Cyber Threat Incident Response Analyst III

Job Description

This position follows our hybrid-friendly schedule, so you get the best of both worlds – flexibility and collaboration. In office days will be 2-3 per week averaging 10-12 days per month.

Job Summary:
The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation-states to criminals. In response, the Raymond James Cyber Threat Center (CTC) is charged with ensuring all equities are secure against all tiers of adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. You’ll be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm.

Responsibilities:

• Directs CTC Incident response analysts while contributing to the fulfillment of both the CTC’s mission and leadership’s vision.

• Ensures continuity of mission between IR shifts

• Serves as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents on a daily basis in a fast-paced environment.

• Acts as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process.

• Role embodies Cyber Network Defense and a successful Cyber Threat Analyst will be able to quickly analyze threats, understand risk, deploy effective countermeasures, make business critical incident response decisions, and work as part of a team of individuals dedicated to protecting the firm. 

• Maintains situational awareness for cyber threats across the global firm and take action where necessary. 

• Daily responsibilities include, but are not limited to: Countermeasure deployment across various technologies, Malware and exploit analysis, Intrusion monitoring and response, Assessing alerts and notifications of event activity from intrusion detection systems and responding accordingly to the threat, Continuing content development of threat detection and prevention systems, Data analysis and threat research.

• Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends.

• Assists teams in various security and privacy risk mitigation efforts; including incident response. 

• Conduct forensic investigations for HR, Legal, or incident response-related activities.

• Develop new forensic detective and investigative capabilities using current technical solutions.

• Work with various business units and technical disciplines in a security consultant role for cyber threats.

• Shares in a weekly on-call rotation and acts as an escalation point for managed security services and associates of Raymond James.

• Implement and contribute to design of disaster recovery and contingency plans to protect company data.

• Explore and develop a detailed understanding of external developments or emerging issues and contribute to the evaluation of their potential impact on, or usefulness to, the organization.

• Provide fault isolation and resolution for complex challenges to limit and address issues promptly.

• Help develop procedures for an area of the organization and monitor their implementation.

• Develop own capabilities by participating in assessment and development planning activities as well as formal and informal training and coaching; gain or maintain external professional accreditation, where relevant, to improve performance and fulfill personal potential. Maintain an in-depth understanding of technology, external regulation, and industry best practices through ongoing education, attending conferences, and reading specialist media.

• Manage and integrate emergency response procedures within a location.

Skills:

• Knowledge of intrusion response and incident management lifecycle and processes.

•  Knowledge of Windows, Linux, memory forensics.

•  Knowledge of Log analysis (endpoint, network, email, cloud).

•  Knowledge of vulnerabilities and comfort in manipulating exploit code for analysis.

•  Knowledge of forensic and analytical techniques.

•  Knowledge of networking and the common network protocols.

•  Demonstrated ability to perform static and dynamic malware analysis.

•  Demonstrated ability to analyze large data sets and identify anomalies.

•  Demonstrated ability to quickly create and deploy countermeasures under pressure.

•  Familiarity with common infrastructure systems that can be used as enforcement points.

•  Basic securities industry information including concepts fundamental to working in the financial/securities industry. Works without supervision and provides technical guidance when required on analyzing data trends for use in reports to help guide decision making.

• Systems administrator experience in Linux, Unix, Windows or OSX operating systems.

• Knowledge of networking and the common network protocols.

• Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash.

• Works without supervision and provides technical guidance when required on developing appropriate plans or performing necessary actions based on recommendations and requirements.

• Works without supervision and provides technical guidance when required on planning, organizing, prioritizing and overseeing activities to efficiently meet business objectives.

• Works without supervision and provides technical guidance when required on analyzing data from multiple sources to draw appropriate conclusions and make suitable recommendations.

• Works without supervision and provides technical guidance when required on maintaining the security, integrity, compliance and continuity of IT systems and services.

• Works with full competence to employ a systematic process for solving technical issues by identifying the problem and selecting an appropriate solution. Typically works without supervision and may provide technical guidance.

Licenses/Certifications:

One or more of the following certifications or the ability to obtain within 1 year:

•  CISSP: Certified Information Systems Security Professional

•  GXPN – Exploit Researcher and Advanced Penetration Testing

•  GCIH – Incident Handler

•  GCIA – Intrusion Analyst

•  GCFE – Forensic Examiner

•  GCFA – Forensic Analyst

•  GNFA – Network Forensic Analyst

•  GREM – Reverse Engineering Malware

Education

Bachelor’s: Computer and Information Science, Bachelor’s: Information Technology

Work Experience

General Experience - 3 to 6 years

Certifications

Travel

Workstyle

Hybrid

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm’s core values of client-first, integrity, independence and a conservative, long-term view. 

We expect our associates at all levels to:
•  Grow professionally and inspire others to do the same
•  Work with and through others to achieve desired outcomes
•  Make prompt, pragmatic choices and act with the client in mind
•  Take ownership and hold themselves and others accountable for delivering results that matter
•  Contribute to the continuous evolution of the firm

At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates.  When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs.