Lead Analyst – Cyber Incident Response

Posted Yesterday
Be an Early Applicant
St. Petersburg, FL, USA
In-Office
Senior level
Financial Services
The Role
Lead incident response and threat hunting efforts, design and implement SOAR and AI/ML-enabled automation and playbooks, perform forensic analysis and malware investigation, mentor analysts, integrate APIs and orchestration across security tools, and operationalize data-driven detection, enrichment, and response workflows to improve detection and remediation.
Summary Generated by Built In

Job Description Summary

Job Description

The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation-states to criminals. In response, the Raymond James Cyber Threat Center (CTC) is charged with ensuring all equities are secure against all tiers of adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. You'll be working with emerging technologies to solve challenging security problems in a fast-paced and continually evolving environment while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm.

The Lead Analyst – Cyber Incident Response, is a key member of the Cyber Threat Center (CTC) who serves as both a lead incident response leader and a technical engineering lead responsible for driving intelligent automation and AI-enabled cybersecurity operations. The position combines deep expertise in cyber incident response, threat hunting, malware analysis, and forensic investigations with advanced engineering capabilities in SOAR automation, AI/ML integration, orchestration platforms, and security workflow development.

This role leads security operations initiatives, mentors analysts, develops advanced automation and AI-enabled response capabilities, and operationalizes intelligent security solutions that improve threat detection, triage, containment, and remediation across the enterprise. The position partners with incident response, threat detection, security engineering, and technology teams to design scalable workflows, streamline investigations, reduce manual effort, and improve response consistency.

Essential Duties and Responsibilities:

  • Serves as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents in a fast-paced environment.

  • Acts as an Incident Handler capable of managing severity 1 and severity 2 security incidents within the defined Computer Security Incident Response process.

  • Design, build, and maintain scalable automation solutions, including AI-enabled workflows to improve threat detection, triage, and incident response efficiency.

  • Develops new forensic detective and investigative capabilities using current and emerging technical solutions.

  • Shares in a weekly on-call rotation and acts as an escalation point for managed security services and Raymond James associates.

  • Leverage programming and data science techniques to develop, operationalize, and optimize machine learning models and data-driven security use cases.

  • Develop and implement advanced data correlation, enrichment, and processing strategies leveraging automation, data science, AI/ML, and LLM capabilities for threat hunting and incident response analysis.

  • Apply AI engineering principles within security operations to design, deploy, and maintain intelligent detection and response capabilities.

  • Design and execute automated and intelligent response actions to validate, contain, eradicate, and remediate security incidents.

  • Prototype, evaluate, and deploy emerging AI-driven technologies to enhance detection accuracy, reduce false positives, and accelerate response times.

  • Ensure Security Operations applications, automation pipelines, and incident ingestion processes remain healthy, resilient, and performant.

  • Drive continuous improvement by identifying gaps, recommending enhancements, and implementing innovative SOAR and AI-driven solutions.

  • Collaborate with incident response, threat intelligence, and threat hunting teams to strengthen detection and response capabilities.

Experience and Skills:

  • Bachelor’s degree in Computer Science, Computer Engineering, Management Information Systems, Cybersecurity, or a related field, and 5–8 years of relevant experience in Information Security, Cybersecurity Operations and Incident Response.

  • Minimum of 4 years of hands-on incident response experience, including triage, investigation, containment, eradication, recovery, and post-incident analysis.

  • Minimum of 2 years of programming or scripting experience using at least one modern language such as Python, JavaScript, PowerShell, or Rust, with a focus on automation, data enrichment, and security operations workflows.

  • Experience designing, developing, and maintaining automation workflows that support incident response, alert triage, threat enrichment, case management, and analyst productivity.

  • Experience with API development, integration, and orchestration across security tools, cloud platforms, ticketing systems, and enterprise data sources.

  • Familiarity with agentic AI workflows, AI-assisted security operations, or the application of GenAI/LLMs to automate investigation, summarization, enrichment, decision support, and response actions.

  • Experience with Security Orchestration, Automation, and Response platforms, case management tools, or similar technologies used to streamline incident response processes.

  • Strong understanding of incident response frameworks, common attack techniques, security telemetry, and investigation workflows, including endpoint, network, identity, cloud, and email-based incidents.

  • Experience working with SIEM, EDR, SOAR, threat intelligence, log management, and cloud security platforms.

  • Ability to translate complex incident response processes into repeatable, scalable automation requirements, playbooks, and technical solutions.

  • Strong analytical, troubleshooting, and problem-solving skills with the ability to work independently and lead efforts during high-priority security incidents.

  • Excellent written and verbal communication skills, including the ability to document technical findings, explain automation logic, and communicate incident details to technical and non-technical stakeholders.

  • Ability to mentor analysts, promote automation adoption, and identify opportunities to improve incident response speed, consistency, and quality.

Licenses/Certifications:

  • One or more of the following certifications preferred: CISSP, SANS GCIH (Incident Handler), SANS GCIA (Intrusion Analyst), SANS GCFE (Forensic Analyst), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH)

Competencies and Behaviors:

  • Analysis: Identifies, investigates, and interprets complex security issues, incidents, and operational challenges. Correlates data from multiple sources, including security tools, logs, threat intelligence, case records, and automation outputs, to draw sound conclusions and recommend effective response actions.

  • Communication: Clearly communicates technical information, incident details, automation logic, and recommendations to technical and non-technical audiences. Produces clear documentation, status updates, executive summaries, and post-incident findings that support timely understanding and decision-making.

  • Judgment and Decision Making: Applies sound judgment when evaluating incident severity, response options, automation outcomes, and operational risk. Makes or recommends timely decisions based on available facts, business impact, constraints, and probable consequences, while escalating appropriately when needed.

  • Technical and Professional Knowledge: Maintains strong knowledge of incident response, security operations, automation, scripting, AI-enabled workflows, and relevant security technologies. Stays current with emerging threats, tools, techniques, and industry practices, and applies that knowledge to improve response capabilities.

  • Building Effective Relationships: Builds trusted, collaborative relationships across Cybersecurity, Technology, business units, vendors, and leadership. Partners effectively with stakeholders to resolve incidents, improve workflows, implement automation, and support shared security objectives.

  • Automation Mindset: Identifies opportunities to improve speed, consistency, and quality through automation, orchestration, and repeatable playbooks. Balances automation with appropriate validation, oversight, and risk controls.

  • Leadership and Influence: Provides guidance to analysts, promotes best practices, and helps drive continuous improvement across incident response processes. Influences outcomes through expertise, collaboration, and clear recommendations, even without direct authority.

  • Adaptability: Responds effectively to changing priorities, emerging threats, and high-pressure incident situations. Adjusts approach as new information becomes available while maintaining focus on containment, recovery, risk reduction, and stakeholder communication.

Education

Bachelor’s

Work Experience

General Experience - 6 to 10 years

Certifications

Travel

Less than 25%

Workstyle

Hybrid

The total compensation for this position includes base salary or wages, and may include components such as additional compensation (cash or equity), discretionary bonuses, or commissions. This position is eligible for a benefits package that may include medical, dental, and vision; life insurance; critical illness insurance and accident insurance; disability benefits; retirement savings; paid time off (including vacation, holidays, and sick leave); and parental leave.  Eligibility for benefits and specific offerings may vary based on position and employment status. To view more details of the benefits offered, visit Myrjbenefits.com.



At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view. 
We expect our associates at all levels to:
•  Grow professionally and inspire others to do the same
•  Work with and through others to achieve desired outcomes
•  Make prompt, pragmatic choices and act with the client in mind
•  Take ownership and hold themselves and others accountable for delivering results that matter
•  Contribute to the continuous evolution of the firm

At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates.  When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs. 

Skills Required

  • Bachelor's degree in Computer Science, Computer Engineering, MIS, Cybersecurity, or related field
  • 5-8 years relevant experience in Information Security, Cybersecurity Operations, and Incident Response
  • Minimum of 4 years hands-on incident response experience (triage, investigation, containment, eradication, recovery, post-incident analysis)
  • Minimum of 2 years programming or scripting experience using Python, JavaScript, PowerShell, or Rust for automation and data enrichment
  • Experience designing, developing, and maintaining automation workflows (SOAR/playbooks) for alert triage, enrichment, and case management
  • Experience with API development, integration, and orchestration across security tools, cloud platforms, and ticketing systems
  • Familiarity with agentic AI workflows, GenAI/LLMs, or AI-assisted security operations for investigation, summarization, enrichment, and decision support
  • Experience with SIEM, EDR, SOAR, threat intelligence platforms, log management, and cloud security platforms
  • Strong understanding of incident response frameworks and investigation workflows across endpoint, network, identity, cloud, and email
  • Ability to translate incident response processes into scalable automation requirements, playbooks, and technical solutions
  • Excellent written and verbal communication skills, including technical documentation and executive summaries
  • Ability to mentor analysts, lead during high-priority incidents, and promote automation adoption
  • Certifications such as CISSP, SANS GCIH, SANS GCIA, SANS GCFE, OSCP, or CEH
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Saint Petersburg, FL
14,491 Employees
Year Founded: 1962

What We Do

Founded in 1962 and a public company since 1983, Raymond James Financial, Inc. is a Florida-based diversified holding company providing financial services to individuals, corporations and municipalities through its subsidiary companies engaged primarily in investment and financial planning, in addition to capital markets and asset management. The firm's stock is traded on the New York Stock Exchange (RJF). Through its three broker/dealer subsidiaries, Raymond James Financial has approximately 8,400 financial advisors throughout the United States, Canada and overseas. Total client assets are $1.18 trillion (as of 9/30/2021). Raymond James has been recognized nationally for its community support and corporate philanthropy. The company has been ranked as one of the best in the country in customer service, as a great place to work and as a national leader in support of the arts.

Similar Jobs

MongoDB Logo MongoDB

Senior Data Analyst

Big Data • Cloud • Software • Database
Easy Apply
Remote or Hybrid
United States
5550 Employees
83K-162K Annually

CrowdStrike Logo CrowdStrike

Consultant

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Remote or Hybrid
2 Locations
10000 Employees
85K-120K Annually

CrowdStrike Logo CrowdStrike

Sr. Finance Transformation Manager (Remote)

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Remote or Hybrid
USA
10000 Employees
130K-200K Annually

Circle Logo Circle

Lead Product Designer

Blockchain • Fintech • Payments • Financial Services • Cryptocurrency • Web3
In-Office or Remote
25 Locations
1050 Employees
173K-225K Annually

Similar Companies Hiring

Granted Thumbnail
Mobile • Insurance • Healthtech • Financial Services • Artificial Intelligence
New York, New York
23 Employees
Hanover Park Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
42 Employees
Onshore Thumbnail
Artificial Intelligence • Fintech • Software • Financial Services
New York, New York
60 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account