickly, decisively, and deliberately.
• Significant expertise in key security operations and cloud security technologies including EDR, SIEM, CNAPP, and vulnerability scanners.
• Mastery in log analysis and threat hunting.
• Track record of designing and leading complex, cross-functional initiatives and helping others work on the components thereof​.
• Writing scripts to automate processes or gather data using tools such as PowerShell, Bash, Python, SQL, etc.
• Working with regulatory compliance and information security management frameworks (e.g., ISO 27000, COBIT, NIST 800-53, MITRE ATT&CK, etc.).
• Demonstrated expertise in the following areas:
• Threat activity, including actors, motivations, TTPs, intelligence sources, etc.
• Networking concepts and protocols such as TCP/IP, DNS, VPN, firewalls, IDS/IPS, etc.
• Identification, authentication, and authorization concepts and protocols such as Active Directory, IDPs, OIDC, OAuth, RBAC, SAML, MFA, etc.
• Public cloud resources and concepts such as virtual machines, containers, images, serverless functions, roles, policies, APIs, etc.
• Prior experience with the following:
  • Working in an application security, cloud security, or security operations center role.
  • Building, tuning, and maintaining detections for a SIEM or alerting system.
  • Writing technical runbooks for alert investigation and incident response.

Preferred Experience/Skills

• Prior experience handling security incidents involving public cloud resources (especially AWS) and custom-developed software solutions or products.
• Advanced security certification focusing on incident response or cloud security such as GCFA, GCFR, GCIH, GEIR, CCSP, AWS Certified Security – Specialty, etc.