Many industries find themselves constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, the Cyber Threat Center (CTC) with ensuring all equities are secure against all tiers of cyber adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm.
Daily responsibilities include, but are not limited to:
- Role is highly focused on finding the unknown using a keen sense of awareness, deep understanding of system operations, networks, and adversaries’ techniques. You are highly motivated to search for the “needle in the haystack.”
- Baseline, analyze, and then baseline dynamic systems again – at scale and across varied technologies.
- Write detection analytics in various scripting languages to alert on anomalous and high-fidelity malicious events.
- Applies business knowledge and acute critical thinking to understand the usage of applications and systems when investigating anomalies.
- Serves as a primary member of the CTC who can be an escalation point of contact for incident handlers in a fast-paced environment.
- Writes clear and in-depth technical documentation on threat hunting activities during threat hunting operations.
- May act as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process
- Mentors CTC analysts while contributing to the fulfillment of both the CTC’s mission and leadership’s vision
- Maintains situational awareness for cyber threats across the global firm and act where necessary
Experience and Skills:
- Signature creation and content development across various technologies and languages.
- In depth malware and exploit analysis.
- Organize threat actor techniques, tactics, and procedures against Cyber Threat Center detection capabilities
- Intrusion monitoring and response
- Data analysis and threat research
- Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends
- Assists teams in various security and privacy risk mitigation efforts; including incident response
- Leads or participates in information security related projects or in managing strategy
- Conduct forensic investigations for HR, Legal, or incident response related activities
- Develop new forensic detective and investigative capabilities using current technical solutions
- Work with various business units and technical disciplines in a security consultant role for cyber threats
- Shares in a weekly on-call rotation and acts as an escalation point for managed security services and associates of Raymond James
One or more of the following certifications or the ability to obtain within 1 year:
- B.S. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of three (3) years of related experience in Information Security or an equivalent combination of education, training and experience.
- Experience should include a minimum of two (2) years in conducting Cyber Network Defense and a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics.
- Preferred experience includes a minimum of four (4) years in conducting Cyber Network Defense, a minimum of three (3) years of experience with incident response methodologies, malware analysis, penetration testing, scripting and/or forensics and four (4) years of experience with in-depth forensic and intrusion analysis
- Proficient with adversary techniques, tactics and procedures and can effectively map a TTP to the MITRE attack framework.
- Systems administrator experience in Linux, Unix, Windows or OSX operating systems
- Knowledge of networking and the common network protocols
- Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash
Knowledge of the following highly preferred:
- OSCP – Offensive Security Certified Professional
- OSCE – Offensive Security Certified Expert
- GXPN – Exploit Researcher and Advanced Penetration Testing
- GREM – GIAC Reverse Engineering Malware
- GCFA – GIAC Certified Forensic Analyst
- CCNP – Cisco Certified Network Professional
- Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis
- Operating systems, such as Windows, Linux, or OSX
- Forensic and analytical techniques
- Networking and the common network protocols
- Demonstrated ability to create complex scripts, develop tools, or automate processes
- Demonstrated ability to perform static and dynamic malware analysis
- Demonstrated ability to analyze large data sets and identify anomalies
- Demonstrated ability to quickly create and deploy countermeasures under pressure
- Familiarity with common infrastructure systems that can be used as enforcement points
- Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
- Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.
- Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences.
- Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise.