This position will follow our hybrid work model, we expect the selected candidate to be in office 2-3 days a week at the St. Petersburg, FL or Denver, CO Corporate office location.Job Summary:The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, Raymond James trusts the Cyber Threat Center (CTC) with ensuring all equities are secure against all tiers of cyber adversaries. We are the central hub for Computer Network Operations and are on the front lines of vulnerability management, security incident response, threat hunting and intelligence. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization identifies and analyzes threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to protect the firm.Essential Duties and Responsibilities:• Role is focused on reducing the vulnerability attack surface by implementing technologies and processes to detect, report and analyze threats.• Develop and implement security posture strategy across multiple cloud platforms e.g. Microsoft Azure, Google Cloud Platform and Amazon Web Services.• Develop and implement container security scanning strategy to detect outdated operating systems, libraries and incorrectly configured containers.• Implement vulnerability detection capabilities within the continuous integration and continuous delivery (CI/CD) pipeline and software development lifecycle (SDLC).• Perform dynamic application security testing and provide clearly defined remediation guidance to application developers.• Perform infrastructure vulnerability and configuration security scans, identifying trends and conduct root cause analysis that provides technology owners the necessary information to resolve underlying issues.• Develop scripting and automation capabilities to streamline efforts.• Applies business knowledge and acute critical thinking to understand the attack surface and prioritization of efforts to reduce business impact.• Serves as a primary member of the CTC who can be a technical escalation point of contact for incident handlers, intelligence analysts and senior leadership in a fast-paced environment.• Mentors CTC associates while contributing to the fulfillment of both the CTC’s mission and leadership’s vision.• Maintains situational awareness for cyber threats across the global firm and act where necessary.• Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends.• Leads or participates in information security related projects or in managing strategy.• Work with various business units and technical disciplines in a security consultant role for vulnerability management.• Shares an on-call rotation and acts as an escalation point for Major cyber security incidents.• Daily responsibilities include, but are not limited to:o Detection and reporting of vulnerabilities across enterprise information systems.o Scripting and automation of tasks.o Participate in emergency response actions in response to threats and vulnerabilities.o Effectively collaborate within team and engage cross-departmentally.This position will follow our hybrid work model, we expect the selected candidate to be in office 2-3 days a week at the St. Petersburg, FL or Denver, CO Corporate office location.Job Summary:The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, Raymond James trusts the Cyber Threat Center (CTC) with ensuring all equities are secure against all tiers of cyber adversaries. We are the central hub for Computer Network Operations and are on the front lines of vulnerability management, security incident response, threat hunting and intelligence. You will be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization identifies and analyzes threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to protect the firm.Essential Duties and Responsibilities:• Role is focused on reducing the vulnerability attack surface by implementing technologies and processes to detect, report and analyze threats.• Develop and implement security posture strategy across multiple cloud platforms e.g. Microsoft Azure, Google Cloud Platform and Amazon Web Services.• Develop and implement container security scanning strategy to detect outdated operating systems, libraries and incorrectly configured containers.• Implement vulnerability detection capabilities within the continuous integration and continuous delivery (CI/CD) pipeline and software development lifecycle (SDLC).• Perform dynamic application security testing and provide clearly defined remediation guidance to application developers.• Perform infrastructure vulnerability and configuration security scans, identifying trends and conduct root cause analysis that provides technology owners the necessary information to resolve underlying issues.• Develop scripting and automation capabilities to streamline efforts.• Applies business knowledge and acute critical thinking to understand the attack surface and prioritization of efforts to reduce business impact.• Serves as a primary member of the CTC who can be a technical escalation point of contact for incident handlers, intelligence analysts and senior leadership in a fast-paced environment.• Mentors CTC associates while contributing to the fulfillment of both the CTC’s mission and leadership’s vision.• Maintains situational awareness for cyber threats across the global firm and act where necessary.• Maintains knowledge of security principles and best practices. Must remain current with emerging threats and trends.• Leads or participates in information security related projects or in managing strategy.• Work with various business units and technical disciplines in a security consultant role for vulnerability management.• Shares an on-call rotation and acts as an escalation point for Major cyber security incidents.• Daily responsibilities include, but are not limited to:o Detection and reporting of vulnerabilities across enterprise information systems.o Scripting and automation of tasks.o Participate in emergency response actions in response to threats and vulnerabilities.o Effectively collaborate within team and engage cross-departmentally.Knowledge, Skills, and Abilities:• Demonstrated ability to map web application vulnerability exploitation vectors commonly identified in the Open Worldwide Application Security Project (OWASP) Top 10.• Experience with cloud platforms (AWS, Azure, or GCP) and the implementation of vulnerability detection, reporting and remediation of security threats.• Knowledge of CIS Benchmarks and best practices for the secure configuration of information systems and applications.• Systems administrator experience in Linux, Unix, Windows or OSX operating systems.• Knowledge of networking and the common network protocols• Demonstrated ability to interpret and create complex scripts or automate processes in JavaScript, PowerShell, or Python• Knowledge of the following highly preferred: o Knowledge of vulnerabilities and exploit vectors used in attacks. o Operating systems, such as Windows, Linux, or OSX o Networking and the common network protocols o Operating System and application log analysisEducation/Previous Experience:• Typically requires a Bachelor's degree; 5 plus years of relevant experience. May have one or more technical or business-related certifications.• One or more of the following certifications or the ability to obtain within 1 year: o Web Application Penetration Tester (GWAPT) o Defensible Security Architecture (GDSA) o AWS Certified Cloud Practitioner o Microsoft Azure Fundamentals (AZ-900)Competencies:• Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.• Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.• Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences.• Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise.• Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals.• Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

Knowledge, Skills, and Abilities:• Demonstrated ability to map web application vulnerability exploitation vectors commonly identified in the Open Worldwide Application Security Project (OWASP) Top 10.• Experience with cloud platforms (AWS, Azure, or GCP) and the implementation of vulnerability detection, reporting and remediation of security threats.• Knowledge of CIS Benchmarks and best practices for the secure configuration of information systems and applications.• Systems administrator experience in Linux, Unix, Windows or OSX operating systems.• Knowledge of networking and the common network protocols• Demonstrated ability to interpret and create complex scripts or automate processes in JavaScript, PowerShell, or Python• Knowledge of the following highly preferred: o Knowledge of vulnerabilities and exploit vectors used in attacks. o Operating systems, such as Windows, Linux, or OSX o Networking and the common network protocols o Operating System and application log analysisEducation/Previous Experience:• Typically requires a Bachelor's degree; 5 plus years of relevant experience. May have one or more technical or business-related certifications.• One or more of the following certifications or the ability to obtain within 1 year: o Web Application Penetration Tester (GWAPT) o Defensible Security Architecture (GDSA) o AWS Certified Cloud Practitioner o Microsoft Azure Fundamentals (AZ-900)Competencies:• Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw conclusions.• Communication: Clearly convey information and ideas through a variety of media to individuals or groups in a manner that engages the audience and helps them understand and retain the message.• Exercising Judgment and Decision Making: Use effective approaches for choosing a course of action or developing appropriate solutions; recommend or take action that are consistent with available facts, constraints, and probable consequences.• Technical and Professional Knowledge: Demonstrate a satisfactory level of technical and professional skill, or knowledge, in position-related areas; remain current with developments and trends in areas of expertise.• Building Effective Relationships: Develop and use collaborative relationships to facilitate the accomplishment of work goals.• Client Focus: Make internal and external clients, and their needs, a primary focus of actions; develop and sustain productive client relationships.

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.

We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcomes
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm

At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view.

We expect our associates at all levels to:
• Grow professionally and inspire others to do the same
• Work with and through others to achieve desired outcomes
• Make prompt, pragmatic choices and act with the client in mind
• Take ownership and hold themselves and others accountable for delivering results that matter
• Contribute to the continuous evolution of the firm

At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates.  When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs.