Cyber Incident Response Job Description
Cyber Incident Response Duties & Responsibilities
To write an effective cyber incident response job description, begin by listing detailed duties, responsibilities and expectations. We have included cyber incident response job description templates that you can modify and use.
Sample responsibilities for this position include:
Cyber Incident Response Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Cyber Incident Response
List any licenses or certifications required by the position: SANS, CISSP, ITIL, GCIH, CISM, GCIA, GCFA, GIAC, GCFE, CEH
Education for Cyber Incident Response
Typically a job would require a certain level of education.
Employers hiring for the cyber incident response job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Information Technology, Education, Engineering, Information Systems, Information Security, Cyber Security, Computer Engineering, Technology
Skills for Cyber Incident Response
Desired skills for cyber incident response include:
Desired experience for cyber incident response includes:
Cyber Incident Response Examples
Cyber Incident Response Job Description
- Maintain current with new developments in the security industry including alerts, bugs, vulnerabilities and viruses
- Instill and foster a culture of excellence, integrity, and professionalism
- Conduct reviews of threat analysis activities performed by staff members to identify important trends and opportunities for improvement
- Recommend courses of action based on analysis of both existing and emerging threats
- Provide leadership and guidance to both technical teams and business leaders during large incident responses and major cases
- Provide guidance and mentor technical staff on incident handling and serve as an escalation point for analysts and malware specialists
- Respond to and assist with assessments and compliance requests
- Work with colleagues in other technology departments the business and product offices to establish effective, productive business relationships
- Manage your own workload
- Deliver on time and to a high standard
- Must be able to work on round-the-clock shifts, rotating or fixed
- Proven experience in conducting investigative interviews, including writing memorandums of interviews
- Advanced experience with Python scripting language
- Bachelor's degree in computer science, electrical engineering, information systems, or a related technical discipline with 12 years of relevant professional experience directly related to information security, cyber, or computer network defense
- Possess a good understanding of several common security tools, such as a SIEM, logging and forensics tools
- Demonstrated ability to establish well-defined procedures and appropriate mitigations strategies derived from post incident analysis and lessons learned
Cyber Incident Response Job Description
- Developing a role within the Forensic Technology team as a whole, supporting internal development opportunities and helping to grow the practice
- Analyze forensic evidence for security incidents and disciplinary or criminal investigations
- Conduct network packet analysis using commercial and open source tools
- Analyze malware and system forensics to determine level of impact
- In conjunction with the Sr
- Initiate computer incident handling procedures as needed to identify, contain and remediate actual or potential security-related compromises
- Conduct analysis of computer security advisories, vulnerability scans, and cyber intelligence threat reports in order to improve the company IT security posture
- Proactively study and detect threats to the corporation
- Perform phishing, spam, malware or forensic analysis as part of the incident management process
- Perform sensitive security investigations in a manner consistent with industry standards with regards to computer and network forensics services
- Experience in leading a team with a proven ability in developing talent, including identifying and attracting talent and creating an organization that is viewed as a highly attractive place to work
- Strong leadership, organization, and process management skills
- Previous experience in effectively utilizing intel driven defense
- Eligibility for and willingness to obtain a US Secret or higher clearance, if required
- Deploy, install, manage, and operate McAfee ESM Security Information Event Manager
- Deploy, install, manage, and operate file integrity monitoring systems
Cyber Incident Response Job Description
- Facilitate the integration of threat and data feeds for the purposes of incident response
- Assist Incident Response coordination efforts with internal (ITS) and external organizations (law enforcement or Inspector General)
- Assist with all phases of research maintenance and support of digital forensics lab infrastructure, including evidence handling, tracking evidence inventory, configuring network equipment, updating software, and other related activities
- Assist with other Incident Response and Forensic activities related to computer security incidents for NYS, as assigned
- Work with the Firm’s SOC to respond to emerging incidents in a timely manner
- Response to security incidents across a wide array of technologies
- Evaluate and/or Implement IS solutions and controls to ensure data security and integrity for CDK clients
- Protects computer assets by developing security strategies
- Review new IR tickets and perform initial analysis
- Review daily reports from security tools and respond as necessary
- Deploy, install, manage, and operate Intrusion Detection/Prevention Systems
- Customize and create rules and signatures for IDS/IPS to meet emerging vulnerabilities and provide enhanced detection capabilities
- Perform daily vulnerability check using multiple intelligence gathering sources and provide written summaries of threat and vulnerability information
- Coordinate with Client team to ensure all devices and components report all logs to the Security Information Event Manager and perform troubleshooting and maintenance of assets
- Update and/or assist the hosted system's personnel in updating artifacts of the Risk Management Framework (RMF)
- Will possess both Baseline and Computing Environment certification as defined in DoD Instruction 8570.01M
Cyber Incident Response Job Description
- Assisting phishing team with email analysis and provide responses to customers
- Conduct cyber threat intel research in support of open IR cases
- Work with IR team members to develop and produce the monthly metrics and scorecards
- Perform data analysis in support of weekly cyber threat briefs to InfoSec leadership
- Perform OSINT in support of IR and Phishing team
- Develop scripts to automate the analysis of CTI data
- Perform data analysis and research in support of “Quarterly Review” product
- Perform research on cyber threat and cyber enabled piracy groups
- Build out threat actor/malware/TTP profiles for SharePoint
- Backup the CIRT Director and be the Technical CIRT Commander when needed, and or by rotation
- The Computing Environment certification can include CompTIA Server+, Microsoft, RedHat, or Solaris professional certifications or training as defined in DoDi 8570.01M
- This position requires you have an Interim DOD Secret or higher
- Work is located in Radford VA
- A minimum 4 years Information Assurance experience in DOD environments
- DoD 8570.01M IAM level II certification (i.e., CISSP)
- Baseline certification as defined in DoD Instruction 8570.01M
Cyber Incident Response Job Description
- Direct global delivery of 24/7 cyber security incident response services and resources
- Oversee the development and maintenance of incident response standards, processes, and guidelines
- Coordinate incident response scenarios and routine exercises to ensure operational readiness
- Improve security monitoring efficiency and incident response tasks through automation and scripting
- Record and document security incidents, including analysis results, the timeline of events and incident response activities
- Develop and maintain incident response standards, processes, and guidelines
- Lead the delivery of incident response scenarios and routine exercises
- Participate in the analysis and development of improved standardized operating processes and procedures for the Cyber Command Center
- Coordinate with CyCom staff to validate network alerts
- Perform analysis of log files from individual host logs, network traffic logs, firewall logs, and intrusion detection system logs
- An ability to build relationships and liaise with clients
- The ability to manage and prioritize workload
- Experience of delivering projects as part of a team
- Flexibility on working hours and a willingness to work on projects abroad
- Experience in Malware analysis and using analysis tools such as Splunk, Elastic search, RSA Analytics/NetWitness or similar
- Experience of performing computer forensic analysis in support of litigation and/or investigation