Title: Lead Artificial Intelligence Cyber Security Engineer Location: FL - Saint Petersburg - 880 Carillon Pkwy Tower 2 Job Description: Job Description Summary The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation-states to criminals. In response, the Raymond James Cyber Threat Center (CTC) is charged with ensuring all equities are secure against all tiers of adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. You'll be working with emerging technologies to solve challenging security problems in a fast-paced and continually evolving environment while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm. The Lead Artificial Intelligence Cyber Security Engineer (SOAR/AI), is a key member of the Cyber Threat Center (CTC) responsible for driving the design, development, and operationalization of AI-enabled security capabilities within the organization. This role applies artificial intelligence (AI), machine learning (ML), and large language models (LLMs) to enhance threat detection, automate decision-making, and enable advanced cybersecurity use cases such as anomaly detection, threat hunting, and autonomous incident response. In addition, the engineer establishes and guides enterprise standards, policies, and governance frameworks for the responsible use of AI in cybersecurity, including model lifecycle management, risk mitigation, and compliance considerations. The role also leverages strong orchestration expertise and experience with ServiceNow to build and integrate intelligent automation solutions, utilizing technologies such as JavaScript, HTML, CSS, AngularJS, REST, and SOAP to support and scale security operations across the enterprise. Job Description Job Description This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 10-12 days a month. Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future. Essential Duties and Responsibilities: - Establish and guide enterprise standards for the responsible use of AI in cybersecurity, including governance, risk management, and compliance considerations. - Define and promote best practices for AI/ML model development, validation, deployment, and lifecycle management within security operations. - Develop, enhance, configure, and support ServiceNow Security Operations workflows, applications, integrations, forms, scripts, and custom artifacts. - Design, build, and maintain scalable automation solutions—including AI-enabled workflows—to improve threat detection, triage, and incident response efficiency. - Leverage Python programming and data science techniques to develop, operationalize, and optimize machine learning models and data-driven security use cases. - Develop and implement advanced data correlation, enrichment, and processing strategies leveraging automation, data science, AI/ML, and LLM capabilities for threat hunting and incident response analysis. - Apply AI engineering principles within security operations to design, deploy, and maintain intelligent detection and response capabilities. - Design and execute automated and intelligent response actions to validate, contain, eradicate, and remediate security incidents. - Architect, integrate, and operationalize AI and automation capabilities across security platforms and enterprise workflows. - Prototype, evaluate, and deploy emerging AI-driven technologies to enhance detection accuracy, reduce false positives, and accelerate response times. - Ensure Security Operations applications, automation pipelines, and incident ingestion processes remain healthy, resilient, and performant. - Drive continuous improvement by identifying gaps, recommending enhancements, and implementing innovative SOAR and AI-driven solutions. - Collaborate with incident response, threat intelligence, and threat hunting teams to strengthen detection and response capabilities. - Act as a technical SME and leader in SOAR and AI-driven cybersecurity, providing mentorship, strategic guidance, and continuously advancing technical expertise. Experience and Skills: - Experience should include a minimum of 6 years of programming experience with at least one modern language such as JavaScript or Python - Experience with API development and integration. - ServiceNow application and component development; Security Operations applications is preferred. - Experience in modern software engineering practices and principles, including AI/ML/GenAI, Agile methodologies and DevSecOps Licenses/Certifications: - One or more of the following certifications highly preferred: ServiceNow CSA, ServiceNow CAD, ServiceNow CIS-SIR, ServiceNow CIS-VR, CISSP, SANS GCIH (Incident Handler), SANS GCIA (Intrusion Analyst), Offensive Security Certified Professional (OSCP) Education Bachelor’s: Computer and Information Science, Bachelor’s: Information Technology, High School (HS) (Required) Work Experience General Experience - 6 to 10 years Certifications Travel Less than 25% Workstyle Hybrid The total compensation for this position includes base salary orwages, and may include components such as additional compensation (cash or equity), discretionary bonuses, or commissions. This position is eligible for a benefits package that may include medical, dental, and vision; life insurance; critical illness insurance and accident insurance; disability benefits; retirement savings; paid time off (including vacation, holidays, and sick leave); and parental leave. Eligibility for benefits and specific offerings may vary based on position and employment status. To view more details of the benefits offered, visit Myrjbenefits.com. At Raymond James our associates use five guiding behaviors (Develop, Collaborate, Decide, Deliver, Improve) to deliver on the firm's core values of client-first, integrity, independence and a conservative, long-term view. We expect our associates at all levels to: • Grow professionally and inspire others to do the same • Work with and through others to achieve desired outcomes • Make prompt, pragmatic choices and act with the client in mind • Take ownership and hold themselves and others accountable for delivering results that matter • Contribute to the continuous evolution of the firm At Raymond James – as part of our people-first culture, we honor, value, and respect the uniqueness, experiences, and backgrounds of all of our Associates. When associates bring their best authentic selves, our organization, clients, and communities thrive. The Company is an equal opportunity employer and makes all employment decisions on the basis of merit and business needs. #LI-TC1

• Perform investigations of security incidents using your knowledge of digital forensics and data analytics. • Use your coding, data analytics and investigation skills to hunt, detect and respond to threats. • Build automation and detection models to support identification of anomalous activity and response activities to mitigate threats at scale. • Hunt for threats in our corporate and production environments to proactively identify anomalous activity. • Work side by side with our engineering teams to build advanced detection solutions to help keep systems and information safe, and partner closely with partner teams to carry out complex investigations. • Identify gaps in our infrastructure, and work with business partners to gain visibility through logging and detection. • Collaborate well with cross-functional partner teams, such as Legal, Privacy, and Engineering for efficient, large-scale response.

• Build and evolve secure frameworks, guardrails, and library-level controls that make common vulnerability classes harder to introduce. • Design security controls for AI-assisted development — including reusable rule packs and skills that shape how engineers and coding agents generate, review, and ship code. • Embed security into the workflows engineers already use. • Drive product security reviews for new launches and major architectural changes. • Identify and eliminate systemic security debt. • Shape strategy, influence architecture, and drive execution across teams.

• Lead the security architecture of GitLab's endpoint fleet and related infrastructure, with a primary focus on macOS. • Design and support automation for secure endpoint deployment, configuration, and lifecycle management using code-based workflows. • Manage endpoint and SaaS security configuration through Terraform, version control, merge requests, continuous integration pipelines, and automated rollouts. • Define and enforce security baselines across macOS, iOS, Windows, and Linux endpoints. • Develop patching and software distribution approaches that align with security, compliance, and operational requirements. • Partner with Information Technology, Security Operations, and Detection and Response teams to improve endpoint telemetry, detections, and response models. • Drive process improvements that reduce manual work and lower risk by favoring automation, policy-driven controls, and auditable change management. • Mentor engineers across Corporate Security and Information Technology, and serve as a senior escalation point for complex endpoint security issues.