Lead Analyst, Cyber Threat Incident Response

**Lead Analyst, Cyber Threat Incident Response**
- 2402979
- At Raymond James, _**_we _**_develop, _**_we _**_collaborate, _**_we _**_decide, _**_we _**_deliver, and _**_we _**_improve together_.

Raymond James Ltd. is Canada’s leading independent investment dealers offering high quality investment products and services to Canadians seeking customized solutions to their wealth management needs.

**Lead Analyst, Cyber Threat Incident Response**

**How does this role impact the organization?**

**What will this role be responsible for?**
- Serves as a primary member of the Cyber Threat Center (CTC) who handles security events and incidents on a daily basis in a fast-paced environment.
- Ensures continuity of mission between IR shifts
- Acts as an Incident Handler who can handle minor and major security incidents within the defined Computer Security Incident Response process.
- Role embodies Cyber Network Defense and a successful Cyber Threat Analyst will be able to quickly analyze threats, understand risk, deploy effective countermeasures, make business critical incident response decisions, and work as part of a team of individuals dedicated to protecting the firm.
- Maintains situational awareness for cyber threats across the global firm and take action where necessary.
- Daily responsibilities include, but are not limited to:

- Countermeasure deployment across various technologies.
- Malware and exploit analysis.
- Intrusion monitoring and response.
- Assessing alerts and notifications of event activity from intrusion detection systems and responding accordingly to the threat.
- Continuing content development of threat detection and prevention systems.
- Data analysis and threat research.
- Creation of IR playbooks, and leading IR automation initiatives.
- Coaching and mentorship of IR team peers.
- Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends.
- Assists teams in various security and privacy risk mitigation efforts; including incident response.
- Leads information security related projects or in managing strategy.
- Conduct forensic investigations for HR, Legal, or incident response related activities.
- Develop new forensic detective and investigative capabilities using current technical solutions.
- Shares in a weekly on-call rotation and acts as an escalation point for managed security services and associates of Raymond James.

**What can you expect from us?**

Our most important investment is in people. Upon eligibility, Raymond James Ltd offers **flexible workstyles,** a competitive compensation and benefits package. Our benefits range from Health Benefits, RRSP Matching Program, Employee Stock Purchase Plan, Paid Time Off, Volunteer Days, Discretionary Bonuses, Tuition Reimbursement and many more We also support internal promotion and community involvement.

**What do we expect from you?**
- B.S. in Computer Science, Computer Engineering, MIS, or related degree and a minimum of seven (7) years of related experience in Information Security or an equivalent combination of education, training and experience. Experience should include a minimum of five (5) years in conducting Cyber Network Defense, incident response methodologies, malware analysis, penetration testing, scripting and/or forensics.
- Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash.
- Two (2) or more of the following certifications or the ability to obtain within 1 year:

- CISSP: Certified Information Systems Security Professional
- GXPN - Exploit Researcher and Advanced Penetration Testing
- GCIH - Incident Handler
- GCIA - Intrusion Analyst
- GCFE - Forensic Examiner
- GCFA - GIAC Certified Forensic Analyst
- GNFA - Network Forensic Analyst
- GREM - Reverse Engineering Malware
- Knowledge of the following highly preferred:

- Intrusion response and incident management lifecycle and processes.
- Windows, Linux, memory forensics.
- Knowledge of vulnerabilities and a comfort in manipulating exploit code for analysis.
- Systems administration in Linux, Unix, Windows or OSX operating systems.
- Forensic and analytical techniques.
- Networking and the common network protocols.
- Demonstrated ability to perform static and dynamic malware analysis.
- Demonstrated ability to analyze large data sets and identify anomalies.
- Demonstrated ability to quickly create and deploy countermeasures under pressure.
- Familiarity with common infrastructure systems that can be used as enforcement points.
- Basic securities industry information including concepts fundamental to working in the financial/securities industry.

**Competencies**:

- Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.
- Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps t