Incident Handler Job Description
Incident Handler Duties & Responsibilities
To write an effective incident handler job description, begin by listing detailed duties, responsibilities and expectations. We have included incident handler job description templates that you can modify and use.
Sample responsibilities for this position include:
Incident Handler Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Incident Handler
List any licenses or certifications required by the position: IAT, II, III, IAM, GCIH, SANS, CEH, GIAC, CISSP, ITIL
Education for Incident Handler
Typically a job would require a certain level of education.
Employers hiring for the incident handler job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Associate Degree in Information Security, Information Systems, Computer Science, Engineering, Technical, Education, Information Technology, Computer Engineering, Technology, Forensics
Skills for Incident Handler
Desired skills for incident handler include:
Desired experience for incident handler includes:
Incident Handler Examples
Incident Handler Job Description
- Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, logs from various types of security sensors
- Ensure an effective threat response
- Perform threat hunting within the available information sources
- Initiate incident response, dispatch and follow up on remediation actions
- Initiate process improvement actions to increase service performance of our SIEM and SOC
- Handle cyber security incidents in accordance with the incident response process
- Perform remote and onsite live response activities
- Analyze malware and/or other suspicious files/email messages
- Analyze volatile system data
- Collaborate with level one event handlers and to improve prevention and detection methods
- MUST meet DoD 8570 IAT Level II requirements (Security+ ce
- Tempo operations in accordance with established policies and best practices
- Volume events in accordance with established policies and best practices
- Have security certifications on your resume (CISSP, GCIH, GCFA, CEH, OSCP)
- Have knowledge and understanding of corporate IT security architecture, including network security
- 2+ years of experience with system administration, network engineering, and security engineering
Incident Handler Job Description
- Collaborate with security engineering teams to ensure proper function of tools used to support the incident response function
- Maintain proper documentation and creation of reports
- Provide on-call support to 24x7 security monitoring
- Contribute to GM cyber security incident response efforts
- Manages a growing team of incident response experts
- Performs actions in response to identified cyber intrusions
- Determines appropriate course of action in response to identified cyber security incidents or anomalous network activity
- Communicates with stakeholders and leaders to ensure incidents are managed appropriately
- Acts as incident command during small scale incidents and cyber response subject matter expert during large scale incidents
- Recommend enterprise protection measures based on incident trends
- Ability to facilitate customer requests regarding Cybersecurity threats and best practices
- Ability to monitor shared mailbox and ticket queues, communicate ownership and next steps within the team, and monitor internal social media for questions and reports pertaining to Cybersecurity
- Ability to work with a team to complete the mission while working well under pressure to rapidly scope and investigate incidents, as needed
- Ability to show originality and creativity in problem solving
- Ability to pay strict attention to detail and show a solution orientation
- Possession of excellent analytical, critical thinking, and logic skills
Incident Handler Job Description
- Prepares detailed recommendations for network defense improvements to close or mitigate incidents
- Recruits and mentors incident handler talent
- Documents impactful achievements of the team for leadership
- Be able to deploy nationally to respond to a critical incident within 2 hours of notification when on-call status
- Report, analyze, coordinate, and respond to any event or cyber incident for the purpose of mitigating any adverse operational or technical impact
- Extract meaningful info from technical reports and convert to documentation or summary reports that clearly conveys issues/status to leadership
- Coordinates the development and implementation of courses of action (COAs) that focus on containment, eradication, and recovery
- Ensure the timely response to cyber incidents through appropriate technical and operational channels in a way that promotes an accurate, meaningful, and comprehensive understanding of the cyber incident throughout its life cycle
- Effectively contain events and incidents and isolate systems to minimize any damage or impact to judicial information networks, systems, data, and services
- Ensure the effective coordination and communication of cyber incident information through appropriate channels and with appropriate stakeholders, other AO/DTS/ITSO organizations, and/or other government agencies
- Industry Recognized Information Security Certification, including CISSP, Security+, or SANS
- At least four (4) years of work experience in IT security or other related discipline
- High school diploma or GED with five (5)+ years work experience
- Proficient in the use of a laptop computer and related software
- Must have or be eligible to obtain United States passport
- United States citizenship and ability to obtain security clearance required
Incident Handler Job Description
- Perform additional analysis of escalations from Incident Triage Analyst and review Level 2 tickets
- Provide an effective and comprehensive response that includes the recovery of any affected systems and the return to a fully functioning, secure, operational state for all services and systems
- Understand patterns of activity and trends to characterize the threat and direct protective and defensive strategies
- Sometimes intelligence and technical information may come from sources unique to the CND environment, including sources outside the AO
- Document all findings and coordinating activities through the Judicial ticket tracking system HEAT
- Collaborate with Threat Monitoring event handlers and to improve prevention and detection methods
- Conducting digital forensics examinations utilizing a variety of tools
- Assessing and reporting on the nature and scope of compromises
- Supporting information security compliance efforts
- Processing security-related help tickets via the Remedy “Request for Service” application
- Computer proficiency with MS Office application experience including Word, Excel, Project and PowerPoint
- Familiarity with core concepts of security incident response, , the typical phases of response, vulnerabilities vs threats vs actors, Indicators of Compromise (IoCs)
- Incident Handler will maintain twenty four (24) hours a day, seven (7) days a week, three hundred sixty five (365) days per year, incident handling capability
- Working with other members of the IT Security team, researches, designs, and advocates new technologies, architectures, and security products that will support security requirements for the enterprise and its customers, business partners and vendors
- Research and analyze potential impact of new threats and exploits and communicate risks to relevant business units
- Relevant technical security certifications (GIAC, OSCP, EC-Council, ISC-2 )
Incident Handler Job Description
- Analyze volatile system data.Collaborate with level one event handlers and to improve prevention and detection methods
- Lead Incident Handling efforts
- Processing security-related requests via the Remedy Request for Service application
- Be an in-house subject matter expert in the Computer Emergency Response Team (CERT), who diligently handles information security incidents by leading and coordinating investigations with internal and external stakeholders a forensics team
- Create security incident reports and dashboards upon the request of management
- Analyse System, Security and Application alerts raised to CERT to recognise and respond to abnormal activity, threats, and vulnerabilities
- Support the SIEM solution, by improving the visibility of security incidents by defining and optimizing use-cases
- Research emerging technologies to design, develop and implement automated tools to increase incident response efficiency
- Report key performance indicators to management for team activities
- Help to improve the CERT process excellence by maintaining information security documentation
- Knowledge of network protocols, enterprise architecture, and common network logging functions
- Hands on experience with security tools, such as, Encase, Splunk, network forensic and capture tools, CarbonBlack, Tanium
- Ability to prioritize assignments and efforts in a complex work environment
- Direct working knowledge of enterprise incident management systems
- Industry certifications such as CEH, CISA, Security + are desirable
- Experience work as part of a SOC or CSIRT team is desirable