Jobs · Information Technology · Florida

Lead Analyst – Cyber Incident Response

Raymond James · St. Petersburg, FL · 1 wk ago
Information TechnologyFull-time

About the role

The Raymond James Cyber Threat Center (CTC) is seeking a Lead Analyst – Cyber Incident Response to join our dynamic team. This role combines deep expertise in cyber incident response, threat hunting, malware analysis, and forensic investigations with advanced engineering capabilities in SOAR automation, AI/ML integration, orchestration platforms, and security workflow development.

Responsibilities

  • Serves as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents in a fast-paced environment.
  • Acts as an Incident Handler capable of managing severity 1 and severity 2 security incidents within the defined Computer Security Incident Response process.
  • Designs, builds, and maintains scalable automation solutions, including AI-enabled workflows to improve threat detection, triage, and incident response efficiency.
  • Develops new forensic detective and investigative capabilities using current and emerging technical solutions.
  • Leverages programming and data science techniques to develop, operationalize, and optimize machine learning models and data-driven security use cases.
  • Operationalizes intelligent security solutions that improve threat detection, triage, containment, and remediation across the enterprise.
  • Collaborates with incident response, threat intelligence, and threat hunting teams to strengthen detection and response capabilities.

Requirements

  • Bachelor’s degree in Computer Science, Computer Engineering, Management Information Systems, Cybersecurity, or a related field, and 5–8 years of relevant experience in Information Security, Cybersecurity Operations and Incident Response.
  • Minimum of 4 years of hands-on incident response experience, including triage, investigation, containment, eradication, recovery, and post-incident analysis.
  • Minimum of 2 years of programming or scripting experience using at least one modern language such as Python, JavaScript, PowerShell, or Rust, with a focus on automation, data enrichment, and security operations workflows.
  • Experience designing, developing, and maintaining automation workflows that support incident response, alert triage, threat enrichment, case management, and analyst productivity.
  • Familiarity with Security Orchestration, Automation, and Response platforms, case management tools, or similar technologies used to streamline incident response processes.
  • Strong understanding of incident response frameworks, common attack techniques, security telemetry, and investigation workflows, including endpoint, network, identity, cloud, and email-based incidents.
  • Ability to translate complex incident response processes into repeatable, scalable automation requirements, playbooks, and technical solutions.
  • Excellent written and verbal communication skills, including the ability to document technical findings, explain automation logic, and communicate incident details to technical and non-technical stakeholders.
  • Ability to mentor analysts, promote automation adoption, and identify opportunities to improve incident response speed, consistency, and quality.

Skills

  • One or more of the following certifications preferred: CISSP, SANS GCIH (Incident Handler), SANS GCIA (Intrusion Analyst), SANS GCFE (Forensic Analyst), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH).
  • Analysis: Identifies, investigates, and interprets complex security issues, incidents, and operational challenges. Correlates data from multiple sources, including security tools, logs, threat intelligence, case records, and automation outputs, to draw sound conclusions and recommend effective response actions.
  • Communication: Clearly communicates technical information, incident details, automation logic, and recommendations to technical and non-technical audiences. Produces clear documentation, status updates, executive summaries, and post-incident findings that support timely understanding and decision-making.
  • Judgment and Decision Making: Applies sound judgment when evaluating incident severity, response options, automation outcomes, and operational risk. Makes or recommends timely decisions based on available facts, business impact, constraints, and probable consequences, while escalating appropriately when needed.
  • Technical and Professional Knowledge: Maintains strong knowledge of incident response, security operations, automation, scripting, AI-enabled workflows, and relevant security technologies. Stays current with emerging threats, tools, techniques, and industry practices, and applies that knowledge to improve response capabilities.
  • Building Effective Relationships: Builds trusted, collaborative relationships across Cybersecurity, Technology, business units, vendors, and leadership. Partners effectively with stakeholders to resolve incidents, improve workflows, implement automation, and support shared security objectives.
  • Automation Mindset: Identifies opportunities to improve speed, consistency, and quality through automation, orchestration, and repeatable playbooks. Balances automation with appropriate validation, oversight, and risk controls.
  • Leadership and Influence: Provides guidance to analysts, promotes best practices, and helps drive continuous improvement across incident response processes. Influences outcomes through expertise, collaboration, and clear recommendations, even without direct authority.
  • Adaptability: Responds effectively to changing priorities, emerging threats, and high-pressure incident situations. Adjusts approach as new information becomes available while maintaining focus on containment, recovery, risk reduction, and stakeholder communication.

Benefits

The total compensation for this position includes base salary or wages, and may include components such as additional compensation (cash or equity), discretionary bonuses, or commissions. This position is eligible for a benefits package that may include medical, dental, and vision; life insurance; critical illness insurance and accident insurance; disability benefits; retirement savings; paid time off (including vacation, holidays, and sick leave); and parental leave. Eligibility for benefits and specific offerings may vary based on position and employment status. To view more details of the benefits offered, visit Myrjbenefits.com.

Pay

The Raymond James Cyber Threat Center offers competitive compensation and benefits packages tailored to individual performance and qualifications.

Schedule

The Lead Analyst – Cyber Incident Response works a hybrid schedule, balancing remote and in-office workdays as determined by company policy and business needs.

Similar jobs