Cyber Incident Response Job Description
Cyber incident response
provides assistance and support as requested to Security Engineering, IDM Engineering, Network Engineering, Security Risk Management and/or Information Security Ops.
Cyber Incident Response Duties & Responsibilities
To write an effective cyber incident response job description, begin by listing detailed duties, responsibilities and expectations. We have included cyber incident response job description templates that you can modify and use.
Sample responsibilities for this position include:
Direct, guide, and oversee the activities of incident response and analytical staff who are charged with the analysis of threat identification information from an array of sensors and the rapid resolution of any identified threats
Provide oversight to incident response activities (triage, root cause analysis, escalations, notifications, communication, ) and develop strategies to contain and eradicate the incident
Serve as a subject matter expert in the identification of cyber threat events and incident response
Develop and refine processes, procedures, and techniques used by the team to continually improve operational excellence
Recruit, develop, and retain a talented group of security operations and incident response professionals for this vital function
Participate in Cyber Incident Response Team (CIRT) rotation that may involve non-traditional working hours
Create and update documentation related to security incidents, security controls and PCI
Provide follow-the-sun coverage in conjunction with other members of the CSIRT Team to respond to computer security incidents
Identify both tactical and strategic solutions to contain incidents
This position is staffed in shifts supporting a 24x7x365 global security operations center
Cyber Incident Response Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Cyber Incident Response
List any licenses or certifications required by the position: SANS, CISSP, ITIL, GCIH, CISM, GCIA, GCFA, GIAC, GCFE, CEH
Education for Cyber Incident Response
Typically a job would require a certain level of education.
Employers hiring for the cyber incident response job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Technical, Information Technology, Education, Engineering, Information Systems, Information Security, Cyber Security, Computer Engineering, Technology
Skills for Cyber Incident Response
Desired skills for cyber incident response include:
HTTP
SMB
Security controls
Techniques
How common protocols and applications work at the network level
ITIL based service delivery principles and best practices
Incident response
Network engineering
Security engineering
Software
Desired experience for cyber incident response includes:
Broad work experience that spans of the information security functions - policy development, education, executing penetration testing and application vulnerability assessments, risk analysis and compliance testing
The ability to work at speed, under pressure
Contribute to projects that enhance the security posture of the enterprise
A minimum of 3 to 5 years of work experience supporting technical or support operations
A bachelor’s degree in a technical discipline or a professional certification
Experience with Security Incident Handling / Security System Administration in an ISP, large-scale network environment, or Large Enterprise, or equivalent work experience in a Managed Security Service Provider organization
Cyber Incident Response Examples
1
Cyber Incident Response Job Description
Job Description Example
Our innovative and growing company is hiring for a cyber incident response. If you are looking for an exciting place to work, please take a look at the list of qualifications below.
Responsibilities for cyber incident response
- Maintain current with new developments in the security industry including alerts, bugs, vulnerabilities and viruses
- Instill and foster a culture of excellence, integrity, and professionalism
- Conduct reviews of threat analysis activities performed by staff members to identify important trends and opportunities for improvement
- Recommend courses of action based on analysis of both existing and emerging threats
- Provide leadership and guidance to both technical teams and business leaders during large incident responses and major cases
- Provide guidance and mentor technical staff on incident handling and serve as an escalation point for analysts and malware specialists
- Respond to and assist with assessments and compliance requests
- Work with colleagues in other technology departments the business and product offices to establish effective, productive business relationships
- Manage your own workload
- Deliver on time and to a high standard
Qualifications for cyber incident response
- Must be able to work on round-the-clock shifts, rotating or fixed
- Proven experience in conducting investigative interviews, including writing memorandums of interviews
- Advanced experience with Python scripting language
- Bachelor's degree in computer science, electrical engineering, information systems, or a related technical discipline with 12 years of relevant professional experience directly related to information security, cyber, or computer network defense
- Possess a good understanding of several common security tools, such as a SIEM, logging and forensics tools
- Demonstrated ability to establish well-defined procedures and appropriate mitigations strategies derived from post incident analysis and lessons learned
2
Cyber Incident Response Job Description
Job Description Example
Our company is looking to fill the role of cyber incident response. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for cyber incident response
- Developing a role within the Forensic Technology team as a whole, supporting internal development opportunities and helping to grow the practice
- Analyze forensic evidence for security incidents and disciplinary or criminal investigations
- Conduct network packet analysis using commercial and open source tools
- Analyze malware and system forensics to determine level of impact
- In conjunction with the Sr
- Initiate computer incident handling procedures as needed to identify, contain and remediate actual or potential security-related compromises
- Conduct analysis of computer security advisories, vulnerability scans, and cyber intelligence threat reports in order to improve the company IT security posture
- Proactively study and detect threats to the corporation
- Perform phishing, spam, malware or forensic analysis as part of the incident management process
- Perform sensitive security investigations in a manner consistent with industry standards with regards to computer and network forensics services
Qualifications for cyber incident response
- Experience in leading a team with a proven ability in developing talent, including identifying and attracting talent and creating an organization that is viewed as a highly attractive place to work
- Strong leadership, organization, and process management skills
- Previous experience in effectively utilizing intel driven defense
- Eligibility for and willingness to obtain a US Secret or higher clearance, if required
- Deploy, install, manage, and operate McAfee ESM Security Information Event Manager
- Deploy, install, manage, and operate file integrity monitoring systems
3
Cyber Incident Response Job Description
Job Description Example
Our innovative and growing company is looking for a cyber incident response. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for cyber incident response
- Facilitate the integration of threat and data feeds for the purposes of incident response
- Assist Incident Response coordination efforts with internal (ITS) and external organizations (law enforcement or Inspector General)
- Assist with all phases of research maintenance and support of digital forensics lab infrastructure, including evidence handling, tracking evidence inventory, configuring network equipment, updating software, and other related activities
- Assist with other Incident Response and Forensic activities related to computer security incidents for NYS, as assigned
- Work with the Firm’s SOC to respond to emerging incidents in a timely manner
- Response to security incidents across a wide array of technologies
- Evaluate and/or Implement IS solutions and controls to ensure data security and integrity for CDK clients
- Protects computer assets by developing security strategies
- Review new IR tickets and perform initial analysis
- Review daily reports from security tools and respond as necessary
Qualifications for cyber incident response
- Deploy, install, manage, and operate Intrusion Detection/Prevention Systems
- Customize and create rules and signatures for IDS/IPS to meet emerging vulnerabilities and provide enhanced detection capabilities
- Perform daily vulnerability check using multiple intelligence gathering sources and provide written summaries of threat and vulnerability information
- Coordinate with Client team to ensure all devices and components report all logs to the Security Information Event Manager and perform troubleshooting and maintenance of assets
- Update and/or assist the hosted system's personnel in updating artifacts of the Risk Management Framework (RMF)
- Will possess both Baseline and Computing Environment certification as defined in DoD Instruction 8570.01M
4
Cyber Incident Response Job Description
Job Description Example
Our innovative and growing company is looking for a cyber incident response. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for cyber incident response
- Assisting phishing team with email analysis and provide responses to customers
- Conduct cyber threat intel research in support of open IR cases
- Work with IR team members to develop and produce the monthly metrics and scorecards
- Perform data analysis in support of weekly cyber threat briefs to InfoSec leadership
- Perform OSINT in support of IR and Phishing team
- Develop scripts to automate the analysis of CTI data
- Perform data analysis and research in support of “Quarterly Review” product
- Perform research on cyber threat and cyber enabled piracy groups
- Build out threat actor/malware/TTP profiles for SharePoint
- Backup the CIRT Director and be the Technical CIRT Commander when needed, and or by rotation
Qualifications for cyber incident response
- The Computing Environment certification can include CompTIA Server+, Microsoft, RedHat, or Solaris professional certifications or training as defined in DoDi 8570.01M
- This position requires you have an Interim DOD Secret or higher
- Work is located in Radford VA
- A minimum 4 years Information Assurance experience in DOD environments
- DoD 8570.01M IAM level II certification (i.e., CISSP)
- Baseline certification as defined in DoD Instruction 8570.01M
5
Cyber Incident Response Job Description
Job Description Example
Our company is growing rapidly and is searching for experienced candidates for the position of cyber incident response. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for cyber incident response
- Direct global delivery of 24/7 cyber security incident response services and resources
- Oversee the development and maintenance of incident response standards, processes, and guidelines
- Coordinate incident response scenarios and routine exercises to ensure operational readiness
- Improve security monitoring efficiency and incident response tasks through automation and scripting
- Record and document security incidents, including analysis results, the timeline of events and incident response activities
- Develop and maintain incident response standards, processes, and guidelines
- Lead the delivery of incident response scenarios and routine exercises
- Participate in the analysis and development of improved standardized operating processes and procedures for the Cyber Command Center
- Coordinate with CyCom staff to validate network alerts
- Perform analysis of log files from individual host logs, network traffic logs, firewall logs, and intrusion detection system logs
Qualifications for cyber incident response
- An ability to build relationships and liaise with clients
- The ability to manage and prioritize workload
- Experience of delivering projects as part of a team
- Flexibility on working hours and a willingness to work on projects abroad
- Experience in Malware analysis and using analysis tools such as Splunk, Elastic search, RSA Analytics/NetWitness or similar
- Experience of performing computer forensic analysis in support of litigation and/or investigation